SWIXYLauncher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SWIXYLauncher.exe
Size

734KB
MD5

6db1ecff32cc7108d0a61af2df5e7f07
SHA1

3de242071f4530562f75004283a54f7237486c39
SHA256

f5567c9e3fd76485e9e43a9a5b56ccdb21d8aaec5dce2bc2a9fbe182e5c35768
SHA512

e797d3665fd1865c18671480d58ce9cd8621db7d2b34eea5ad0fe552ab111536dff4b0b6a459e2b9ae68690e21c7f5be394eb6cc64660aa4dc6880e61ef27f5a
SSDEEP

6144:y2b9wBdGcTsGgktRQA2Sb5Zj3BI5zQWm5QqRzVL3atwwi2Q97d/VU8iYOPiJ0ynw:/9+TsG7eA2SfCh0jz9aZ9QNUdttoQo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SWIXYLauncher.exe

Files

SWIXYLauncher.exe
.exe windows x64

ddde4f718e62e4a3324ccaf0eac7168b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

SystemFunction036

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateCertificateChain
CertFreeCertificateContext
CertFreeCertificateChain
CertDuplicateStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertOpenStore
CertDuplicateCertificateContext

kernel32

InitializeSListHead
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
CloseHandle
lstrlenW
GetNativeSystemInfo
WaitForMultipleObjects
GetOverlappedResult
GetLastError
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
GetFileInformationByHandleEx
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
GetModuleHandleA
GetProcAddress
GetCurrentThread
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStdHandle
GetConsoleMode
WriteConsoleW
SetLastError
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetModuleHandleW
FormatMessageW
CreateFileW
SetFilePointerEx
GetFileInformationByHandle
GetFullPathNameW
CreateDirectoryW
FindFirstFileW
FindClose
AcquireSRWLockExclusive
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateThread
GetCurrentProcessId
CreateNamedPipeW
WriteFileEx
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
SetFileInformationByHandle
SwitchToThread
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind

ole32

CoTaskMemFree

secur32

DeleteSecurityContext
EncryptMessage
FreeContextBuffer
InitializeSecurityContextW
AcquireCredentialsHandleA
DecryptMessage
FreeCredentialsHandle
QueryContextAttributesW
AcceptSecurityContext

shell32

SHGetKnownFolderPath

ws2_32

send
recv
closesocket
getsockname
WSASocketW
getaddrinfo
WSACleanup
WSAStartup
freeaddrinfo
getsockopt
select
ioctlsocket
getpeername
WSAGetLastError
setsockopt
connect

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
memcmp
__CxxFrameHandler3
memmove
memset
memcpy

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc

api-ms-win-crt-runtime-l1-1-0

_initterm_e
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_configure_narrow_argv
_seh_filter_exe
_initialize_narrow_environment
exit
_set_app_type

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddde4f718e62e4a3324ccaf0eac7168b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

crypt32

kernel32

ole32

secur32

shell32

ws2_32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 340KB - Virtual size: 339KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 254KB - Virtual size: 253KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 340KB - Virtual size: 339KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 254KB - Virtual size: 253KB

.reloc
Size: 3KB - Virtual size: 2KB