ScreenShot
| Created | 2022.12.10 15:05 | Machine | s1_win7_x6403 |
| Filename | umciavi32.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 19d3006a093ae7f7dddd0f0fb812bbc3 | ||
| sha256 | 821784f00f563c345d56b28f5ac31321e3d63fa193fcaeaa24ff1c5f5799938e | ||
| ssdeep | 196608:KCC0/Okh6p9cl7V6fiHMwwilE/G3icjzThvk:Kb0/LvpIi9wilMG3icz | ||
| imphash | 8f8c8d2e235fc25da3c40a95df0c20ba | ||
| impfuzzy | 12:okKjI3QQqKuXzliwxrnrF7uK5uWAbRfva1aXIqsMXPEv2A+O6ww8sZGMZGqAJcDW:zKU3GvzliwxnGnRfi8XI9WK2ZO83dNDW | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x98f000 GetTokenInformation
IPHLPAPI.DLL
0x98f010 FreeMibTable
NETAPI32.dll
0x98f020 NetApiBufferFree
ntdll.dll
0x98f030 NtQueryInformationProcess
ole32.dll
0x98f040 CoCreateInstance
OLEAUT32.dll
0x98f050 SysAllocString
pdh.dll
0x98f060 PdhAddEnglishCounterA
POWRPROF.dll
0x98f070 CallNtPowerInformation
PSAPI.DLL
0x98f080 EnumProcessModulesEx
Secur32.dll
0x98f090 LsaEnumerateLogonSessions
SHELL32.dll
0x98f0a0 CommandLineToArgvW
WS2_32.dll
0x98f0b0 WSACleanup
crypt.dll
0x98f0c0 BCryptCloseAlgorithmProvider
KERNEL32.dll
0x98f0d0 AcquireSRWLockExclusive
msvcrt.dll
0x98f0e0 __getmainargs
USERENV.dll
0x98f0f0 GetUserProfileDirectoryW
KERNEL32.dll
0x98f100 GetSystemTimeAsFileTime
USER32.dll
0x98f110 CharUpperBuffW
KERNEL32.dll
0x98f120 LocalAlloc
0x98f128 LocalFree
0x98f130 GetModuleFileNameW
0x98f138 ExitProcess
0x98f140 LoadLibraryA
0x98f148 GetModuleHandleA
0x98f150 GetProcAddress
EAT(Export Address Table) is none
ADVAPI32.dll
0x98f000 GetTokenInformation
IPHLPAPI.DLL
0x98f010 FreeMibTable
NETAPI32.dll
0x98f020 NetApiBufferFree
ntdll.dll
0x98f030 NtQueryInformationProcess
ole32.dll
0x98f040 CoCreateInstance
OLEAUT32.dll
0x98f050 SysAllocString
pdh.dll
0x98f060 PdhAddEnglishCounterA
POWRPROF.dll
0x98f070 CallNtPowerInformation
PSAPI.DLL
0x98f080 EnumProcessModulesEx
Secur32.dll
0x98f090 LsaEnumerateLogonSessions
SHELL32.dll
0x98f0a0 CommandLineToArgvW
WS2_32.dll
0x98f0b0 WSACleanup
crypt.dll
0x98f0c0 BCryptCloseAlgorithmProvider
KERNEL32.dll
0x98f0d0 AcquireSRWLockExclusive
msvcrt.dll
0x98f0e0 __getmainargs
USERENV.dll
0x98f0f0 GetUserProfileDirectoryW
KERNEL32.dll
0x98f100 GetSystemTimeAsFileTime
USER32.dll
0x98f110 CharUpperBuffW
KERNEL32.dll
0x98f120 LocalAlloc
0x98f128 LocalFree
0x98f130 GetModuleFileNameW
0x98f138 ExitProcess
0x98f140 LoadLibraryA
0x98f148 GetModuleHandleA
0x98f150 GetProcAddress
EAT(Export Address Table) is none