ScreenShot
| Created | 2024.05.15 09:15 | Machine | s1_win7_x6403 |
| Filename | univ.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 33 detected (AIDetectMalware, malicious, high confidence, score, Lockbit, unsafe, Save, Ransomware, Attribute, HighConfidence, TrojanX, GCleaner, SmokeLoader, CLASSIC, XPACK, Gen4, high, Krypt, Danabot, Detected, STOP, Kryptik, Eldorado, ZexaF, rq0@aq7rZOjG, Azorult, Obfuscated, Static AI, Malicious PE, susgen, GenCBL) | ||
| md5 | 9b9b6eed588a5f1c17864c641aaf22d3 | ||
| sha256 | d19ddc1ec032c500925756a79726b27a77b677b5bc17e38eb4ab03a9b66e479c | ||
| ssdeep | 6144:po72NBEPwO/0N4NdmoHoQqtWpuhjEqhMD5J:myfEPwO8N4NdnIQqSuhjCDv | ||
| imphash | 8b14535b7546f94f1ac354dac2df7e48 | ||
| impfuzzy | 24:UZKWYjUTgBkdsdT3DK3Y+Z7eJp40xpZolYrOovIG9cV/Mmjv9JtRl0ISBZE9BB:smLdIZUaYaTG9cd9JtRGIS8jB | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x412008 IsBadStringPtrW
0x41200c SystemTimeToTzSpecificLocalTime
0x412010 LoadLibraryExW
0x412014 EnumCalendarInfoW
0x412018 CreateHardLinkA
0x41201c LockFile
0x412020 GetTickCount
0x412024 GetSystemDirectoryW
0x412028 GetVolumeInformationA
0x41202c GlobalFindAtomA
0x412030 ReadConsoleInputA
0x412034 GetConsoleAliasW
0x412038 WriteConsoleW
0x41203c SetComputerNameExW
0x412040 GetTempPathW
0x412044 InterlockedExchange
0x412048 GetLastError
0x41204c SetFilePointer
0x412050 GetProcAddress
0x412054 BackupWrite
0x412058 RemoveDirectoryA
0x41205c LoadModule
0x412060 LoadLibraryA
0x412064 OpenMutexA
0x412068 WriteConsoleA
0x41206c LocalAlloc
0x412070 GetNumberFormatW
0x412074 CreateEventW
0x412078 GlobalGetAtomNameW
0x41207c BuildCommDCBA
0x412080 VirtualProtect
0x412084 PurgeComm
0x412088 GetWindowsDirectoryW
0x41208c CloseHandle
0x412090 CreateFileW
0x412094 SetLastError
0x412098 GetComputerNameA
0x41209c GetStringTypeW
0x4120a0 OutputDebugStringW
0x4120a4 FlushFileBuffers
0x4120a8 GetConsoleCP
0x4120ac IsProcessorFeaturePresent
0x4120b0 EncodePointer
0x4120b4 DecodePointer
0x4120b8 ExitProcess
0x4120bc GetModuleHandleExW
0x4120c0 AreFileApisANSI
0x4120c4 MultiByteToWideChar
0x4120c8 WideCharToMultiByte
0x4120cc GetCommandLineA
0x4120d0 RaiseException
0x4120d4 RtlUnwind
0x4120d8 IsDebuggerPresent
0x4120dc HeapAlloc
0x4120e0 HeapSize
0x4120e4 EnterCriticalSection
0x4120e8 LeaveCriticalSection
0x4120ec ReadFile
0x4120f0 GetConsoleMode
0x4120f4 ReadConsoleW
0x4120f8 HeapFree
0x4120fc GetStdHandle
0x412100 GetFileType
0x412104 DeleteCriticalSection
0x412108 GetStartupInfoW
0x41210c SetFilePointerEx
0x412110 UnhandledExceptionFilter
0x412114 SetUnhandledExceptionFilter
0x412118 InitializeCriticalSectionAndSpinCount
0x41211c Sleep
0x412120 GetCurrentProcess
0x412124 TerminateProcess
0x412128 TlsAlloc
0x41212c TlsGetValue
0x412130 TlsSetValue
0x412134 TlsFree
0x412138 GetModuleHandleW
0x41213c WriteFile
0x412140 GetModuleFileNameW
0x412144 IsValidCodePage
0x412148 GetACP
0x41214c GetOEMCP
0x412150 GetCPInfo
0x412154 GetCurrentThreadId
0x412158 GetProcessHeap
0x41215c GetModuleFileNameA
0x412160 QueryPerformanceCounter
0x412164 GetCurrentProcessId
0x412168 GetSystemTimeAsFileTime
0x41216c GetEnvironmentStringsW
0x412170 FreeEnvironmentStringsW
0x412174 HeapReAlloc
0x412178 SetStdHandle
0x41217c LCMapStringW
0x412180 SetEndOfFile
USER32.dll
0x412190 SetCaretPos
GDI32.dll
0x412000 GetCharWidthI
ole32.dll
0x412198 CoMarshalHresult
MSIMG32.dll
0x412188 AlphaBlend
EAT(Export Address Table) is none
KERNEL32.dll
0x412008 IsBadStringPtrW
0x41200c SystemTimeToTzSpecificLocalTime
0x412010 LoadLibraryExW
0x412014 EnumCalendarInfoW
0x412018 CreateHardLinkA
0x41201c LockFile
0x412020 GetTickCount
0x412024 GetSystemDirectoryW
0x412028 GetVolumeInformationA
0x41202c GlobalFindAtomA
0x412030 ReadConsoleInputA
0x412034 GetConsoleAliasW
0x412038 WriteConsoleW
0x41203c SetComputerNameExW
0x412040 GetTempPathW
0x412044 InterlockedExchange
0x412048 GetLastError
0x41204c SetFilePointer
0x412050 GetProcAddress
0x412054 BackupWrite
0x412058 RemoveDirectoryA
0x41205c LoadModule
0x412060 LoadLibraryA
0x412064 OpenMutexA
0x412068 WriteConsoleA
0x41206c LocalAlloc
0x412070 GetNumberFormatW
0x412074 CreateEventW
0x412078 GlobalGetAtomNameW
0x41207c BuildCommDCBA
0x412080 VirtualProtect
0x412084 PurgeComm
0x412088 GetWindowsDirectoryW
0x41208c CloseHandle
0x412090 CreateFileW
0x412094 SetLastError
0x412098 GetComputerNameA
0x41209c GetStringTypeW
0x4120a0 OutputDebugStringW
0x4120a4 FlushFileBuffers
0x4120a8 GetConsoleCP
0x4120ac IsProcessorFeaturePresent
0x4120b0 EncodePointer
0x4120b4 DecodePointer
0x4120b8 ExitProcess
0x4120bc GetModuleHandleExW
0x4120c0 AreFileApisANSI
0x4120c4 MultiByteToWideChar
0x4120c8 WideCharToMultiByte
0x4120cc GetCommandLineA
0x4120d0 RaiseException
0x4120d4 RtlUnwind
0x4120d8 IsDebuggerPresent
0x4120dc HeapAlloc
0x4120e0 HeapSize
0x4120e4 EnterCriticalSection
0x4120e8 LeaveCriticalSection
0x4120ec ReadFile
0x4120f0 GetConsoleMode
0x4120f4 ReadConsoleW
0x4120f8 HeapFree
0x4120fc GetStdHandle
0x412100 GetFileType
0x412104 DeleteCriticalSection
0x412108 GetStartupInfoW
0x41210c SetFilePointerEx
0x412110 UnhandledExceptionFilter
0x412114 SetUnhandledExceptionFilter
0x412118 InitializeCriticalSectionAndSpinCount
0x41211c Sleep
0x412120 GetCurrentProcess
0x412124 TerminateProcess
0x412128 TlsAlloc
0x41212c TlsGetValue
0x412130 TlsSetValue
0x412134 TlsFree
0x412138 GetModuleHandleW
0x41213c WriteFile
0x412140 GetModuleFileNameW
0x412144 IsValidCodePage
0x412148 GetACP
0x41214c GetOEMCP
0x412150 GetCPInfo
0x412154 GetCurrentThreadId
0x412158 GetProcessHeap
0x41215c GetModuleFileNameA
0x412160 QueryPerformanceCounter
0x412164 GetCurrentProcessId
0x412168 GetSystemTimeAsFileTime
0x41216c GetEnvironmentStringsW
0x412170 FreeEnvironmentStringsW
0x412174 HeapReAlloc
0x412178 SetStdHandle
0x41217c LCMapStringW
0x412180 SetEndOfFile
USER32.dll
0x412190 SetCaretPos
GDI32.dll
0x412000 GetCharWidthI
ole32.dll
0x412198 CoMarshalHresult
MSIMG32.dll
0x412188 AlphaBlend
EAT(Export Address Table) is none