swind2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

swind2.exe
Size

19KB
MD5

5a553b1c9a9dd4a03331d9b33951adad
SHA1

c26e3652ef52539924d873631295a0bd74f4791f
SHA256

9dd7c4d245afd85ca1fbaf786d629e1a941616c6f6fb8cb55300d3fa5cacdb79
SHA512

f02709fb20e4646e8b7342983d3ba9428f824cde84d9223d55be300d74e8a2d60388ee603eb25e52f92a412e0467d6cc9ff603f3b506afb1fb286e391d82a567
SSDEEP

192:iG6ETVvDoPrBerUrNEkZfv4+xWu95+2GP5A+7iVYIE97Tf1oM7Fdq8c6f3b0BFnP:iVEJEPGUrNJhxWuPwP5AJqbxxinRmW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
swind2.exe

Files

swind2.exe
.exe windows:6 windows x64 arch:x64

Password: uby

8550b9122a4d909a8607237e7d2f9bac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\frank\Downloads\gdrv-loader-master\bin\swind2.pdb

Imports

ntdll

RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlReleaseRelativeName
NtClose
RtlFreeHeap
NtCreateFile
NtMapViewOfSection
RtlWriteRegistryValue
NtQuerySystemInformation
NtUnloadDriver
NtCreateSection
_snwprintf
RtlInitUnicodeString
wcscpy_s
wcscat_s
RtlGetFullPathName_UEx
NtDeviceIoControlFile
RtlAdjustPrivilege
_stricmp
NtUnmapViewOfSection
NtLoadDriver
memcmp
NtTerminateProcess
RtlNormalizeProcessParams
RtlAllocateHeap
RtlCreateRegistryKey
_vsnwprintf
strcmp

kernel32

ReadConsoleInputW
WriteConsoleW

shlwapi

SHDeleteKeyW

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ