ScreenShot
| Created | 2023.01.09 10:22 | Machine | s1_win7_x6401 |
| Filename | umciavi32.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 39 detected (malicious, high confidence, Mint, Zard, Artemis, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, Kryptik, HSFT, score, Qcnw, Malware@#2dcbka4402duo, AGen, ukfkj, Sabsik, kcloud, ai score=88, R002H09A623, R3j74E4UtVU) | ||
| md5 | e5649ab2c67d8468c964cb286c6624be | ||
| sha256 | f8dc099b9264dcaad70392cf8f4a5dd7974a4d7f61351850c799a471716c2693 | ||
| ssdeep | 3072:FijyPvu6WE9KiZIvVKjK22+eZKkk7pSKCoKWWMb633LoYSmZAzUNe5v45L1rFx01:F3Xuk9KX1gCoKWdbSBKzUQa5dfl+ | ||
| imphash | 77bb98f8ce76d8f01342dba0bfa7f0fa | ||
| impfuzzy | 24:cWDCejtWOovbOGMUD1ulvgmWDEy8/l3LLyoOG3JUHy1u:cQCKx361Ar/hHOGqHy0 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x445c78 CloseHandle
0x445c7c CreateFileW
0x445c80 DecodePointer
0x445c84 DeleteCriticalSection
0x445c88 EncodePointer
0x445c8c EnterCriticalSection
0x445c90 ExitProcess
0x445c94 FindClose
0x445c98 FindFirstFileExW
0x445c9c FindNextFileW
0x445ca0 FlushFileBuffers
0x445ca4 FreeEnvironmentStringsW
0x445ca8 FreeLibrary
0x445cac GetACP
0x445cb0 GetCPInfo
0x445cb4 GetCommandLineA
0x445cb8 GetCommandLineW
0x445cbc GetConsoleMode
0x445cc0 GetConsoleOutputCP
0x445cc4 GetCurrentProcess
0x445cc8 GetCurrentProcessId
0x445ccc GetCurrentThreadId
0x445cd0 GetEnvironmentStringsW
0x445cd4 GetFileType
0x445cd8 GetLastError
0x445cdc GetModuleFileNameW
0x445ce0 GetModuleHandleExW
0x445ce4 GetModuleHandleW
0x445ce8 GetOEMCP
0x445cec GetProcAddress
0x445cf0 GetProcessHeap
0x445cf4 GetStartupInfoW
0x445cf8 GetStdHandle
0x445cfc GetStringTypeW
0x445d00 GetSystemInfo
0x445d04 GetSystemTimeAsFileTime
0x445d08 GetTickCount
0x445d0c HeapAlloc
0x445d10 HeapCreate
0x445d14 HeapFree
0x445d18 HeapQueryInformation
0x445d1c HeapReAlloc
0x445d20 HeapSize
0x445d24 HeapValidate
0x445d28 InitializeCriticalSectionAndSpinCount
0x445d2c InitializeSListHead
0x445d30 IsDebuggerPresent
0x445d34 IsProcessorFeaturePresent
0x445d38 IsValidCodePage
0x445d3c LCMapStringW
0x445d40 LeaveCriticalSection
0x445d44 LoadLibraryA
0x445d48 LoadLibraryExW
0x445d4c MultiByteToWideChar
0x445d50 OutputDebugStringW
0x445d54 QueryPerformanceCounter
0x445d58 RaiseException
0x445d5c RtlUnwind
0x445d60 SetFilePointerEx
0x445d64 SetLastError
0x445d68 SetStdHandle
0x445d6c SetUnhandledExceptionFilter
0x445d70 Sleep
0x445d74 TerminateProcess
0x445d78 TlsAlloc
0x445d7c TlsFree
0x445d80 TlsGetValue
0x445d84 TlsSetValue
0x445d88 UnhandledExceptionFilter
0x445d8c VirtualAlloc
0x445d90 WideCharToMultiByte
0x445d94 WriteConsoleW
0x445d98 WriteFile
USER32.dll
0x445da0 GetActiveWindow
GDI32.dll
0x445da8 GetPixel
EAT(Export Address Table) is none
KERNEL32.dll
0x445c78 CloseHandle
0x445c7c CreateFileW
0x445c80 DecodePointer
0x445c84 DeleteCriticalSection
0x445c88 EncodePointer
0x445c8c EnterCriticalSection
0x445c90 ExitProcess
0x445c94 FindClose
0x445c98 FindFirstFileExW
0x445c9c FindNextFileW
0x445ca0 FlushFileBuffers
0x445ca4 FreeEnvironmentStringsW
0x445ca8 FreeLibrary
0x445cac GetACP
0x445cb0 GetCPInfo
0x445cb4 GetCommandLineA
0x445cb8 GetCommandLineW
0x445cbc GetConsoleMode
0x445cc0 GetConsoleOutputCP
0x445cc4 GetCurrentProcess
0x445cc8 GetCurrentProcessId
0x445ccc GetCurrentThreadId
0x445cd0 GetEnvironmentStringsW
0x445cd4 GetFileType
0x445cd8 GetLastError
0x445cdc GetModuleFileNameW
0x445ce0 GetModuleHandleExW
0x445ce4 GetModuleHandleW
0x445ce8 GetOEMCP
0x445cec GetProcAddress
0x445cf0 GetProcessHeap
0x445cf4 GetStartupInfoW
0x445cf8 GetStdHandle
0x445cfc GetStringTypeW
0x445d00 GetSystemInfo
0x445d04 GetSystemTimeAsFileTime
0x445d08 GetTickCount
0x445d0c HeapAlloc
0x445d10 HeapCreate
0x445d14 HeapFree
0x445d18 HeapQueryInformation
0x445d1c HeapReAlloc
0x445d20 HeapSize
0x445d24 HeapValidate
0x445d28 InitializeCriticalSectionAndSpinCount
0x445d2c InitializeSListHead
0x445d30 IsDebuggerPresent
0x445d34 IsProcessorFeaturePresent
0x445d38 IsValidCodePage
0x445d3c LCMapStringW
0x445d40 LeaveCriticalSection
0x445d44 LoadLibraryA
0x445d48 LoadLibraryExW
0x445d4c MultiByteToWideChar
0x445d50 OutputDebugStringW
0x445d54 QueryPerformanceCounter
0x445d58 RaiseException
0x445d5c RtlUnwind
0x445d60 SetFilePointerEx
0x445d64 SetLastError
0x445d68 SetStdHandle
0x445d6c SetUnhandledExceptionFilter
0x445d70 Sleep
0x445d74 TerminateProcess
0x445d78 TlsAlloc
0x445d7c TlsFree
0x445d80 TlsGetValue
0x445d84 TlsSetValue
0x445d88 UnhandledExceptionFilter
0x445d8c VirtualAlloc
0x445d90 WideCharToMultiByte
0x445d94 WriteConsoleW
0x445d98 WriteFile
USER32.dll
0x445da0 GetActiveWindow
GDI32.dll
0x445da8 GetPixel
EAT(Export Address Table) is none