swf.exe

First submission 2024-09-27 18:03:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 3220.8 KB (3298104 bytes)
Compile time: 1992-06-20 00:22:17
MD5: 5f3d49bffed0da5d969582bd92fed715
SHA1: 6efbd680de90af1c2ac13eb1a781b3797f6714e4
SHA256: a166a398a327a98b73d33c3ffd0ae68ae1538a79678e4e16c5977aadfa46a395
Import Hash : 884310b1928934402ea6fec1dbd3cf5e
Sections 8 CODE DATA BSS .idata .tls .rdata .reloc .rsrc
Directories 3 import resource tls

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 14/77 VT report date: 2024-09-27 17:33:02
Malware Type 1 trojan
Threat Type 1 munp

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://176.113.115.95/thebig/swf.exe VirusTotal Report 176.113.115.95 VirusTotal Report 2024-09-27 18:03:03

PE Sections 4 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
CODE 0x1000 0x9d30 40448 b90277c50a0336f933b0e419e61bbbd83ff6ea26 04ffdb46e50716ec8cb7db42819802fd
DATA 0xb000 0x250 1024 2501181070a2c1a15e3cba4fc93e4a7216f555e3 beee52f18301950f82460d9ffe5aec7e
BSS 0xc000 0xe90 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0xd000 0x950 2560 40a39d9e8c8cecd5356ab96745d82d2ebfe17cfb bb5485bf968b970e5ea81292af2acdba
.tls 0xe000 0x8 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xf000 0x18 512 f43ee83e6afa1c343ff6db68e13efde43471cbb6 9ba824905bf9c7922b6fc87a38b74366
.reloc 0x10000 0x8c4 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x11000 0x2c00 11264 39a9f24dd6abd9087ac971032117b588740da5e9 5305601982e1fdf0c6302dfb1a01e5a8

PE Resources 6

Name Language Sublanguage Offset Size Data
RT_ICON LANG_DUTCH SUBLANG_DUTCH 0x11ccc 2216
RT_STRING LANG_NEUTRAL SUBLANG_NEUTRAL 0x12f60 174
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x13010 44
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x1303c 62
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x1307c 1268
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x13570 1580

Meta infos 8

LegalCopyright:
FileVersion: 2.4.9.27
CompanyName:
ProductVersion: 2.4.9.27
FileDescription: Gerda Video Recorder
Translation: 0x0000 0x04b0
Comments: This installation was built with Inno Setup.
ProductName: Gerda Play3 SE

Packers detected 2

Borland Delphi 3.0 (???)
Borland Delphi 4.0

Anti debug functions 2

GetLastError
RaiseException

Strings analysis - File found

Library
OLEAUT32.dll
USER32.dll
COMCTL32.dll
ADVAPI32.dll
KERNEL32.dll
SHELL32.dll

Strings analysis - Possible IPs found 1

2.4.9.27

Strings analysis - Possible URLs found 2

http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline

Import functions

Name Latest seen MD5
Bolt.exe 2022-09-16 21:14:03 ad8f55814ccaee68b12c96f1ccb8bb6a
Bolt.exe 2022-10-18 08:10:02 c0b4de4f711b7c28369d7a4018f94759
Bolt.exe 2022-10-22 23:14:05 5fe1f92b221d98a8504139a2792265f8
Bolt.exe 2022-10-29 17:35:02 96ecd3b0e089a8953f2c94886388b0a6
Bolt.exe 2022-11-02 21:47:06 aa290cfe7546e91e88278a1c4b83440f
Bolt.exe 2022-11-10 20:32:09 0c51d5838eaa310b8d009ab265c1846e
Bolt2.exe 2022-11-19 17:46:02 501c0b729f6ee275a7108f1a1f1396a2
Ins.exe 2022-11-22 08:15:03 e91e8a603108c29db5d1a1ba1c8123fd
Ins.exe 2022-11-24 08:15:02 a0c71ff42da76357bfb0a0ac582fbe51
TUN.exe 2022-11-30 18:34:03 c4807ea6c4ee04746a88248c855cb71d
TUN3.exe 2022-12-07 14:11:04 f59160f8bf6d380cdecbd2db94c61deb
CR1.exe 2022-12-23 18:35:03 6e350138bf803bf52671cc58200ebbd4
CR1.exe 2022-12-28 21:27:02 948be59744613ac01f77af62e97d3280
invoice150.exe 2022-12-29 13:42:26 4483a1b08653e49979c838757570e8d1
se.exe 2023-01-04 13:57:02 b4c782a4773d0ebf9a3f5ae21f115788
JOJ.exe 2023-01-08 17:31:02 662067d94f55b7081f876ae097732979
DZ11.exe 2023-01-12 21:13:02 c296f6d7c3ce6dad67003a5777a6da0a
LLP1.exe 2023-01-16 12:18:02 31676b02114e92e2de69d7ea17c307f1
pineapple.php?pub=mixinte 2023-01-16 17:35:02 91641f679a6821fe03b64754cb653533
Lfon.exe 2023-01-19 14:22:04 00f18040c4895217862f7527c13ec1fc
denv1.exe 2023-01-23 10:22:03 aac2bd9d315bf537768640a7f1691e6d
ga3ga31.exe 2023-01-25 18:26:04 011ac634029778c508607533853e4c9e
xyzrtye.exe 2023-01-30 08:01:02 4ca2c6f98e9dcd7a4033f8c538a709d3
git1.exe 2023-02-01 11:35:03 cb24a5f7ecdb871ce971af4de1a28efd
test3.exe 2023-02-04 08:20:02 92d8874c9bccf6efe5794d190c6f0aae
yountamindi1.exe 2023-02-11 09:06:07 400430fea124268ddd11ef5e3996e83e
b1.exe 2023-02-11 10:30:05 2147eaedc94040e2182309464e76a45e
Bolt.exe 2023-02-27 07:44:02 fb795346665ad27af95872302e838827
1.exe 2023-03-23 17:34:04 7429ee8b83fcbb48fe5b383a6235ac1d
FL2.exe 2023-04-13 07:00:02 65f8ca11d9a18baf3fecf7797b9ba867
PEP2.exe 2023-05-25 06:55:01 0b79fbf16b76bd0ff14e9d079e40e889
060.exe 2024-05-15 01:48:02 154243bf5a1b7f1e59e747136827f5b8
crt.exe 2024-05-15 11:33:02 f389886d4248ac5706fd1aa0c30ef6a4
crt.exe 2024-05-21 11:33:02 a628c8ebb4b815beb9200025122e2d38
070.exe 2024-06-24 09:14:02 f1d29fddb47e42d7dbf2cf42ba36cc72
csrss.exe 2024-07-16 10:34:04 12c26ab43202d2ef17553eeb17376c2a
noode.exe 2024-09-20 12:28:02 51e2f3d0204209a7eef3efc65131f3c2
getlab.exe 2024-09-22 14:00:01 36e38d743f3e7ab19b5532bc796ce8c6
stories.exe 2024-09-24 20:38:02 d95075fa0cc023415833d7569d65adc0
noode.exe 2024-09-24 20:36:02 5e929dc6a58c8d6b8fc44decc5a5c68c
getlab.exe 2024-09-24 20:39:03 adc5b5d6cc68c50d7d9ff53f272db29b
8uftp_setup.exe 2024-09-28 16:13:10 adbbd833e374a20cfe9dd4bbdb746eb6
66c371744eb05_crt2.exe 2024-10-03 14:21:03 34631daee5d4765989d302a86210dd64