swf.exe

First submission 2024-10-14 22:10:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	4322.13 KB (4425861 bytes)
Compile time:	1992-06-20 00:22:17
MD5:	243bc25631e2f0dcfc8dbcdcdd0d886e
SHA1:	ef0da7b9bd0331f958773f8963679500c0c0db01
SHA256:	0c41eb21ae94b114e165b3196accbb6e1457e7a0f579e18a001a26b50656ba4f
Import Hash :	884310b1928934402ea6fec1dbd3cf5e
Sections 8	CODE DATA BSS .idata .tls .rdata .reloc .rsrc
Directories 3	import resource tls

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://46.8.229.59/thebig/swf.exe	46.8.229.59	2024-10-14 22:10:02

PE Sections 4 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
CODE	0x1000	0x8fe0	36864	6eddef5fd230aab076a2fe4f265e8a9f7facccd8	61e836cac9c673512632038dd84ce39d
DATA	0xa000	0x248	1024	a8d55b6b7fbd0c51600e9a9cfba4ce6e0936132a	1605dbc615f9347957e3d584e5f6343d
BSS	0xb000	0xe34	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.idata	0xc000	0x950	2560	e49e2b7cb13448780832c319b573685a5082edd7	bd5bdc394dd9459844ea032b48349bc1
.tls	0xd000	0x8	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.rdata	0xe000	0x18	512	217e47adc0fbd0a02677f10d9af22bb5dc7739cf	d293bf8d4ebe9826d58e1d27c25fe4b6
.reloc	0xf000	0x8a8	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.rsrc	0x10000	0x3000	10240	89268eb03f05e2b040eb2f2f060b940a16fbe881	dc17271102df91847964239fcb21e164

PE Resources 6

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_DUTCH	SUBLANG_DUTCH	0x10ccc	2216	PE Resource: RT_ICON - Data ( @""")))UUUMMMBBB999\|PP3f333f3333f3ffffff3f3ff333f333333333f33333333f33f3ff3f3f3f3333f3333333f333333f3333f3ffffff3f33ff3f3f3f3fff3ffffffffff3fffffff3fffff3fff333f3f3ff3ff33f3ff3f3f333f3333f3ffffff3f3f3f3f333f3333f3ffffff3f3f3ffffffffff!___wwwCCCX1CCX10CX10C10C0CCCCXXCXXRssCXXRsxCXRRsCRsxCxCCzz1111MMM^zz1111MM^^zz1111M^^zz1111^^^zz111z^^^zz11zz^^^zz1zzz^^zzp ??`?`???
RT_STRING	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x11f60	174
RT_RCDATA	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x12010	44
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x1203c	62
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x1207c	1020	PE Resource: RT_VERSION - Data 4VS_VERSION_INFO?ZStringFileInfo6040904e4FCommentsThis installation was built with Inno Setup: http://www.innosetup.com=CompanyName =FileDescriptionGlass Video Converter Setup JFileVersion eLegalCopyright DVarFileInfo$Translation
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x12478	887	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='asInvoker' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> <assemblyIdentity name="JR.Inno.Setup" processorArchitecture="x86" version="1.0.0.0" type="win32"/> <description>Inno Setup</description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency> </assembly>

Meta infos 6

LegalCopyright:
FileVersion:
CompanyName:
Translation:	0x0409 0x04e4
FileDescription:	Glass Video Converter Setup
Comments:	This installation was built with Inno Setup: http://www.innosetup.com

Packers detected 4

Borland Delphi 3.0 (???)
Borland Delphi 4.0
Inno Installer v5.1.2] ;collides with: Borland Delphi 2.0 [Overlay
Inno Setup Module v5

Anti debug functions 2

GetLastError
RaiseException

Strings analysis - File found

Library
OLEAUT32.dll
USER32.dll
COMCTL32.dll
ADVAPI32.dll
KERNEL32.dll
SHELL32.dll

Strings analysis - Possible URLs found 1

http://www.innosetup.com

Import functions

advapi32.dll 6 kernel32.dll 71 oleaut32.dll 5 user32.dll 13 comctl32.dll 1

Function	Address	Souspicious	Anti Debug
RegQueryValueExA	0x40c148
RegOpenKeyExA	0x40c14c
RegCloseKey	0x40c150
OpenProcessToken	0x40c154
LookupPrivilegeValueA	0x40c158
AdjustTokenPrivileges	0x40c24c

Function	Address	Souspicious	Anti Debug
DeleteCriticalSection	0x40c0b4
LeaveCriticalSection	0x40c0b8
EnterCriticalSection	0x40c0bc
InitializeCriticalSection	0x40c0c0
VirtualFree	0x40c0c4
VirtualAlloc	0x40c0c8
LocalFree	0x40c0cc
LocalAlloc	0x40c0d0
WideCharToMultiByte	0x40c0d4
TlsSetValue	0x40c0d8
TlsGetValue	0x40c0dc
MultiByteToWideChar	0x40c0e0
GetModuleHandleA	0x40c0e4
GetLastError	0x40c0e8
GetCommandLineA	0x40c0ec
WriteFile	0x40c0f0
SetFilePointer	0x40c0f4
SetEndOfFile	0x40c0f8
RtlUnwind	0x40c0fc
ReadFile	0x40c100
RaiseException	0x40c104
GetStdHandle	0x40c108
GetFileSize	0x40c10c
GetSystemTime	0x40c110
GetFileType	0x40c114
ExitProcess	0x40c118
CreateFileA	0x40c11c
CloseHandle	0x40c120
WriteFile	0x40c160
VirtualQuery	0x40c164
VirtualProtect	0x40c168
VirtualFree	0x40c16c
VirtualAlloc	0x40c170
Sleep	0x40c174
SizeofResource	0x40c178
SetLastError	0x40c17c
SetFilePointer	0x40c180
SetErrorMode	0x40c184
SetEndOfFile	0x40c188
RemoveDirectoryA	0x40c18c
ReadFile	0x40c190
LockResource	0x40c194
LoadResource	0x40c198
LoadLibraryA	0x40c19c
IsDBCSLeadByte	0x40c1a0
GetWindowsDirectoryA	0x40c1a4
GetVersionExA	0x40c1a8
GetUserDefaultLangID	0x40c1ac
GetSystemInfo	0x40c1b0
GetSystemDefaultLCID	0x40c1b4
GetProcAddress	0x40c1b8
GetModuleHandleA	0x40c1bc
GetModuleFileNameA	0x40c1c0
GetLocaleInfoA	0x40c1c4
GetLastError	0x40c1c8
GetFullPathNameA	0x40c1cc
GetFileSize	0x40c1d0
GetFileAttributesA	0x40c1d4
GetExitCodeProcess	0x40c1d8
GetEnvironmentVariableA	0x40c1dc
GetCurrentProcess	0x40c1e0
GetCommandLineA	0x40c1e4
GetACP	0x40c1e8
InterlockedExchange	0x40c1ec
FormatMessageA	0x40c1f0
FindResourceA	0x40c1f4
DeleteFileA	0x40c1f8
CreateProcessA	0x40c1fc
CreateFileA	0x40c200
CreateDirectoryA	0x40c204
CloseHandle	0x40c208

Function	Address	Souspicious	Anti Debug
VariantChangeTypeEx	0x40c130
VariantCopyInd	0x40c134
VariantClear	0x40c138
SysStringLen	0x40c13c
SysAllocStringLen	0x40c140

Function	Address	Souspicious	Anti Debug
MessageBoxA	0x40c128
TranslateMessage	0x40c210
SetWindowLongA	0x40c214
PeekMessageA	0x40c218
MsgWaitForMultipleObjects	0x40c21c
MessageBoxA	0x40c220
LoadStringA	0x40c224
ExitWindowsEx	0x40c228
DispatchMessageA	0x40c22c
DestroyWindow	0x40c230
CreateWindowExA	0x40c234
CallWindowProcA	0x40c238
CharPrevA	0x40c23c

Function	Address	Souspicious	Anti Debug
InitCommonControls	0x40c244

Name	Latest seen	MD5
Bolt.exe	2022-09-16 21:14:03	ad8f55814ccaee68b12c96f1ccb8bb6a
Bolt.exe	2022-10-18 08:10:02	c0b4de4f711b7c28369d7a4018f94759
Bolt.exe	2022-10-22 23:14:05	5fe1f92b221d98a8504139a2792265f8
Bolt.exe	2022-10-29 17:35:02	96ecd3b0e089a8953f2c94886388b0a6
Bolt.exe	2022-11-02 21:47:06	aa290cfe7546e91e88278a1c4b83440f
Bolt.exe	2022-11-10 20:32:09	0c51d5838eaa310b8d009ab265c1846e
Bolt2.exe	2022-11-19 17:46:02	501c0b729f6ee275a7108f1a1f1396a2
Ins.exe	2022-11-22 08:15:03	e91e8a603108c29db5d1a1ba1c8123fd
Ins.exe	2022-11-24 08:15:02	a0c71ff42da76357bfb0a0ac582fbe51
TUN.exe	2022-11-30 18:34:03	c4807ea6c4ee04746a88248c855cb71d
TUN3.exe	2022-12-07 14:11:04	f59160f8bf6d380cdecbd2db94c61deb
CR1.exe	2022-12-23 18:35:03	6e350138bf803bf52671cc58200ebbd4
CR1.exe	2022-12-28 21:27:02	948be59744613ac01f77af62e97d3280
invoice150.exe	2022-12-29 13:42:26	4483a1b08653e49979c838757570e8d1
se.exe	2023-01-04 13:57:02	b4c782a4773d0ebf9a3f5ae21f115788
JOJ.exe	2023-01-08 17:31:02	662067d94f55b7081f876ae097732979
DZ11.exe	2023-01-12 21:13:02	c296f6d7c3ce6dad67003a5777a6da0a
LLP1.exe	2023-01-16 12:18:02	31676b02114e92e2de69d7ea17c307f1
pineapple.php?pub=mixinte	2023-01-16 17:35:02	91641f679a6821fe03b64754cb653533
Lfon.exe	2023-01-19 14:22:04	00f18040c4895217862f7527c13ec1fc
denv1.exe	2023-01-23 10:22:03	aac2bd9d315bf537768640a7f1691e6d
ga3ga31.exe	2023-01-25 18:26:04	011ac634029778c508607533853e4c9e
xyzrtye.exe	2023-01-30 08:01:02	4ca2c6f98e9dcd7a4033f8c538a709d3
git1.exe	2023-02-01 11:35:03	cb24a5f7ecdb871ce971af4de1a28efd
test3.exe	2023-02-04 08:20:02	92d8874c9bccf6efe5794d190c6f0aae
yountamindi1.exe	2023-02-11 09:06:07	400430fea124268ddd11ef5e3996e83e
b1.exe	2023-02-11 10:30:05	2147eaedc94040e2182309464e76a45e
Bolt.exe	2023-02-27 07:44:02	fb795346665ad27af95872302e838827
1.exe	2023-03-23 17:34:04	7429ee8b83fcbb48fe5b383a6235ac1d
FL2.exe	2023-04-13 07:00:02	65f8ca11d9a18baf3fecf7797b9ba867
PEP2.exe	2023-05-25 06:55:01	0b79fbf16b76bd0ff14e9d079e40e889
060.exe	2024-05-15 01:48:02	154243bf5a1b7f1e59e747136827f5b8
crt.exe	2024-05-15 11:33:02	f389886d4248ac5706fd1aa0c30ef6a4
crt.exe	2024-05-21 11:33:02	a628c8ebb4b815beb9200025122e2d38
070.exe	2024-06-24 09:14:02	f1d29fddb47e42d7dbf2cf42ba36cc72
csrss.exe	2024-07-16 10:34:04	12c26ab43202d2ef17553eeb17376c2a
noode.exe	2024-09-20 12:28:02	51e2f3d0204209a7eef3efc65131f3c2
getlab.exe	2024-09-22 14:00:01	36e38d743f3e7ab19b5532bc796ce8c6
stories.exe	2024-09-24 20:38:02	d95075fa0cc023415833d7569d65adc0
noode.exe	2024-09-24 20:36:02	5e929dc6a58c8d6b8fc44decc5a5c68c
getlab.exe	2024-09-24 20:39:03	adc5b5d6cc68c50d7d9ff53f272db29b
swf.exe	2024-09-27 18:03:03	5f3d49bffed0da5d969582bd92fed715
8uftp_setup.exe	2024-09-28 16:13:10	adbbd833e374a20cfe9dd4bbdb746eb6
66c371744eb05_crt2.exe	2024-10-03 14:21:03	34631daee5d4765989d302a86210dd64

swf.exe

File details

File features detected

URLs, FQDN and IP indicators 1

PE Sections 4 suspicious

PE Resources 6

Meta infos 6

Packers detected 4

Anti debug functions 2

Strings analysis - File found

Strings analysis - Possible URLs found 1

Import functions

Related files by ImpHash 44 884310b1928934402ea6fec1dbd3cf5e