SWAM Tuba Eb[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SWAM Tuba Eb.exe
Size

6.9MB
MD5

f505da1130cfa9a8f81b10b38a8287aa
SHA1

9daa8ebf126bed73c6f5772836316e038b502656
SHA256

38f2ffaf113a8f726e00dbefb313640664b5f51bd98118b2fded34bf50fe200a
SHA512

00ae55aa8c39318211408d065531f1bdb3a3b7a7e70a950a68ae570d623ebbe114dd63207f76533c5022ffc51dbaa011adc9fd6c7edfc8fd028698299def6054
SSDEEP

98304:XevnropdPSNnotZ2xN6BEdHVFl5lT/AipGprdV8W9nYHmFt0xsssVb8:XezKP0noD2xNLFDl8jdV8+YHmFtes

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SWAM Tuba Eb.exe

Files

SWAM Tuba Eb.exe
.exe windows:6 windows x64 arch:x64

2d4afbbb1111f0b269885117e53e117d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesExW
OutputDebugStringW
SetEvent
GetCurrentThread
TerminateThread
QueryPerformanceFrequency
GetThreadPriority
DeleteFileW
CloseHandle
GetNativeSystemInfo
GetCurrentDirectoryW
GetOverlappedResult
LocalFree
ReplaceFileW
DeleteCriticalSection
ExitProcess
GetModuleHandleW
CopyFileW
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
IsDebuggerPresent
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
MultiByteToWideChar
ResetEvent
GetPriorityClass
GetFileInformationByHandle
WriteConsoleW
HeapSize
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
HeapFree
HeapReAlloc
HeapAlloc
GetStdHandle
Sleep
ExitThread
CreateThread
GetTimeZoneInformation
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
SetLastError
InterlockedPushEntrySList
RtlUnwindEx
GetStartupInfoW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetCPInfo
CompareStringEx
GetSystemTimeAsFileTime
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RaiseException
RtlPcToFileHeader
CreateEventW
GetLogicalDriveStringsW
DisconnectNamedPipe
UnmapViewOfFile
ResumeThread
GetComputerNameExW
GetSystemDirectoryW
ReleaseMutex
GetFileAttributesW
CreateFileW
WaitForSingleObject
GetLocaleInfoW
FindClose
CreateMutexW
GetTempPathW
SetEndOfFile
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
SetThreadPriority
WaitForMultipleObjects
RemoveDirectoryW
TerminateProcess
GetModuleHandleExW
WriteFile
GetCurrentProcess
FindNextFileW
EnterCriticalSection
SetPriorityClass
FindFirstFileW
CancelIo
GetVolumeInformationW
TryEnterCriticalSection
ReadFile
GetSystemFirmwareTable
SetThreadAffinityMask
CreateDirectoryW
GlobalUnlock
FreeLibrary
GetCurrentProcessId
GlobalLock
GetProcAddress
LoadLibraryW
GlobalFree
GlobalAlloc
LoadLibraryA
GlobalSize
WideCharToMultiByte
GetLastError
FormatMessageW
GetModuleHandleA
GetCurrentThreadId
CompareStringOrdinal
FreeLibraryAndExitThread
GetModuleFileNameW
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetWindowsHookExW
SetCapture
DestroyCaret
LoadCursorW
LoadIconW
ToUnicode
TranslateMessage
BringWindowToTop
SetFocus
SetLayeredWindowAttributes
GetMessageTime
EnumWindows
SetClipboardData
GetClipboardData
UnhookWindowsHookEx
GetForegroundWindow
TrackMouseEvent
MapWindowPoints
CreateCaret
IsChild
PeekMessageW
EmptyClipboard
CloseClipboard
CreateIconIndirect
GetMonitorInfoW
GetWindowInfo
DestroyIcon
RedrawWindow
GetCapture
OpenClipboard
GetAsyncKeyState
IsWindow
ShowWindow
GetActiveWindow
SetCaretPos
GetKeyboardState
DestroyCursor
GetWindowPlacement
WindowFromPoint
RegisterClassExW
GetWindowLongPtrW
MessageBeep
SetWindowTextW
UnregisterClassW
EndDialog
CallNextHookEx
SendMessageW
GetIconInfo
CreateWindowExW
EnumDisplayMonitors
SetWindowLongPtrW
EnumChildWindows
MonitorFromWindow
MessageBoxW
SetWindowPos
IsWindowVisible
GetDC
DestroyWindow
GetFocus
BeginPaint
GetCursorPos
ReleaseDC
SetCursorPos
GetAncestor
InvalidateRect
ReleaseCapture
GetParent
SystemParametersInfoW
EnableMenuItem
GetDesktopWindow
ShowCaret
DrawIconEx
UpdateLayeredWindow
GetClientRect
SetWindowLongW
EndPaint
GetWindowRect
MapVirtualKeyW
PostMessageW
GetMessagePos
GetUpdateRgn
GetMessageExtraInfo
GetSystemMenu
DefWindowProcW
SetCursor
SendInput
GetWindowThreadProcessId
GetWindowLongW
AttachThreadInput
GetWindowTextW
SendNotifyMessageW
GetMessageW
SendMessageTimeoutW
DispatchMessageW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

DeleteObject
SetMapMode
RestoreDC
CreateBitmap
AddFontMemResourceEx
ExcludeClipRect
ChoosePixelFormat
SwapBuffers
SetPixelFormat
GetObjectW
GetKerningPairsW
EnumFontFamiliesExW
GetTextMetricsW
SetMapperFlags
GetGlyphIndicesW
GetGlyphOutlineW
RemoveFontMemResourceEx
CreateFontIndirectW
GetOutlineTextMetricsW
SaveDC
SelectObject
CreateDIBSection
CreateCompatibleDC
StretchDIBits
CreateRectRgnIndirect
GetDeviceCaps
CreateRectRgn
DeleteDC
GetRegionData
CombineRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
MapGenericMask
OpenProcessToken
RegOpenKeyA
RegQueryValueExA
RegEnumKeyW
RegOpenKeyW
RegCloseKey
AccessCheck
GetNamedSecurityInfoW
DuplicateToken

shell32

DragQueryFileW
SHCreateShellItem
SHGetMalloc
ExtractAssociatedIconW
SHBrowseForFolderW
SHGetKnownFolderPath
SHParseDisplayName
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
DoDragDrop
OleInitialize
RegisterDragDrop
CoTaskMemAlloc
RevokeDragDrop
CoInitialize
PropVariantClear
CLSIDFromString
CoGetApartmentType
CoInitializeEx
OleUninitialize
CoGetObjectContext

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy

wininet

InternetCloseHandle
InternetReadFile
InternetSetOptionW
InternetConnectW
HttpEndRequestW
HttpSendRequestExW
InternetCrackUrlW
InternetSetFilePointer
HttpOpenRequestW
InternetWriteFile
FtpOpenFileW
InternetOpenW
HttpQueryInfoW

ws2_32

inet_addr
WSAStartup
getaddrinfo
select
closesocket
bind
accept
__WSAFDIsSet
send
inet_ntoa
recv
getsockopt
htonl
htons
freeaddrinfo
sendto
ioctlsocket
setsockopt

shlwapi

PathStripToRootW

winmm

midiInGetNumDevs
midiInGetDevCapsW
midiOutShortMsg
midiOutGetNumDevs
midiOutLongMsg
midiOutClose
midiInStop
midiOutMessage
midiInReset
midiOutOpen
midiOutPrepareHeader
midiOutGetDevCapsW
midiInOpen
midiInUnprepareHeader
midiInMessage
timeBeginPeriod
timeGetTime
midiInAddBuffer
midiInPrepareHeader
midiInStart
midiInClose
midiOutUnprepareHeader

imm32

ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmAssociateContextEx
ImmReleaseContext
ImmNotifyIME
ImmGetContext

dxgi

CreateDXGIFactory

opengl32

glPixelMapusv
glTexCoord3i
glLightModeli
glGetString
glTexCoord4s
glTexSubImage2D
glOrtho
glEvalCoord1dv
glTexCoord4d
glTexCoord2i
glDepthFunc
glPixelStorei
glColor4usv
glColor4iv
glEvalCoord1fv
glRasterPos3iv
glDrawBuffer
glVertex3iv
glLighti
glGetPixelMapfv
glGetLightiv
glShadeModel
glTexCoord1fv
glPrioritizeTextures
glCopyTexImage2D
glNormalPointer
glTexCoord1d
glGetFloatv
glRasterPos4dv
glIndexsv
glDeleteLists
wglMakeCurrent
glTexEnviv
glMaterialfv
glFogiv
glTexCoord1iv
glAreTexturesResident
glPushMatrix
glIsTexture
glPopName
glLightfv
glDisable
glEvalMesh2
glMultMatrixf
glGetError
glRasterPos4i
glColor4f
glClearDepth
glIndexs
glScalef
glRectf
glDrawElements
glGetTexParameteriv
glGetTexImage
glVertex2d
glTexCoord1s
glCopyTexImage1D
glGetClipPlane
glScaled
glColor3d
glListBase
glTexEnvi
glColorMaterial
glColor3ubv
glColorPointer
glColor4ub
glTexCoord1i
glColor3bv
glVertex3d
glFlush
glRasterPos3dv
glNormal3s
glBitmap
glFogi
glRasterPos3d
glClearIndex
glRasterPos2i
glIsEnabled
glRasterPos4d
glRotatef
glRasterPos2sv
glArrayElement
glPixelTransferf
glColor4b
glRasterPos2f
glColor3us
glGetPixelMapusv
glIndexMask
glTexCoord4i
glTexParameteriv
glLightiv
glPushAttrib
glGetIntegerv
glPolygonStipple
glClearStencil
glLogicOp
glGetTexGendv
glLightf
glFeedbackBuffer
glEvalMesh1
glPixelMapuiv
glVertex2f
glTexImage2D
glGetMaterialfv
glTexGeni
glTexCoord3d
glPointSize
glColor3fv
glNormal3fv
glGetTexParameterfv
glMaterialf
glClearAccum
glRects
glPopMatrix
glEvalCoord2fv
glColor4i
glLightModeliv
glViewport
glTexImage1D
glDepthRange
glEdgeFlagv
glEnableClientState
glVertex4dv
glRecti
glColor3dv
glStencilOp
glNormal3sv
glVertex4sv
glIndexiv
glTexCoord3fv
glRasterPos3s
glInterleavedArrays
glClear
glEvalPoint2
glColor3uiv
glColor3ui
glIndexd
glVertex3i
glColor3s
glVertex2dv
glCopyPixels
glTexCoord3s
glPolygonOffset
glVertex2iv
wglShareLists
glTexSubImage1D
glLoadMatrixd
glIsList
glTexCoord2iv
glTexEnvf
glStencilMask
glTexCoord4fv
glRasterPos3fv
glGetTexLevelParameterfv
glMap1f
glNewList
glPopAttrib
glNormal3bv
glPolygonMode
glRotated
glTexGenf
wglGetCurrentContext
glColor3usv
glNormal3b
glPixelTransferi
glRasterPos3f
glRectfv
glBindTexture
glGetPointerv
glGenTextures
glNormal3dv
glColor4d
glRasterPos4iv
glVertexPointer
glGetMapiv
glEnable
glVertex3f
glIndexubv
glTexCoord3iv
glCullFace
glDepthMask
glPopClientAttrib
glRasterPos2d
glMapGrid1f
glGetLightfv
glLoadMatrixf
glTexGend
glTexCoord2d
glVertex3sv
glMapGrid2d
glEnd
glVertex4f
glPassThrough
glColor4s
glEdgeFlagPointer
glMaterialiv
glColor4ui
glVertex4d
glScissor
glFogf
glTexParameterfv
glTexCoord2dv
glSelectBuffer
glRasterPos3sv
glAccum
glGetMapfv
glTexCoord4dv
glTexCoord3sv
glCallList
glFogfv
glVertex2sv
glFrustum
glVertex3s
glCopyTexSubImage2D
glColor4bv
glRasterPos2dv
glTexCoord2f
glColor4uiv
glGetTexLevelParameteriv
glVertex4iv
glEvalPoint1
glDisableClientState
glGetTexGeniv
glColor4dv
glMateriali
glCopyTexSubImage1D
glRasterPos2iv
glGenLists
glMatrixMode
glTexCoord1f
glMapGrid1d
glTexCoord2fv
glEvalCoord2f
glTexGenfv
glTranslated
glVertex4fv
glRasterPos3i
glVertex3dv
glRasterPos4sv
glDrawPixels
glCallLists
glFrontFace
glIndexub
glTexGendv
glVertex2fv
glEvalCoord2dv
glTexCoord4iv
glLineWidth
glColor4sv
glColor3f
glNormal3f
glIndexfv
glRasterPos4s
glStencilFunc
glColor3i
glLineStipple
glTexCoord2sv
glBlendFunc
glReadPixels
wglCreateContext
glColorMask
glTexCoord4sv
glMap1d
glTexCoord3dv
glInitNames
glMapGrid2f
glRasterPos4f
glGetMaterialiv
glIndexdv
glLoadIdentity
glColor3iv
glEdgeFlag
glRasterPos4fv
glRasterPos2s
glMultMatrixd
glEndList
glIndexPointer
wglGetProcAddress
glVertex3fv
glLoadName
glTexGeniv
glLightModelf
glRectiv
glPixelMapfv
glTexParameteri
glNormal3iv
glTexEnvfv
glVertex4s
glRenderMode
glFinish
glEvalCoord1d
glMap2f
glColor4ubv
glColor4fv
glDeleteTextures
glGetPolygonStipple
glGetTexEnvfv
glTexCoord2s
glTexCoord4f
glRectd
glVertex4i
glTexCoord3f
glPushClientAttrib
glHint
glReadBuffer
glTexCoord1sv
glAlphaFunc
glBegin
glRectsv
glTexCoordPointer
glColor3sv
glClipPlane
glIndexf
glIndexi
glPixelStoref
glPixelZoom
glNormal3d
glVertex2s
glGetTexEnviv
glClearColor
glLightModelfv
glVertex2i
glGetMapdv
glRasterPos2fv
glColor3ub
glGetBooleanv
glTexCoord1dv
glMap2d
glDrawArrays
glColor3b
wglDeleteContext
glNormal3i
glGetPixelMapuiv
glColor4us
glGetTexGenfv
glEvalCoord1f
glGetDoublev
glEvalCoord2d
glTexParameterf
glPushName
glTranslatef
glRectdv

Sections

.text
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lies0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lies1
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d4afbbb1111f0b269885117e53e117d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

wininet

ws2_32

shlwapi

winmm

imm32

dxgi

opengl32

Sections

.text Size: - Virtual size: 5.2MB

.rdata Size: - Virtual size: 3.6MB

.data Size: - Virtual size: 259KB

.pdata Size: - Virtual size: 236KB

_RDATA Size: - Virtual size: 348B

.lies0 Size: - Virtual size: 1.8MB

.lies1 Size: 6.8MB - Virtual size: 6.8MB

.reloc Size: 512B - Virtual size: 224B

.rsrc Size: 58KB - Virtual size: 57KB

.text
Size: - Virtual size: 5.2MB

.rdata
Size: - Virtual size: 3.6MB

.data
Size: - Virtual size: 259KB

.pdata
Size: - Virtual size: 236KB

_RDATA
Size: - Virtual size: 348B

.lies0
Size: - Virtual size: 1.8MB

.lies1
Size: 6.8MB - Virtual size: 6.8MB

.reloc
Size: 512B - Virtual size: 224B

.rsrc
Size: 58KB - Virtual size: 57KB