Trojan.Swisyn.F

By CagedTech in Trojans

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Swisyn.F
Signature status:	No Signature

Known Samples

MD5: 71863e160d9e557c554386cab10c4a13

SHA1: 8204c149853d868dc3c932a5f8f987f971909f9b

SHA256: 380970BBF31EC936A5C1972A3497C9D6C8035A486899620CCDC2D4341104E90A

File Size: 864.26 KB, 864256 bytes

MD5: f561c311f80d3f6b1e6e1851df782e50

SHA1: fe8a5b74804f80cfdfcbbb7e04a4bf84ff183ed1

SHA256: 989317FAA557CA83B1E50F5C11D3BE62483D75C8F94142519B6A1FA050BDC29C

File Size: 864.26 KB, 864256 bytes

MD5: e73d38d220f3276c82e917b01f878854

SHA1: 644003c3120241b1c8c42352886e065fa2abf823

SHA256: 7EB448A2C09EEA4CD48001BAFF1FADF6947C423847606BC76764120F56A610FC

File Size: 933.89 KB, 933888 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

GetConsoleWindow
No Version Info
x86

Block Information

Total Blocks:	3,136
Potentially Malicious Blocks:	941
Whitelisted Blocks:	2,184
Unknown Blocks:	11

Visual Map

? 0 0 0 0 x x x ? 0 x x ? x ? x x x x 0 x x x x x x x x x x x x 0 ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 x 0 0 0 0 x 0 x x x x x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x x x x x x 0 0 x 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 0 0 0 0 x 0 x x x 0 x x 0 x x x x x x x x x 0 0 0 x x x x x 0 x 0 x 0 x 0 0 x x x x 0 x x x 0 x x x x x x x x x x x x x x x x x x x x 0 x 0 x x x x x x x 0 0 x 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 x x 0 0 x 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x x x x 0 0 x 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 0 0 0 x x x x x x 0 0 x 0 x 0 0 x x x x x ? x x x x x x x x x 0 x x x x x 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 x x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x x x x x x x x x x x 0 x x x x 0 x x 0 x 0 x x x x x x x x x x x x x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x x 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x x 0 x x x x x 0 x x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x x x x x x x x x x 0 x x x x 0 x 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x x x 0 x 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x x 0 x x x 0 x x x x x x 0 x x x x 0 x 0 0 x 0 0 0 0 0 x 0 0 x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 x 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 x 0 x 0 x x x x x x 0 0 0 0 0 x x 0 x x x 0 0 0 0 0 x x 0 0 x x x x 0 0 x x 0 0 x x x x x 0 0 x x 0 0 0 0 x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x x x x x x 0 0 x 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x x x 0 x x x x x x x 0 x x x x x x x x 0 0 0 x x x x x x 0 0 x 0 0 x x 0 x x x x x x x 0 0 0 0 0 0 0 x 0 0 x 0 x 0 0 0 0 0 0 0 x 0 0 0 x 0 x x 0 0 x 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 x 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x 0 0 0 0 x 0 x 0 x 0 x x x x x x x x 0 0 x x x 0 x x x 0 0 x 0 x 0 x x 0 x x x 0 0 0 0 0 0 0 0 0 x 0 0 x x x x x x x x x 0 0 0 0 0 x x 0 x 0 x x 0 x x x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 x 0 0 x 0 x x x 0 x x x x x x x x x x x x 0 x x x x x 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x 0 x x x x x x x 0 x x x x x x 0 x x 0 x x x x x x 0 0 x 0 x x 0 0 0 x 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x 0 x x x x x x x x x x x x 0 x x 0 x x x x 0 x x 0 x x x x x x x 0 0 0 0 0 x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x x x x x x x x x x x x x 0 x x x 0 x x x x x x x x x x x x x x 0 0 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x 0 0 x 0 x x x x 0 x 0 x 0 x 0 0 x x x 0 x x x x x x x x x x x x 0 x x x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 x x x x x x x 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x x 0 x 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 x 0 x 0 0 0 0 0 0 0 0 x x x x 0 0 0 x x x x x x x 0 x x 0 0 0 0 x 0 x 0 x x 0 x x x x 0 x 0 0 0 0 0 x x x x x x x x x x 0 0 0 0 x x x x 0 0 x x x x 0 x x x 0 0 x x x x x 0 x x x x x x x 0 x x x 0 0 0 x x x 0 x x x 0 x 0 x x x x 0 0 x x 0 x 0 0 x 0 0 0

... Data truncated

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Swisyn.A

Files Modified

File	Attributes
c:\users\user\downloads\startuperror_agentserver.txt	Generic Write,Read Attributes
c:\users\user\downloads\startuperror_machinemanager.txt	Generic Write,Read Attributes

Windows API Usage

Category	API
User Data Access	GetComputerNameEx

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Swisyn.F

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Windows API Usage

Windows API Usage

Submit Comment

Trending

PUP.MacSpaceReviver.macOS

P2P Networking

Ffgogogo Browser

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen