ScreenShot
| Created | 2024.02.04 16:56 | Machine | s1_win7_x6401 |
| Filename | univ.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (AIDetectMalware, malicious, high confidence, score, Stop, Lockbit, unsafe, Save, Hacktool, Attribute, HighConfidence, Artemis, CrypterX, Generic@AI, RDML, 0HkOcwrKHYT77KviueBRWQ, high, Krypt, Detected, Phonzy, Glupteba, R633410, ZexaF, xC0@aO9wDubi, BScope, Tofsee, Obfuscated, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | e63c6dcaebb548eb22c15e57686a011a | ||
| sha256 | a9c83e72f004dcd4ba9e8b1a0b14dc9aa1379fdbf3d9adff3cb956881ab4c413 | ||
| ssdeep | 6144:s0JonqSBYU26Bl9RNpucewgRXJ4y1uRBd4L2tfSd44WrJq1kDc:s7pBYU26BlDDgRXSXtl4WrkeY | ||
| imphash | bf14849f4ab78a7abfe404cb860b648b | ||
| impfuzzy | 48:L1X+jQ4FU1/VIqtzZcqK98DS5KdxBZEBLf:RcUVVJtzZcqQ8DS5GxrEV | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44000c MoveFileExA
0x440010 FindResourceW
0x440014 HeapAlloc
0x440018 InterlockedIncrement
0x44001c OpenJobObjectA
0x440020 SetDefaultCommConfigW
0x440024 CreateDirectoryW
0x440028 GetTickCount
0x44002c GetProcessHeap
0x440030 GetConsoleAliasesLengthA
0x440034 TzSpecificLocalTimeToSystemTime
0x440038 GetSystemTimes
0x44003c WideCharToMultiByte
0x440040 GetVolumeInformationA
0x440044 LoadLibraryW
0x440048 CompareStringW
0x44004c GetStartupInfoW
0x440050 WritePrivateProfileStringW
0x440054 GetLocaleInfoA
0x440058 GetConsoleAliasesW
0x44005c GlobalUnfix
0x440060 SetCurrentDirectoryA
0x440064 GetLastError
0x440068 GetProcAddress
0x44006c CreateNamedPipeA
0x440070 ResetEvent
0x440074 OpenWaitableTimerA
0x440078 GetAtomNameA
0x44007c LoadLibraryA
0x440080 LocalAlloc
0x440084 SetProcessWorkingSetSize
0x440088 FreeEnvironmentStringsW
0x44008c GetCurrentDirectoryA
0x440090 EndUpdateResourceA
0x440094 FileTimeToLocalFileTime
0x440098 IsValidLocale
0x44009c EnumSystemLocalesA
0x4400a0 GetModuleHandleExA
0x4400a4 FlushFileBuffers
0x4400a8 EnumDateFormatsExW
0x4400ac HeapFree
0x4400b0 EncodePointer
0x4400b4 DecodePointer
0x4400b8 GetCommandLineW
0x4400bc HeapSetInformation
0x4400c0 TerminateProcess
0x4400c4 GetCurrentProcess
0x4400c8 UnhandledExceptionFilter
0x4400cc SetUnhandledExceptionFilter
0x4400d0 IsDebuggerPresent
0x4400d4 HeapCreate
0x4400d8 HeapDestroy
0x4400dc Sleep
0x4400e0 HeapSize
0x4400e4 GetModuleHandleW
0x4400e8 ExitProcess
0x4400ec EnterCriticalSection
0x4400f0 LeaveCriticalSection
0x4400f4 CloseHandle
0x4400f8 WriteFile
0x4400fc GetStdHandle
0x440100 GetModuleFileNameW
0x440104 GetEnvironmentStringsW
0x440108 SetHandleCount
0x44010c InitializeCriticalSectionAndSpinCount
0x440110 GetFileType
0x440114 DeleteCriticalSection
0x440118 TlsAlloc
0x44011c TlsGetValue
0x440120 TlsSetValue
0x440124 TlsFree
0x440128 SetLastError
0x44012c GetCurrentThreadId
0x440130 InterlockedDecrement
0x440134 GetCurrentThread
0x440138 QueryPerformanceCounter
0x44013c GetCurrentProcessId
0x440140 GetSystemTimeAsFileTime
0x440144 HeapReAlloc
0x440148 FatalAppExitA
0x44014c SetConsoleCtrlHandler
0x440150 FreeLibrary
0x440154 InterlockedExchange
0x440158 GetLocaleInfoW
0x44015c RtlUnwind
0x440160 GetCPInfo
0x440164 GetACP
0x440168 GetOEMCP
0x44016c IsValidCodePage
0x440170 SetStdHandle
0x440174 GetConsoleCP
0x440178 GetConsoleMode
0x44017c LCMapStringW
0x440180 MultiByteToWideChar
0x440184 GetStringTypeW
0x440188 SetFilePointer
0x44018c IsProcessorFeaturePresent
0x440190 WriteConsoleW
0x440194 CreateFileW
0x440198 GetUserDefaultLCID
0x44019c RaiseException
USER32.dll
0x4401a4 DestroyIcon
ADVAPI32.dll
0x440000 ReadEventLogA
0x440004 GetServiceKeyNameA
EAT(Export Address Table) is none
KERNEL32.dll
0x44000c MoveFileExA
0x440010 FindResourceW
0x440014 HeapAlloc
0x440018 InterlockedIncrement
0x44001c OpenJobObjectA
0x440020 SetDefaultCommConfigW
0x440024 CreateDirectoryW
0x440028 GetTickCount
0x44002c GetProcessHeap
0x440030 GetConsoleAliasesLengthA
0x440034 TzSpecificLocalTimeToSystemTime
0x440038 GetSystemTimes
0x44003c WideCharToMultiByte
0x440040 GetVolumeInformationA
0x440044 LoadLibraryW
0x440048 CompareStringW
0x44004c GetStartupInfoW
0x440050 WritePrivateProfileStringW
0x440054 GetLocaleInfoA
0x440058 GetConsoleAliasesW
0x44005c GlobalUnfix
0x440060 SetCurrentDirectoryA
0x440064 GetLastError
0x440068 GetProcAddress
0x44006c CreateNamedPipeA
0x440070 ResetEvent
0x440074 OpenWaitableTimerA
0x440078 GetAtomNameA
0x44007c LoadLibraryA
0x440080 LocalAlloc
0x440084 SetProcessWorkingSetSize
0x440088 FreeEnvironmentStringsW
0x44008c GetCurrentDirectoryA
0x440090 EndUpdateResourceA
0x440094 FileTimeToLocalFileTime
0x440098 IsValidLocale
0x44009c EnumSystemLocalesA
0x4400a0 GetModuleHandleExA
0x4400a4 FlushFileBuffers
0x4400a8 EnumDateFormatsExW
0x4400ac HeapFree
0x4400b0 EncodePointer
0x4400b4 DecodePointer
0x4400b8 GetCommandLineW
0x4400bc HeapSetInformation
0x4400c0 TerminateProcess
0x4400c4 GetCurrentProcess
0x4400c8 UnhandledExceptionFilter
0x4400cc SetUnhandledExceptionFilter
0x4400d0 IsDebuggerPresent
0x4400d4 HeapCreate
0x4400d8 HeapDestroy
0x4400dc Sleep
0x4400e0 HeapSize
0x4400e4 GetModuleHandleW
0x4400e8 ExitProcess
0x4400ec EnterCriticalSection
0x4400f0 LeaveCriticalSection
0x4400f4 CloseHandle
0x4400f8 WriteFile
0x4400fc GetStdHandle
0x440100 GetModuleFileNameW
0x440104 GetEnvironmentStringsW
0x440108 SetHandleCount
0x44010c InitializeCriticalSectionAndSpinCount
0x440110 GetFileType
0x440114 DeleteCriticalSection
0x440118 TlsAlloc
0x44011c TlsGetValue
0x440120 TlsSetValue
0x440124 TlsFree
0x440128 SetLastError
0x44012c GetCurrentThreadId
0x440130 InterlockedDecrement
0x440134 GetCurrentThread
0x440138 QueryPerformanceCounter
0x44013c GetCurrentProcessId
0x440140 GetSystemTimeAsFileTime
0x440144 HeapReAlloc
0x440148 FatalAppExitA
0x44014c SetConsoleCtrlHandler
0x440150 FreeLibrary
0x440154 InterlockedExchange
0x440158 GetLocaleInfoW
0x44015c RtlUnwind
0x440160 GetCPInfo
0x440164 GetACP
0x440168 GetOEMCP
0x44016c IsValidCodePage
0x440170 SetStdHandle
0x440174 GetConsoleCP
0x440178 GetConsoleMode
0x44017c LCMapStringW
0x440180 MultiByteToWideChar
0x440184 GetStringTypeW
0x440188 SetFilePointer
0x44018c IsProcessorFeaturePresent
0x440190 WriteConsoleW
0x440194 CreateFileW
0x440198 GetUserDefaultLCID
0x44019c RaiseException
USER32.dll
0x4401a4 DestroyIcon
ADVAPI32.dll
0x440000 ReadEventLogA
0x440004 GetServiceKeyNameA
EAT(Export Address Table) is none