ScreenShot
| Created | 2021.09.10 09:41 | Machine | s1_win7_x6402 |
| Filename | OvtUb.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 12 detected (Gozi, FileRepMetagen, Artemis, MalCert, Unsafe, Score, Malicious, Static AI, Malicious PE) | ||
| md5 | 091a569b997f6e2803119b16fe692dd1 | ||
| sha256 | 2c8bf72987e18810cdb53a8a985ebb3ef8e87d8bc2d947fb79d4a4fbe2c4d6ef | ||
| ssdeep | 24576:89PsA9vHAYobFGQdR6ylSk61LXXhtxvZPmtk1/GqgLGj:hYHJk61bRrZPmWGGj | ||
| imphash | 6e09f5ea9222053b840f418fc7379964 | ||
| impfuzzy | 96:aH91aZv9En9aXNys9X1Cxtc+pth/GEi2RYzH3MD:ad1hn9a9l9FyRYr3MD | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 12 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Queries for the computername |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x106a014 GetLastError
0x106a018 VirtualProtectEx
0x106a01c LoadLibraryA
0x106a020 OpenMutexA
0x106a024 SetConsoleOutputCP
0x106a028 DeviceIoControl
0x106a02c GetModuleFileNameA
0x106a030 CloseHandle
0x106a034 DeleteFileA
0x106a038 WriteConsoleW
0x106a03c SetStdHandle
0x106a040 GetStringTypeW
0x106a044 LoadLibraryW
0x106a048 WaitForMultipleObjectsEx
0x106a04c GetStartupInfoA
0x106a050 GetConsoleMode
0x106a054 GetConsoleCP
0x106a058 FlushFileBuffers
0x106a05c EnumSystemLocalesW
0x106a060 GetUserDefaultLCID
0x106a064 IsValidLocale
0x106a068 GetLocaleInfoW
0x106a06c LCMapStringW
0x106a070 CompareStringW
0x106a074 GetTimeFormatW
0x106a078 GetDateFormatW
0x106a07c GetCPInfo
0x106a080 GetOEMCP
0x106a084 GetACP
0x106a088 IsValidCodePage
0x106a08c HeapReAlloc
0x106a090 CreateProcessA
0x106a094 Sleep
0x106a098 GetTickCount
0x106a09c SetFilePointerEx
0x106a0a0 GetCurrentProcess
0x106a0a4 UnregisterWaitEx
0x106a0a8 QueryDepthSList
0x106a0ac InterlockedFlushSList
0x106a0b0 InterlockedPushEntrySList
0x106a0b4 InterlockedPopEntrySList
0x106a0b8 InitializeSListHead
0x106a0bc ReleaseSemaphore
0x106a0c0 SetProcessAffinityMask
0x106a0c4 VirtualProtect
0x106a0c8 VirtualFree
0x106a0cc VirtualAlloc
0x106a0d0 GetVersionExW
0x106a0d4 GetModuleHandleA
0x106a0d8 FreeLibraryAndExitThread
0x106a0dc FreeLibrary
0x106a0e0 GetThreadTimes
0x106a0e4 OutputDebugStringW
0x106a0e8 FatalAppExitA
0x106a0ec SetConsoleCtrlHandler
0x106a0f0 FreeEnvironmentStringsW
0x106a0f4 GetEnvironmentStringsW
0x106a0f8 GetCurrentProcessId
0x106a0fc QueryPerformanceCounter
0x106a100 GetFileType
0x106a104 HeapSize
0x106a108 GetProcessHeap
0x106a10c GetModuleFileNameW
0x106a110 WriteFile
0x106a114 GetStdHandle
0x106a118 WideCharToMultiByte
0x106a11c MultiByteToWideChar
0x106a120 AreFileApisANSI
0x106a124 GetModuleHandleExW
0x106a128 ExitProcess
0x106a12c IsDebuggerPresent
0x106a130 UnregisterWait
0x106a134 RegisterWaitForSingleObject
0x106a138 SetThreadAffinityMask
0x106a13c GetProcessAffinityMask
0x106a140 GetNumaHighestNodeNumber
0x106a144 DeleteTimerQueueTimer
0x106a148 ChangeTimerQueueTimer
0x106a14c CreateTimerQueueTimer
0x106a150 GetLogicalProcessorInformation
0x106a154 GetThreadPriority
0x106a158 SetThreadPriority
0x106a15c SwitchToThread
0x106a160 SignalObjectAndWait
0x106a164 WaitForSingleObjectEx
0x106a168 SetEvent
0x106a16c DuplicateHandle
0x106a170 WaitForSingleObject
0x106a174 GetCurrentThread
0x106a178 GetCurrentThreadId
0x106a17c GetExitCodeThread
0x106a180 GetSystemTimeAsFileTime
0x106a184 EnterCriticalSection
0x106a188 LeaveCriticalSection
0x106a18c DeleteCriticalSection
0x106a190 HeapAlloc
0x106a194 EncodePointer
0x106a198 DecodePointer
0x106a19c GetCommandLineA
0x106a1a0 IsProcessorFeaturePresent
0x106a1a4 UnhandledExceptionFilter
0x106a1a8 SetUnhandledExceptionFilter
0x106a1ac SetLastError
0x106a1b0 InitializeCriticalSectionAndSpinCount
0x106a1b4 CreateEventW
0x106a1b8 TerminateProcess
0x106a1bc TlsAlloc
0x106a1c0 TlsGetValue
0x106a1c4 TlsSetValue
0x106a1c8 TlsFree
0x106a1cc GetStartupInfoW
0x106a1d0 GetModuleHandleW
0x106a1d4 GetProcAddress
0x106a1d8 CreateSemaphoreW
0x106a1dc CreateThread
0x106a1e0 ExitThread
0x106a1e4 LoadLibraryExW
0x106a1e8 RaiseException
0x106a1ec RtlUnwind
0x106a1f0 HeapFree
0x106a1f4 TryEnterCriticalSection
0x106a1f8 CreateTimerQueue
0x106a1fc RtlCaptureStackBackTrace
0x106a200 CreateFileW
USER32.dll
0x106a208 SetWindowTextA
0x106a20c CallNextHookEx
0x106a210 LoadBitmapA
0x106a214 GetClassInfoExA
0x106a218 EnumWindows
0x106a21c GetIconInfo
0x106a220 IsDialogMessageA
0x106a224 GetWindowLongA
0x106a228 CreateWindowExA
0x106a22c ReleaseDC
0x106a230 DefWindowProcA
0x106a234 CheckDlgButton
0x106a238 SendMessageA
ole32.dll
0x106a300 OleUninitialize
0x106a304 CoUninitialize
0x106a308 CoSuspendClassObjects
0x106a30c OleSetContainedObject
0x106a310 StgCreateDocfile
0x106a314 OleInitialize
0x106a318 CoInitialize
COMCTL32.dll
0x106a000 ImageList_LoadImageA
0x106a004 None
0x106a008 PropertySheetA
0x106a00c CreatePropertySheetPageA
WINSPOOL.DRV
0x106a240 DeletePortA
0x106a244 SetPrinterDataA
0x106a248 DeleteFormA
0x106a24c SetPortA
0x106a250 SetPrinterDataExA
0x106a254 AddMonitorA
0x106a258 ScheduleJob
0x106a25c AddPrinterConnectionA
0x106a260 ReadPrinter
0x106a264 AddPrinterDriverA
0x106a268 GetPrinterDataA
0x106a26c ResetPrinterA
0x106a270 PrinterMessageBoxA
0x106a274 DeletePrintProcessorA
0x106a278 GetPrinterDriverDirectoryA
0x106a27c OpenPrinterA
0x106a280 AddPortA
0x106a284 ConfigurePortA
0x106a288 GetPrinterDataExA
0x106a28c GetJobA
0x106a290 AddPrinterDriverExA
0x106a294 ClosePrinter
0x106a298 DeletePrinterDataExA
0x106a29c DeletePrinterConnectionA
0x106a2a0 DeletePrintProvidorA
0x106a2a4 StartPagePrinter
0x106a2a8 AbortPrinter
0x106a2ac GetPrintProcessorDirectoryA
0x106a2b0 StartDocPrinterA
0x106a2b4 GetPrinterA
0x106a2b8 AddPrinterA
0x106a2bc DeletePrinter
0x106a2c0 DeleteMonitorA
0x106a2c4 GetPrinterDriverA
0x106a2c8 AddFormA
0x106a2cc DeletePrinterDriverA
0x106a2d0 AddPrintProcessorA
0x106a2d4 AddPrintProvidorA
0x106a2d8 SetFormA
0x106a2dc GetFormA
0x106a2e0 DeletePrinterDataA
0x106a2e4 AddJobA
0x106a2e8 FlushPrinter
0x106a2ec DeletePrinterDriverExA
0x106a2f0 SetJobA
0x106a2f4 FindClosePrinterChangeNotification
0x106a2f8 DeletePrinterKeyA
sfc.dll
0x106a320 SfcIsFileProtected
EAT(Export Address Table) is none
KERNEL32.dll
0x106a014 GetLastError
0x106a018 VirtualProtectEx
0x106a01c LoadLibraryA
0x106a020 OpenMutexA
0x106a024 SetConsoleOutputCP
0x106a028 DeviceIoControl
0x106a02c GetModuleFileNameA
0x106a030 CloseHandle
0x106a034 DeleteFileA
0x106a038 WriteConsoleW
0x106a03c SetStdHandle
0x106a040 GetStringTypeW
0x106a044 LoadLibraryW
0x106a048 WaitForMultipleObjectsEx
0x106a04c GetStartupInfoA
0x106a050 GetConsoleMode
0x106a054 GetConsoleCP
0x106a058 FlushFileBuffers
0x106a05c EnumSystemLocalesW
0x106a060 GetUserDefaultLCID
0x106a064 IsValidLocale
0x106a068 GetLocaleInfoW
0x106a06c LCMapStringW
0x106a070 CompareStringW
0x106a074 GetTimeFormatW
0x106a078 GetDateFormatW
0x106a07c GetCPInfo
0x106a080 GetOEMCP
0x106a084 GetACP
0x106a088 IsValidCodePage
0x106a08c HeapReAlloc
0x106a090 CreateProcessA
0x106a094 Sleep
0x106a098 GetTickCount
0x106a09c SetFilePointerEx
0x106a0a0 GetCurrentProcess
0x106a0a4 UnregisterWaitEx
0x106a0a8 QueryDepthSList
0x106a0ac InterlockedFlushSList
0x106a0b0 InterlockedPushEntrySList
0x106a0b4 InterlockedPopEntrySList
0x106a0b8 InitializeSListHead
0x106a0bc ReleaseSemaphore
0x106a0c0 SetProcessAffinityMask
0x106a0c4 VirtualProtect
0x106a0c8 VirtualFree
0x106a0cc VirtualAlloc
0x106a0d0 GetVersionExW
0x106a0d4 GetModuleHandleA
0x106a0d8 FreeLibraryAndExitThread
0x106a0dc FreeLibrary
0x106a0e0 GetThreadTimes
0x106a0e4 OutputDebugStringW
0x106a0e8 FatalAppExitA
0x106a0ec SetConsoleCtrlHandler
0x106a0f0 FreeEnvironmentStringsW
0x106a0f4 GetEnvironmentStringsW
0x106a0f8 GetCurrentProcessId
0x106a0fc QueryPerformanceCounter
0x106a100 GetFileType
0x106a104 HeapSize
0x106a108 GetProcessHeap
0x106a10c GetModuleFileNameW
0x106a110 WriteFile
0x106a114 GetStdHandle
0x106a118 WideCharToMultiByte
0x106a11c MultiByteToWideChar
0x106a120 AreFileApisANSI
0x106a124 GetModuleHandleExW
0x106a128 ExitProcess
0x106a12c IsDebuggerPresent
0x106a130 UnregisterWait
0x106a134 RegisterWaitForSingleObject
0x106a138 SetThreadAffinityMask
0x106a13c GetProcessAffinityMask
0x106a140 GetNumaHighestNodeNumber
0x106a144 DeleteTimerQueueTimer
0x106a148 ChangeTimerQueueTimer
0x106a14c CreateTimerQueueTimer
0x106a150 GetLogicalProcessorInformation
0x106a154 GetThreadPriority
0x106a158 SetThreadPriority
0x106a15c SwitchToThread
0x106a160 SignalObjectAndWait
0x106a164 WaitForSingleObjectEx
0x106a168 SetEvent
0x106a16c DuplicateHandle
0x106a170 WaitForSingleObject
0x106a174 GetCurrentThread
0x106a178 GetCurrentThreadId
0x106a17c GetExitCodeThread
0x106a180 GetSystemTimeAsFileTime
0x106a184 EnterCriticalSection
0x106a188 LeaveCriticalSection
0x106a18c DeleteCriticalSection
0x106a190 HeapAlloc
0x106a194 EncodePointer
0x106a198 DecodePointer
0x106a19c GetCommandLineA
0x106a1a0 IsProcessorFeaturePresent
0x106a1a4 UnhandledExceptionFilter
0x106a1a8 SetUnhandledExceptionFilter
0x106a1ac SetLastError
0x106a1b0 InitializeCriticalSectionAndSpinCount
0x106a1b4 CreateEventW
0x106a1b8 TerminateProcess
0x106a1bc TlsAlloc
0x106a1c0 TlsGetValue
0x106a1c4 TlsSetValue
0x106a1c8 TlsFree
0x106a1cc GetStartupInfoW
0x106a1d0 GetModuleHandleW
0x106a1d4 GetProcAddress
0x106a1d8 CreateSemaphoreW
0x106a1dc CreateThread
0x106a1e0 ExitThread
0x106a1e4 LoadLibraryExW
0x106a1e8 RaiseException
0x106a1ec RtlUnwind
0x106a1f0 HeapFree
0x106a1f4 TryEnterCriticalSection
0x106a1f8 CreateTimerQueue
0x106a1fc RtlCaptureStackBackTrace
0x106a200 CreateFileW
USER32.dll
0x106a208 SetWindowTextA
0x106a20c CallNextHookEx
0x106a210 LoadBitmapA
0x106a214 GetClassInfoExA
0x106a218 EnumWindows
0x106a21c GetIconInfo
0x106a220 IsDialogMessageA
0x106a224 GetWindowLongA
0x106a228 CreateWindowExA
0x106a22c ReleaseDC
0x106a230 DefWindowProcA
0x106a234 CheckDlgButton
0x106a238 SendMessageA
ole32.dll
0x106a300 OleUninitialize
0x106a304 CoUninitialize
0x106a308 CoSuspendClassObjects
0x106a30c OleSetContainedObject
0x106a310 StgCreateDocfile
0x106a314 OleInitialize
0x106a318 CoInitialize
COMCTL32.dll
0x106a000 ImageList_LoadImageA
0x106a004 None
0x106a008 PropertySheetA
0x106a00c CreatePropertySheetPageA
WINSPOOL.DRV
0x106a240 DeletePortA
0x106a244 SetPrinterDataA
0x106a248 DeleteFormA
0x106a24c SetPortA
0x106a250 SetPrinterDataExA
0x106a254 AddMonitorA
0x106a258 ScheduleJob
0x106a25c AddPrinterConnectionA
0x106a260 ReadPrinter
0x106a264 AddPrinterDriverA
0x106a268 GetPrinterDataA
0x106a26c ResetPrinterA
0x106a270 PrinterMessageBoxA
0x106a274 DeletePrintProcessorA
0x106a278 GetPrinterDriverDirectoryA
0x106a27c OpenPrinterA
0x106a280 AddPortA
0x106a284 ConfigurePortA
0x106a288 GetPrinterDataExA
0x106a28c GetJobA
0x106a290 AddPrinterDriverExA
0x106a294 ClosePrinter
0x106a298 DeletePrinterDataExA
0x106a29c DeletePrinterConnectionA
0x106a2a0 DeletePrintProvidorA
0x106a2a4 StartPagePrinter
0x106a2a8 AbortPrinter
0x106a2ac GetPrintProcessorDirectoryA
0x106a2b0 StartDocPrinterA
0x106a2b4 GetPrinterA
0x106a2b8 AddPrinterA
0x106a2bc DeletePrinter
0x106a2c0 DeleteMonitorA
0x106a2c4 GetPrinterDriverA
0x106a2c8 AddFormA
0x106a2cc DeletePrinterDriverA
0x106a2d0 AddPrintProcessorA
0x106a2d4 AddPrintProvidorA
0x106a2d8 SetFormA
0x106a2dc GetFormA
0x106a2e0 DeletePrinterDataA
0x106a2e4 AddJobA
0x106a2e8 FlushPrinter
0x106a2ec DeletePrinterDriverExA
0x106a2f0 SetJobA
0x106a2f4 FindClosePrinterChangeNotification
0x106a2f8 DeletePrinterKeyA
sfc.dll
0x106a320 SfcIsFileProtected
EAT(Export Address Table) is none