Swift[.]exe | Triage

Resubmissions

19-01-2025 21:16

250119-z4s2xswnaz 6

03-01-2025 18:36

250103-w829lszpbp 10

Sharing

Copy URL

Twitter E-mail

General

Target

Swift.exe
Size

13.0MB
MD5

1f22eb0a0742c95cec82a91205411797
SHA1

c36230783fb1039857a99e401ded02158c955360
SHA256

a6392ee4b34c64a366500cb050478049560e6acbb02c20077d38f3d5ee5497d1
SHA512

c29201c7ef9a63268731d73511fbeb2f694749677bee45b38fb2b9d9db7dfe382f8bd8e6ad2191379d69ed116f2a6fdbf48cf2c437bae935cfe03a7df131171a
SSDEEP

196608:K2KWwCM6GV/pekczMb5b/bnUMOcvRYKdEL5jKxpw9bWQ:K2KWwCM6eHczMNzzUxmRYKdElevw9qQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Swift.exe

Files

Swift.exe
.exe windows:6 windows x64 arch:x64

81da7dd5cf11059e6ac0ae2e6001ffff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Swift.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

user32

GetForegroundWindow
RegisterTouchWindow
GetSystemMetrics
RegisterWindowMessageA
IsWindow
RegisterClassExW
SetCapture
CreateWindowExW
DefWindowProcW
ScreenToClient
SetCursorPos
GetWindowLongW
InvalidateRgn
CreateIcon
RegisterRawInputDevices
SendMessageW
SetWindowLongW
ShowWindow
GetSystemMenu
EnableMenuItem
GetClipCursor
ClipCursor
ShowCursor
GetMenu
SetWindowDisplayAffinity
GetWindowLongPtrW
CheckMenuItem
GetWindowRect
PostThreadMessageW
PeekMessageW
MonitorFromRect
SetWindowPos
AdjustWindowRectEx
IsWindowVisible
ClientToScreen
DispatchMessageW
EnumChildWindows
MsgWaitForMultipleObjectsEx
SetWindowLongPtrW
ReleaseCapture
GetCursorPos
IsIconic
GetActiveWindow
SetForegroundWindow
TrackPopupMenu
FlashWindowEx
GetRawInputData
GetKeyboardLayout
SetMenu
PostMessageW
TrackMouseEvent
RegisterClassW
GetTouchInputInfo
GetClientRect
RedrawWindow
TranslateMessage
GetMessageW
GetAncestor
SetMenuItemInfoW
CreateMenu
CreatePopupMenu
AppendMenuW
PostQuitMessage
CreateAcceleratorTableW
GetDC
IsProcessDPIAware
GetKeyboardState
DestroyWindow
DestroyAcceleratorTable
GetAsyncKeyState
GetKeyState
MapVirtualKeyExW
VkKeyScanW
ToUnicodeEx
DispatchMessageA
GetMessageA
TranslateAcceleratorW
DestroyIcon
EnumDisplayMonitors
MonitorFromPoint
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
SendInput
GetWindowPlacement
SetWindowPlacement
ChangeDisplaySettingsExW
MapVirtualKeyW
GetUpdateRect
ValidateRect
SetCursor
LoadCursorW
GetMonitorInfoW
MonitorFromWindow
CloseTouchInputHandle
SystemParametersInfoA

kernel32

SetUnhandledExceptionFilter
RtlPcToFileHeader
LocalFree
ReadProcessMemory
HeapAlloc
GetProcessIoCounters
WaitForSingleObject
GetSystemTimes
OpenProcess
HeapFree
RaiseException
GetProcessHeap
GetExitCodeProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetTempPathW
CreateThread
WideCharToMultiByte
WriteConsoleW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
GetFullPathNameW
ReadFileEx
CreateNamedPipeW
ExitProcess
SetEnvironmentVariableW
FormatMessageW
EncodePointer
CopyFileExW
GetFinalPathNameByHandleW
RtlUnwindEx
CreateMutexA
RemoveDirectoryW
IsProcessorFeaturePresent
VirtualQueryEx
GetProcessTimes
GetCurrentProcessId
K32GetPerformanceInfo
GlobalMemoryStatusEx
GetSystemInfo
ReleaseSemaphore
ReadDirectoryChangesW
CreateSemaphoreW
CreateFileW
CancelIo
WaitForSingleObjectEx
SetThreadErrorMode
GetModuleFileNameW
DeleteFileW
FindFirstFileExW
CreateDirectoryW
GetFileInformationByHandleEx
FindClose
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeLibrary
TlsAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
FindNextFileW
GetModuleHandleA
GetNativeSystemInfo
ReleaseMutex
lstrlenW
HeapReAlloc
GetUserDefaultLocaleName
WakeAllConditionVariable
GetSystemTimePreciseAsFileTime
LoadLibraryA
QueryPerformanceFrequency
TerminateProcess
GetUserDefaultUILanguage
LCIDToLocaleName
SleepEx
LoadLibraryW
WriteFileEx
GetStdHandle
SetFileInformationByHandle
GetCommandLineW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetLastError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerExW
SwitchToThread
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
FreeEnvironmentStringsW
GetConsoleMode
TlsFree
GetFileInformationByHandle
TlsGetValue
SleepConditionVariableSRW
Sleep
SetFileCompletionNotificationModes
PostQueuedCompletionStatus
GetProcAddress
GetLastError
LoadLibraryExW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetHandleInformation
DuplicateHandle
GetCurrentProcess
GetEnvironmentVariableW
TlsSetValue
CloseHandle
GetCurrentThreadId
GetSystemTimeAsFileTime
MultiByteToWideChar
InitializeSListHead
OutputDebugStringW
OutputDebugStringA
GetFileAttributesW

gdi32

DeleteObject
GetDeviceCaps
CreateRectRgn

dwmapi

DwmEnableBlurBehindWindow

ole32

CoCreateInstance
OleInitialize
RegisterDragDrop
RevokeDragDrop
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CreateStreamOnHGlobal

comctl32

TaskDialogIndirect
SetWindowSubclass
DefSubclassProc
RemoveWindowSubclass

shell32

CommandLineToArgvW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHAppBarMessage
ShellExecuteW
SHGetKnownFolderPath
SHCreateItemFromParsingName
DragQueryFileW
DragFinish

pdh

PdhOpenQueryA
PdhCloseQuery
PdhRemoveCounter
PdhAddEnglishCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue

powrprof

CallNtPowerInformation

ntdll

NtQuerySystemInformation
NtWriteFile
RtlNtStatusToDosError
NtDeviceIoControlFile
NtReadFile
NtCreateFile
RtlGetVersion
NtCancelIoFileEx
NtQueryInformationProcess
NtOpenFile

advapi32

EventRegister
RegQueryValueExW
EventSetInformation
RegCloseKey
EventWriteTransfer
EventUnregister
RegGetValueW
SystemFunction036
OpenProcessToken
GetTokenInformation
CopySid
GetLengthSid
IsValidSid
RegOpenKeyExW

psapi

GetModuleFileNameExW

oleaut32

GetErrorInfo
SysStringLen
SysFreeString
SetErrorInfo

secur32

ApplyControlToken
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer
DecryptMessage
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext
QueryContextAttributesW

ws2_32

freeaddrinfo
getsockname
WSACleanup
WSAStartup
getaddrinfo
closesocket
WSAGetLastError
WSAIoctl
setsockopt
WSASend
send
recv
shutdown
getsockopt
ioctlsocket
connect
bind
WSASocketW
getpeername

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
CertOpenStore
CertDuplicateStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain

uxtheme

SetWindowTheme

bcrypt

BCryptGenRandom

api-ms-win-crt-string-l1-1-0

wcsncmp
strlen
wcslen
strcpy_s
_wcsicmp

api-ms-win-crt-math-l1-1-0

pow
trunc
round
__setusermatherr
floor

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
calloc
_callnewh

api-ms-win-crt-convert-l1-1-0

wcstol
_ultow_s

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_c_exit
_initterm
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
abort
_cexit
__p___argv
_exit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
__p___argc
_seh_filter_exe
_configure_narrow_argv
_initterm_e
exit
terminate
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

81da7dd5cf11059e6ac0ae2e6001ffff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

user32

kernel32

gdi32

dwmapi

ole32

comctl32

shell32

pdh

powrprof

ntdll

advapi32

psapi

oleaut32

secur32

ws2_32

crypt32

uxtheme

bcrypt

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 6.9MB - Virtual size: 6.9MB

.data Size: 10KB - Virtual size: 21KB

.pdata Size: 303KB - Virtual size: 302KB

.rsrc Size: 86KB - Virtual size: 85KB

.reloc Size: 50KB - Virtual size: 50KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 6.9MB - Virtual size: 6.9MB

.data
Size: 10KB - Virtual size: 21KB

.pdata
Size: 303KB - Virtual size: 302KB

.rsrc
Size: 86KB - Virtual size: 85KB

.reloc
Size: 50KB - Virtual size: 50KB