ScreenShot
| Created | 2023.03.12 10:15 | Machine | s1_win7_x6401 |
| Filename | umciavi64.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 19 detected (Artemis, malicious, confidence, high confidence, VMProtect, BC suspicious, Sabsik, Redline, DJZUPM, ZexaF, @Z2@amsJkzkO, BScope, Injuke) | ||
| md5 | f2e85a7b8620fac7c035704e4168f942 | ||
| sha256 | 5adf8415987f3956bae44ca3e7a23a690f5cdb11584af7d6ec7e551c0c2bf84c | ||
| ssdeep | 196608:ylqz/YSqZuCUoWhk8zSWSlTc/xNfY/U/W2aNy/PuXV0NpZ0Ii5dJSCwMGbkJF/2:HjqvUox8mWSlA/xC/BAuX+ND0arb2B | ||
| imphash | 7f0af1292970a516afa467fdec16d6c4 | ||
| impfuzzy | 96:Of61DRup4jxQ9gXiX1SpJGC9GzqtjIW5W6GJrRLbLXHiE1AXJ4Zcp+AjIt0+lRYs:nHcgSFfC9DtjIW5W6GJrZSRZ45r | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xb16000 CreateEventA
0xb16004 CreateSemaphoreA
0xb16008 DeleteCriticalSection
0xb1600c EnterCriticalSection
0xb16010 GetCurrentProcessId
0xb16014 GetCurrentThreadId
0xb16018 GetHandleInformation
0xb1601c GetProcessAffinityMask
0xb16020 GetThreadContext
0xb16024 GetThreadPriority
0xb16028 GetTickCount
0xb1602c InitializeCriticalSection
0xb16030 IsDebuggerPresent
0xb16034 LeaveCriticalSection
0xb16038 OpenProcess
0xb1603c OutputDebugStringA
0xb16040 QueryPerformanceCounter
0xb16044 QueryPerformanceFrequency
0xb16048 RaiseException
0xb1604c ReleaseSemaphore
0xb16050 RemoveVectoredExceptionHandler
0xb16054 ResetEvent
0xb16058 ResumeThread
0xb1605c SetEvent
0xb16060 SetProcessAffinityMask
0xb16064 SetThreadContext
0xb16068 SetThreadPriority
0xb1606c SuspendThread
0xb16070 TryEnterCriticalSection
0xb16074 VirtualQuery
0xb16078 WaitForMultipleObjects
msvcrt.dll
0xb16080 __getmainargs
0xb16084 __initenv
0xb16088 __lconv_init
0xb1608c __p__acmdln
0xb16090 __p__commode
0xb16094 __p__fmode
0xb16098 __set_app_type
0xb1609c __setusermatherr
0xb160a0 _amsg_exit
0xb160a4 _beginthreadex
0xb160a8 _cexit
0xb160ac _commode
0xb160b0 _endthreadex
0xb160b4 _errno
0xb160b8 _fmode
0xb160bc _fpreset
0xb160c0 _initterm
0xb160c4 _iob
0xb160c8 _onexit
0xb160cc _setjmp3
0xb160d0 _strdup
0xb160d4 _ultoa
0xb160d8 _vsnprintf
0xb160dc _vsnwprintf
0xb160e0 abort
0xb160e4 calloc
0xb160e8 exit
0xb160ec fgetwc
0xb160f0 fprintf
0xb160f4 free
0xb160f8 fwrite
0xb160fc getc
0xb16100 longjmp
0xb16104 malloc
0xb16108 memcmp
0xb1610c memcpy
0xb16110 memmove
0xb16114 memset
0xb16118 printf
0xb1611c realloc
0xb16120 signal
0xb16124 strlen
0xb16128 strncmp
0xb1612c vfprintf
KERNEL32.dll
0xb16134 AcquireSRWLockExclusive
0xb16138 AcquireSRWLockShared
0xb1613c AddVectoredExceptionHandler
0xb16140 CloseHandle
0xb16144 CreateFileMappingA
0xb16148 CreateFileW
0xb1614c CreateMutexA
0xb16150 CreateToolhelp32Snapshot
0xb16154 DuplicateHandle
0xb16158 FormatMessageW
0xb1615c FreeLibrary
0xb16160 GetConsoleMode
0xb16164 GetCurrentDirectoryW
0xb16168 GetCurrentProcess
0xb1616c GetCurrentThread
0xb16170 GetEnvironmentVariableW
0xb16174 GetFileInformationByHandle
0xb16178 GetFileInformationByHandleEx
0xb1617c GetFullPathNameW
0xb16180 GetLastError
0xb16184 GetModuleFileNameW
0xb16188 GetModuleHandleA
0xb1618c GetModuleHandleW
0xb16190 GetProcAddress
0xb16194 GetProcessHeap
0xb16198 GetStartupInfoA
0xb1619c GetStdHandle
0xb161a0 GetSystemTimeAsFileTime
0xb161a4 HeapAlloc
0xb161a8 HeapFree
0xb161ac HeapReAlloc
0xb161b0 InitOnceBeginInitialize
0xb161b4 InitOnceComplete
0xb161b8 LoadLibraryA
0xb161bc LocalAlloc
0xb161c0 MapViewOfFile
0xb161c4 Module32FirstW
0xb161c8 Module32NextW
0xb161cc ReleaseMutex
0xb161d0 ReleaseSRWLockExclusive
0xb161d4 ReleaseSRWLockShared
0xb161d8 RtlCaptureContext
0xb161dc SetLastError
0xb161e0 SetThreadStackGuarantee
0xb161e4 SetUnhandledExceptionFilter
0xb161e8 Sleep
0xb161ec TlsAlloc
0xb161f0 TlsFree
0xb161f4 TlsGetValue
0xb161f8 TlsSetValue
0xb161fc TryAcquireSRWLockExclusive
0xb16200 UnmapViewOfFile
0xb16204 VirtualProtect
0xb16208 WaitForSingleObject
0xb1620c WaitForSingleObjectEx
0xb16210 WriteConsoleW
user32.dll
0xb16218 GetDesktopWindow
0xb1621c GetWindowRect
KERNEL32.dll
0xb16224 GetSystemTimeAsFileTime
0xb16228 CreateEventA
0xb1622c GetModuleHandleA
0xb16230 TerminateProcess
0xb16234 GetCurrentProcess
0xb16238 CreateToolhelp32Snapshot
0xb1623c Thread32First
0xb16240 GetCurrentProcessId
0xb16244 GetCurrentThreadId
0xb16248 OpenThread
0xb1624c Thread32Next
0xb16250 CloseHandle
0xb16254 SuspendThread
0xb16258 ResumeThread
0xb1625c WriteProcessMemory
0xb16260 GetSystemInfo
0xb16264 VirtualAlloc
0xb16268 VirtualProtect
0xb1626c VirtualFree
0xb16270 GetProcessAffinityMask
0xb16274 SetProcessAffinityMask
0xb16278 GetCurrentThread
0xb1627c SetThreadAffinityMask
0xb16280 Sleep
0xb16284 LoadLibraryA
0xb16288 FreeLibrary
0xb1628c GetTickCount
0xb16290 SystemTimeToFileTime
0xb16294 FileTimeToSystemTime
0xb16298 GlobalFree
0xb1629c HeapAlloc
0xb162a0 HeapFree
0xb162a4 GetProcAddress
0xb162a8 ExitProcess
0xb162ac EnterCriticalSection
0xb162b0 LeaveCriticalSection
0xb162b4 InitializeCriticalSection
0xb162b8 DeleteCriticalSection
0xb162bc MultiByteToWideChar
0xb162c0 GetModuleHandleW
0xb162c4 LoadResource
0xb162c8 FindResourceExW
0xb162cc FindResourceExA
0xb162d0 WideCharToMultiByte
0xb162d4 GetThreadLocale
0xb162d8 GetUserDefaultLCID
0xb162dc GetSystemDefaultLCID
0xb162e0 EnumResourceNamesA
0xb162e4 EnumResourceNamesW
0xb162e8 EnumResourceLanguagesA
0xb162ec EnumResourceLanguagesW
0xb162f0 EnumResourceTypesA
0xb162f4 EnumResourceTypesW
0xb162f8 CreateFileW
0xb162fc LoadLibraryW
0xb16300 GetLastError
0xb16304 FlushFileBuffers
0xb16308 VirtualQuery
0xb1630c GetCommandLineA
0xb16310 GetCPInfo
0xb16314 InterlockedIncrement
0xb16318 InterlockedDecrement
0xb1631c GetACP
0xb16320 GetOEMCP
0xb16324 IsValidCodePage
0xb16328 TlsGetValue
0xb1632c TlsAlloc
0xb16330 TlsSetValue
0xb16334 TlsFree
0xb16338 SetLastError
0xb1633c UnhandledExceptionFilter
0xb16340 SetUnhandledExceptionFilter
0xb16344 IsDebuggerPresent
0xb16348 RaiseException
0xb1634c LCMapStringA
0xb16350 LCMapStringW
0xb16354 SetHandleCount
0xb16358 GetStdHandle
0xb1635c GetFileType
0xb16360 GetStartupInfoA
0xb16364 GetModuleFileNameA
0xb16368 FreeEnvironmentStringsA
0xb1636c GetEnvironmentStrings
0xb16370 FreeEnvironmentStringsW
0xb16374 GetEnvironmentStringsW
0xb16378 HeapCreate
0xb1637c HeapDestroy
0xb16380 QueryPerformanceCounter
0xb16384 HeapReAlloc
0xb16388 GetStringTypeA
0xb1638c GetStringTypeW
0xb16390 GetLocaleInfoA
0xb16394 HeapSize
0xb16398 WriteFile
0xb1639c RtlUnwind
0xb163a0 SetFilePointer
0xb163a4 GetConsoleCP
0xb163a8 GetConsoleMode
0xb163ac InitializeCriticalSectionAndSpinCount
0xb163b0 SetStdHandle
0xb163b4 WriteConsoleA
0xb163b8 GetConsoleOutputCP
0xb163bc WriteConsoleW
0xb163c0 CreateFileA
user32.dll
0xb163c8 CharUpperBuffW
EAT(Export Address Table) is none
KERNEL32.dll
0xb16000 CreateEventA
0xb16004 CreateSemaphoreA
0xb16008 DeleteCriticalSection
0xb1600c EnterCriticalSection
0xb16010 GetCurrentProcessId
0xb16014 GetCurrentThreadId
0xb16018 GetHandleInformation
0xb1601c GetProcessAffinityMask
0xb16020 GetThreadContext
0xb16024 GetThreadPriority
0xb16028 GetTickCount
0xb1602c InitializeCriticalSection
0xb16030 IsDebuggerPresent
0xb16034 LeaveCriticalSection
0xb16038 OpenProcess
0xb1603c OutputDebugStringA
0xb16040 QueryPerformanceCounter
0xb16044 QueryPerformanceFrequency
0xb16048 RaiseException
0xb1604c ReleaseSemaphore
0xb16050 RemoveVectoredExceptionHandler
0xb16054 ResetEvent
0xb16058 ResumeThread
0xb1605c SetEvent
0xb16060 SetProcessAffinityMask
0xb16064 SetThreadContext
0xb16068 SetThreadPriority
0xb1606c SuspendThread
0xb16070 TryEnterCriticalSection
0xb16074 VirtualQuery
0xb16078 WaitForMultipleObjects
msvcrt.dll
0xb16080 __getmainargs
0xb16084 __initenv
0xb16088 __lconv_init
0xb1608c __p__acmdln
0xb16090 __p__commode
0xb16094 __p__fmode
0xb16098 __set_app_type
0xb1609c __setusermatherr
0xb160a0 _amsg_exit
0xb160a4 _beginthreadex
0xb160a8 _cexit
0xb160ac _commode
0xb160b0 _endthreadex
0xb160b4 _errno
0xb160b8 _fmode
0xb160bc _fpreset
0xb160c0 _initterm
0xb160c4 _iob
0xb160c8 _onexit
0xb160cc _setjmp3
0xb160d0 _strdup
0xb160d4 _ultoa
0xb160d8 _vsnprintf
0xb160dc _vsnwprintf
0xb160e0 abort
0xb160e4 calloc
0xb160e8 exit
0xb160ec fgetwc
0xb160f0 fprintf
0xb160f4 free
0xb160f8 fwrite
0xb160fc getc
0xb16100 longjmp
0xb16104 malloc
0xb16108 memcmp
0xb1610c memcpy
0xb16110 memmove
0xb16114 memset
0xb16118 printf
0xb1611c realloc
0xb16120 signal
0xb16124 strlen
0xb16128 strncmp
0xb1612c vfprintf
KERNEL32.dll
0xb16134 AcquireSRWLockExclusive
0xb16138 AcquireSRWLockShared
0xb1613c AddVectoredExceptionHandler
0xb16140 CloseHandle
0xb16144 CreateFileMappingA
0xb16148 CreateFileW
0xb1614c CreateMutexA
0xb16150 CreateToolhelp32Snapshot
0xb16154 DuplicateHandle
0xb16158 FormatMessageW
0xb1615c FreeLibrary
0xb16160 GetConsoleMode
0xb16164 GetCurrentDirectoryW
0xb16168 GetCurrentProcess
0xb1616c GetCurrentThread
0xb16170 GetEnvironmentVariableW
0xb16174 GetFileInformationByHandle
0xb16178 GetFileInformationByHandleEx
0xb1617c GetFullPathNameW
0xb16180 GetLastError
0xb16184 GetModuleFileNameW
0xb16188 GetModuleHandleA
0xb1618c GetModuleHandleW
0xb16190 GetProcAddress
0xb16194 GetProcessHeap
0xb16198 GetStartupInfoA
0xb1619c GetStdHandle
0xb161a0 GetSystemTimeAsFileTime
0xb161a4 HeapAlloc
0xb161a8 HeapFree
0xb161ac HeapReAlloc
0xb161b0 InitOnceBeginInitialize
0xb161b4 InitOnceComplete
0xb161b8 LoadLibraryA
0xb161bc LocalAlloc
0xb161c0 MapViewOfFile
0xb161c4 Module32FirstW
0xb161c8 Module32NextW
0xb161cc ReleaseMutex
0xb161d0 ReleaseSRWLockExclusive
0xb161d4 ReleaseSRWLockShared
0xb161d8 RtlCaptureContext
0xb161dc SetLastError
0xb161e0 SetThreadStackGuarantee
0xb161e4 SetUnhandledExceptionFilter
0xb161e8 Sleep
0xb161ec TlsAlloc
0xb161f0 TlsFree
0xb161f4 TlsGetValue
0xb161f8 TlsSetValue
0xb161fc TryAcquireSRWLockExclusive
0xb16200 UnmapViewOfFile
0xb16204 VirtualProtect
0xb16208 WaitForSingleObject
0xb1620c WaitForSingleObjectEx
0xb16210 WriteConsoleW
user32.dll
0xb16218 GetDesktopWindow
0xb1621c GetWindowRect
KERNEL32.dll
0xb16224 GetSystemTimeAsFileTime
0xb16228 CreateEventA
0xb1622c GetModuleHandleA
0xb16230 TerminateProcess
0xb16234 GetCurrentProcess
0xb16238 CreateToolhelp32Snapshot
0xb1623c Thread32First
0xb16240 GetCurrentProcessId
0xb16244 GetCurrentThreadId
0xb16248 OpenThread
0xb1624c Thread32Next
0xb16250 CloseHandle
0xb16254 SuspendThread
0xb16258 ResumeThread
0xb1625c WriteProcessMemory
0xb16260 GetSystemInfo
0xb16264 VirtualAlloc
0xb16268 VirtualProtect
0xb1626c VirtualFree
0xb16270 GetProcessAffinityMask
0xb16274 SetProcessAffinityMask
0xb16278 GetCurrentThread
0xb1627c SetThreadAffinityMask
0xb16280 Sleep
0xb16284 LoadLibraryA
0xb16288 FreeLibrary
0xb1628c GetTickCount
0xb16290 SystemTimeToFileTime
0xb16294 FileTimeToSystemTime
0xb16298 GlobalFree
0xb1629c HeapAlloc
0xb162a0 HeapFree
0xb162a4 GetProcAddress
0xb162a8 ExitProcess
0xb162ac EnterCriticalSection
0xb162b0 LeaveCriticalSection
0xb162b4 InitializeCriticalSection
0xb162b8 DeleteCriticalSection
0xb162bc MultiByteToWideChar
0xb162c0 GetModuleHandleW
0xb162c4 LoadResource
0xb162c8 FindResourceExW
0xb162cc FindResourceExA
0xb162d0 WideCharToMultiByte
0xb162d4 GetThreadLocale
0xb162d8 GetUserDefaultLCID
0xb162dc GetSystemDefaultLCID
0xb162e0 EnumResourceNamesA
0xb162e4 EnumResourceNamesW
0xb162e8 EnumResourceLanguagesA
0xb162ec EnumResourceLanguagesW
0xb162f0 EnumResourceTypesA
0xb162f4 EnumResourceTypesW
0xb162f8 CreateFileW
0xb162fc LoadLibraryW
0xb16300 GetLastError
0xb16304 FlushFileBuffers
0xb16308 VirtualQuery
0xb1630c GetCommandLineA
0xb16310 GetCPInfo
0xb16314 InterlockedIncrement
0xb16318 InterlockedDecrement
0xb1631c GetACP
0xb16320 GetOEMCP
0xb16324 IsValidCodePage
0xb16328 TlsGetValue
0xb1632c TlsAlloc
0xb16330 TlsSetValue
0xb16334 TlsFree
0xb16338 SetLastError
0xb1633c UnhandledExceptionFilter
0xb16340 SetUnhandledExceptionFilter
0xb16344 IsDebuggerPresent
0xb16348 RaiseException
0xb1634c LCMapStringA
0xb16350 LCMapStringW
0xb16354 SetHandleCount
0xb16358 GetStdHandle
0xb1635c GetFileType
0xb16360 GetStartupInfoA
0xb16364 GetModuleFileNameA
0xb16368 FreeEnvironmentStringsA
0xb1636c GetEnvironmentStrings
0xb16370 FreeEnvironmentStringsW
0xb16374 GetEnvironmentStringsW
0xb16378 HeapCreate
0xb1637c HeapDestroy
0xb16380 QueryPerformanceCounter
0xb16384 HeapReAlloc
0xb16388 GetStringTypeA
0xb1638c GetStringTypeW
0xb16390 GetLocaleInfoA
0xb16394 HeapSize
0xb16398 WriteFile
0xb1639c RtlUnwind
0xb163a0 SetFilePointer
0xb163a4 GetConsoleCP
0xb163a8 GetConsoleMode
0xb163ac InitializeCriticalSectionAndSpinCount
0xb163b0 SetStdHandle
0xb163b4 WriteConsoleA
0xb163b8 GetConsoleOutputCP
0xb163bc WriteConsoleW
0xb163c0 CreateFileA
user32.dll
0xb163c8 CharUpperBuffW
EAT(Export Address Table) is none