swift-bypass-breakpoints.exe

First submission 2024-10-17 18:34:03

File details

File type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type:	application/x-dosexec
File size:	100.0 KB (102400 bytes)
Compile time:	2024-09-17 20:21:05
MD5:	20c633524cd5febea9dc735458b4c382
SHA1:	fb4580589ae597b7d0ed7ac64cac765ccef1fd28
SHA256:	12d1b3cfd5b410cc39cd4b74a699c4d31846f551fae776a542f4d26d45c61808
Sections 6	.text .data .rdata .edata .idata .reloc
Directories 3	import export relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	38/77 VT report date: 2024-10-11 15:04:37
Malware Type 1	trojan
Threat Type 3	havoc havokiz marte

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://169.1.16.29/swift-bypass-breakpoints.exe	169.1.16.29	2024-10-17 18:34:03

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5	Suspicious
.text	0x1000	0x17680	96256	afc3aa75e813d0e5c80139add99e39ef88036817	ce967e38392020a6072f57795a2ec815
.data	0x19000	0x960	2560	ed67cd436508e5beb02f324e417965aaae334572	167c7f3476dee52791bcf78e51c613c0
.rdata	0x1a000	0x2e0	1024	6875c4a2c7a370f1124d023ff0446fe6757b03ce	f2d3e05b699537879063e0a2e221085a
.edata	0x1b000	0x36	512	d4d26d65d485f3bc1a04a9cf29aad5143e3d3f10	748313fb04663e9ccb205dd20d2016bd
.idata	0x1c000	0x14	512	5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5	bf619eac0cdf3f68d496ea9344137e8b
.reloc	0x1d000	0xec	512	a7c573119b1d44a2f7ae3879a848bb43db84cdb3	285bb24486a4bb73835695c37bba67b2

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)