swf.exe
First submission 2024-09-27 18:03:03
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 3220.8 KB (3298104 bytes) |
Compile time: | 1992-06-20 00:22:17 |
MD5: | 5f3d49bffed0da5d969582bd92fed715 |
SHA1: | 6efbd680de90af1c2ac13eb1a781b3797f6714e4 |
SHA256: | a166a398a327a98b73d33c3ffd0ae68ae1538a79678e4e16c5977aadfa46a395 |
Import Hash : | 884310b1928934402ea6fec1dbd3cf5e |
Sections 8 | CODE DATA BSS .idata .tls .rdata .reloc .rsrc |
Directories 3 | import resource tls |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 14/77 VT report date: 2024-09-27 17:33:02 |
Malware Type 1 | trojan |
Threat Type 1 | munp |
URLs, FQDN and IP indicators 1
PE Sections 4 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
CODE | 0x1000 | 0x9d30 | 40448 | b90277c50a0336f933b0e419e61bbbd83ff6ea26 | 04ffdb46e50716ec8cb7db42819802fd | |
DATA | 0xb000 | 0x250 | 1024 | 2501181070a2c1a15e3cba4fc93e4a7216f555e3 | beee52f18301950f82460d9ffe5aec7e | |
BSS | 0xc000 | 0xe90 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.idata | 0xd000 | 0x950 | 2560 | 40a39d9e8c8cecd5356ab96745d82d2ebfe17cfb | bb5485bf968b970e5ea81292af2acdba | |
.tls | 0xe000 | 0x8 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.rdata | 0xf000 | 0x18 | 512 | f43ee83e6afa1c343ff6db68e13efde43471cbb6 | 9ba824905bf9c7922b6fc87a38b74366 | |
.reloc | 0x10000 | 0x8c4 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.rsrc | 0x11000 | 0x2c00 | 11264 | 39a9f24dd6abd9087ac971032117b588740da5e9 | 5305601982e1fdf0c6302dfb1a01e5a8 |
PE Resources 6
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_ICON | LANG_DUTCH | SUBLANG_DUTCH | 0x11ccc | 2216 | |
RT_STRING | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x12f60 | 174 | |
RT_RCDATA | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x13010 | 44 | |
RT_GROUP_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x1303c | 62 | |
RT_VERSION | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x1307c | 1268 | |
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x13570 | 1580 |
Meta infos 8
LegalCopyright: | |
FileVersion: | 2.4.9.27 |
CompanyName: | |
ProductVersion: | 2.4.9.27 |
FileDescription: | Gerda Video Recorder |
Translation: | 0x0000 0x04b0 |
Comments: | This installation was built with Inno Setup. |
ProductName: | Gerda Play3 SE |
Packers detected 2
Borland Delphi 3.0 (???) |
Borland Delphi 4.0 |
Anti debug functions 2
GetLastError |
RaiseException |
Strings analysis - File found
Library |
OLEAUT32.dll |
USER32.dll |
COMCTL32.dll |
ADVAPI32.dll |
KERNEL32.dll |
SHELL32.dll |
Strings analysis - Possible IPs found 1
2.4.9.27 |
Strings analysis - Possible URLs found 2
http://schemas.microsoft.com/SMI/2005/WindowsSettings |
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline |