popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

uko.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 12, 2021, 2:55 p.m. April 12, 2021, 2:58 p.m.
Size 6.1MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 40367f496f45ba45b8545f90065b6940
SHA256 9d1ca3a1dad26b6c0195ac41fe5fa6e5e03706496944383ca9156fa99e57dc8a
CRC32 9C856785
ssdeep 49152:JbtrUXdIFcV5RsizUE3q0b5+jOAjMNmSuDyYNq9YIrhSIdR1bRYU2Q55YhUxyb6j:nrUXdIFcG
Yara
  • create_service - Create a windows service
  • network_udp_sock - Communications over UDP network
  • network_tcp_listen - Listen for incoming communication
  • network_tcp_socket - Communications over RAW socket
  • network_dns - Communications use DNS
  • escalate_priv - Escalade priviledges
  • win_mutex - Create or check mutex
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile
  • Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration
  • PE_Header_Zero - PE File Signature Zero
  • IsPE64 - (no description)
  • IsWindowsGUI - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .symtab
Elastic malicious (high confidence)
Cylance Unsafe
ESET-NOD32 a variant of WinGo/GoCLR.A
APEX Malicious
Avast Win64:Trojan-gen
ClamAV Win.Malware.Bulz-9847817-0
Kaspersky UDS:DangerousObject.Multi.Generic
McAfee-GW-Edition BehavesLike.Win64.Generic.vh
Sophos ML/PE-A
Ikarus Trojan.CobaltStrike
Jiangmin Trojan.Cobalt.ic
eGambit Unsafe.AI_Score_100%
Microsoft Trojan:Win32/Wacatac.B!ml
Cynet Malicious (score: 100)
McAfee Artemis!40367F496F45
Malwarebytes Malware.AI.4239237678
Fortinet W64/GoCLR.A!tr
AVG Win64:Trojan-gen
CrowdStrike win/malicious_confidence_60% (D)
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007feff017a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000771c0000
-1073741511 0