SWIFT COPY[.]exe | Triage

Sharing

General

Target

SWIFT COPY.exe
Size

1.0MB
MD5

d7a5e6cf0c7f0937d74f25ad55b89bfa
SHA1

a9eaeb41ac609c8720e0f5c5e9d7c43fd9388876
SHA256

94e790b64206a78f0a30e4fe686559010744a1596679e7daeb8c3325ff346bbe
SHA512

e32e76af4af359654b365f7ede6896924e5d6dc77f73f3376d8238043d6031ec63425dddc0898471a2d36ca947c302c784f4fd1c50e3cd6a660ec71a8d467a63
SSDEEP

24576:ZG6s3KSpszXe/e88e+wYm9I4uKe/lEpY:QV3KrXWvCwYqf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

SWIFT COPY.exe

Files

SWIFT COPY.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 645KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ