swift-obfuscation-side-loading.dll
First submission 2024-10-17 18:40:03
File details
| File type: | PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 100.0 KB (102400 bytes) |
| Compile time: | 2024-09-17 20:23:15 |
| MD5: | 60fea8c8e9693047f41675e3445579e8 |
| SHA1: | 2cd51aaf6b7a7422a385f16d3c47f05e21b45fdf |
| SHA256: | c0f272047eec9b7ad1e3456ac0ae020c2522022d69ef6576a99000b967d7f5cf |
| Sections 6 | .text��� .data��� .rdata�� .edata�� .idata�� .reloc�� |
| Directories 3 | import export relocation |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
| Virus Total: | 35/77 VT report date: 2024-10-17 18:30:05 |
| Malware Type 1 | trojan |
| Threat Type 3 | havoc havokiz marte |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://169.1.16.29/swift-obfuscation-side-loading.dll  |
169.1.16.29 |
2024-10-17 18:40:03 |
PE Sections 0 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x176f0 | 96256 | 1db3b0123642fc7e3e7ada9a21ce5fa5b8040f4e | c5c2614eb02da2df4717ccf7ea944bc9 | |
| .data��� | 0x19000 | 0x960 | 2560 | 3549043797a635c54d86912dcfc12ebd66c742fa | 2d7a07100d0f539e38727ce2c3d08e10 | |
| .rdata�� | 0x1a000 | 0x2e0 | 1024 | 717ab14daa2f57f809169cbf9c4718b91fb9a09d | ea96cb5481e0bd5ef96245fb54db8fae | |
| .edata�� | 0x1b000 | 0x58 | 512 | 656a1b823c0e20a19c9288cfc7d409b18ce76084 | 6d6f3c8522165cebb0d4294af85cbe2c | |
| .idata�� | 0x1c000 | 0x14 | 512 | 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 | bf619eac0cdf3f68d496ea9344137e8b | |
| .reloc�� | 0x1d000 | 0xec | 512 | a7c573119b1d44a2f7ae3879a848bb43db84cdb3 | 285bb24486a4bb73835695c37bba67b2 |
Strings analysis - File found
| Library |
| demon.x64.dll |
PE Exports 2 suspicious
| Function | Address |
|---|---|
| DllMain | 0x38ded9580 |
| Start | 0x38dee3960 |