SwissArmySuite[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SwissArmySuite.exe
Size

8.1MB
MD5

8ce7f4eb149ecc2e868a7c7bd5ee2282
SHA1

6b6d877f0b0fcd1ace72f9f6069145a4d921f680
SHA256

abc1c1c17694fcad7f7882cc62fa87c9774b807526ed09c8087bf70b1a8c5c18
SHA512

eca7238603a04febec7980f6d9572d97b49bcac2a1e0f0d43a898e71da647c0bf9e918fe709d5989f90f9b0f8cc3ab4a2507e0cbfb7ae5200c0410f8045f6d09
SSDEEP

98304:qHLtt8dlKNOM9+0BRvEpSW821Zb0MvwR0mV93P9max5QOs:q197LW8gNwR0KtwaYN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SwissArmySuite.exe

Files

SwissArmySuite.exe
.exe windows:6 windows x64 arch:x64

144fe3a3407aa10f55026610f4491514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateWaitableTimerExW
SetWaitableTimer
Sleep
FindNextFileW
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetStdHandle
GetConsoleMode
GetFileType
GetFileInformationByHandleEx
SetConsoleCursorPosition
SetConsoleMode
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
CreateFileW
WakeConditionVariable
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
QueryPerformanceCounter
GetQueuedCompletionStatusEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetLastError
GetFinalPathNameByHandleW
GetCPInfo
GetOEMCP
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetACP
IsValidCodePage
FindFirstFileExW
lstrlenW
LCMapStringW
CompareStringW
GetModuleHandleA
GetProcAddress
CreateEventW
SetConsoleTitleW
SetConsoleTextAttribute
QueryPerformanceFrequency
PostQueuedCompletionStatus
FlsFree
HeapReAlloc
GetLastError
GetConsoleScreenBufferInfo
FlsSetValue
FlsGetValue
FlsAlloc
GetTimeZoneInformation
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
FindClose
CloseHandle
SwitchToThread
TryAcquireSRWLockExclusive
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetCurrentThread
MultiByteToWideChar
WriteConsoleW
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
GetCurrentProcess
GetEnvironmentVariableW
SetFileInformationByHandle
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
ReadConsoleW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
EncodePointer
CreateThread
ExitProcess
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcessId
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
RtlVirtualUnwind
AcquireSRWLockShared
ReleaseSRWLockShared
SetHandleInformation
SetFilePointerEx
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
GetSystemInfo
GetConsoleOutputCP
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
ReadFile
AreFileApisANSI
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
IsDebuggerPresent
InitializeSListHead
WaitForSingleObject
TlsAlloc
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree

ntdll

RtlNtStatusToDosError
NtWriteFile
NtCancelIoFileEx
NtReadFile
NtCreateFile
NtDeviceIoControlFile

crypt32

CertGetCertificateChain
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertCloseStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateStore
CertDuplicateCertificateChain
CertOpenStore
CertAddCertificateContextToStore

bcrypt

BCryptGenRandom

advapi32

RegOpenKeyExW
SystemFunction036
RegCloseKey
RegQueryValueExW

ws2_32

sendto
recvfrom
getaddrinfo
connect
freeaddrinfo
WSAStartup
WSACleanup
bind
WSASocketW
closesocket
ioctlsocket
socket
recv
WSAIoctl
send
WSASend
getsockname
WSAGetLastError
getpeername
shutdown
getsockopt
setsockopt

user32

MessageBoxW

shell32

SHCreateItemFromParsingName
SHGetKnownFolderPath

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

iphlpapi

GetAdaptersAddresses

secur32

AcquireCredentialsHandleA
DeleteSecurityContext
FreeCredentialsHandle
FreeContextBuffer
EncryptMessage
DecryptMessage
ApplyControlToken
AcceptSecurityContext
InitializeSecurityContextW
QueryContextAttributesW

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

144fe3a3407aa10f55026610f4491514

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

crypt32

bcrypt

advapi32

ws2_32

user32

shell32

ole32

iphlpapi

secur32

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 28KB - Virtual size: 35KB

.pdata Size: 239KB - Virtual size: 238KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 104KB - Virtual size: 103KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 28KB - Virtual size: 35KB

.pdata
Size: 239KB - Virtual size: 238KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 104KB - Virtual size: 103KB

.reloc
Size: 34KB - Virtual size: 34KB