ScreenShot
| Created | 2024.05.16 07:29 | Machine | s1_win7_x6403 |
| Filename | univ.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (AIDetectMalware, malicious, high confidence, score, Lockbit, unsafe, Save, Stealc, Attribute, HighConfidence, TrojanX, Ransomware, Stop, Convagent, Generic@AI, RDML, KaR4, la8cOUvo3V2mNOqOA, high, Krypt, Raccoon, Detected, ZexaF, su0@aeR8JEfG, BScope, Static AI, Malicious PE, Kryptik, HCOV) | ||
| md5 | d221456c3724a8ae84d820c0d0afcbd0 | ||
| sha256 | 645ccca17804f453d92dca6394beadcd8c774f413cacf918c75a1a6517acc7c4 | ||
| ssdeep | 3072:Ei0lmjZc7WnYxroz6/waAAoJIXFoJncSIlQBAWJ2Y3xUvxcW9GNI+B75icT1jtd:j9ju75fVSIaafWzCvSW8G+1L | ||
| imphash | acfdc9990b7411f91ccdf3895980c9d8 | ||
| impfuzzy | 24:rKkbG2SF+fUPqKr1JvGzJcDaXgdpgmEpILOovttgcfdYYJKXlOFBRyv0T4ljMIdf:S1oozLOBgApI6ktgcfxCt0c9G8j | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40c000 EnumCalendarInfoA
0x40c004 InterlockedIncrement
0x40c008 SetDefaultCommConfigW
0x40c00c SetConsoleScreenBufferSize
0x40c010 GetComputerNameW
0x40c014 GetModuleHandleW
0x40c018 GetProcessHeap
0x40c01c IsBadReadPtr
0x40c020 GetSystemTimes
0x40c024 GlobalAlloc
0x40c028 Sleep
0x40c02c GetFileAttributesA
0x40c030 lstrcpynW
0x40c034 SetTimeZoneInformation
0x40c038 CompareStringW
0x40c03c SetConsoleTitleA
0x40c040 SetCurrentDirectoryA
0x40c044 GetCurrentDirectoryW
0x40c048 GetLongPathNameW
0x40c04c SetLastError
0x40c050 GetProcAddress
0x40c054 GetConsoleDisplayMode
0x40c058 BuildCommDCBW
0x40c05c SetFileApisToOEM
0x40c060 LoadLibraryA
0x40c064 WriteConsoleA
0x40c068 AddAtomW
0x40c06c FindNextChangeNotification
0x40c070 OpenJobObjectW
0x40c074 FindAtomA
0x40c078 FreeEnvironmentStringsW
0x40c07c BuildCommDCBA
0x40c080 PurgeComm
0x40c084 EnumDateFormatsW
0x40c088 SetCalendarInfoA
0x40c08c GetFileInformationByHandle
0x40c090 GetSystemTime
0x40c094 HeapAlloc
0x40c098 ExitProcess
0x40c09c GetCommandLineA
0x40c0a0 GetStartupInfoA
0x40c0a4 TerminateProcess
0x40c0a8 GetCurrentProcess
0x40c0ac UnhandledExceptionFilter
0x40c0b0 SetUnhandledExceptionFilter
0x40c0b4 IsDebuggerPresent
0x40c0b8 DeleteCriticalSection
0x40c0bc LeaveCriticalSection
0x40c0c0 EnterCriticalSection
0x40c0c4 HeapFree
0x40c0c8 VirtualFree
0x40c0cc VirtualAlloc
0x40c0d0 HeapReAlloc
0x40c0d4 HeapCreate
0x40c0d8 WriteFile
0x40c0dc GetStdHandle
0x40c0e0 GetModuleFileNameA
0x40c0e4 TlsGetValue
0x40c0e8 TlsAlloc
0x40c0ec TlsSetValue
0x40c0f0 TlsFree
0x40c0f4 GetCurrentThreadId
0x40c0f8 GetLastError
0x40c0fc InterlockedDecrement
0x40c100 InitializeCriticalSectionAndSpinCount
0x40c104 FreeEnvironmentStringsA
0x40c108 GetEnvironmentStrings
0x40c10c WideCharToMultiByte
0x40c110 GetEnvironmentStringsW
0x40c114 SetHandleCount
0x40c118 GetFileType
0x40c11c QueryPerformanceCounter
0x40c120 GetTickCount
0x40c124 GetCurrentProcessId
0x40c128 GetSystemTimeAsFileTime
0x40c12c SetFilePointer
0x40c130 GetConsoleCP
0x40c134 GetConsoleMode
0x40c138 GetCPInfo
0x40c13c GetACP
0x40c140 GetOEMCP
0x40c144 IsValidCodePage
0x40c148 RtlUnwind
0x40c14c MultiByteToWideChar
0x40c150 HeapSize
0x40c154 GetLocaleInfoA
0x40c158 SetStdHandle
0x40c15c GetConsoleOutputCP
0x40c160 WriteConsoleW
0x40c164 LCMapStringA
0x40c168 LCMapStringW
0x40c16c GetStringTypeA
0x40c170 GetStringTypeW
0x40c174 FlushFileBuffers
0x40c178 ReadFile
0x40c17c CreateFileA
0x40c180 CloseHandle
USER32.dll
0x40c188 SetActiveWindow
EAT(Export Address Table) is none
KERNEL32.dll
0x40c000 EnumCalendarInfoA
0x40c004 InterlockedIncrement
0x40c008 SetDefaultCommConfigW
0x40c00c SetConsoleScreenBufferSize
0x40c010 GetComputerNameW
0x40c014 GetModuleHandleW
0x40c018 GetProcessHeap
0x40c01c IsBadReadPtr
0x40c020 GetSystemTimes
0x40c024 GlobalAlloc
0x40c028 Sleep
0x40c02c GetFileAttributesA
0x40c030 lstrcpynW
0x40c034 SetTimeZoneInformation
0x40c038 CompareStringW
0x40c03c SetConsoleTitleA
0x40c040 SetCurrentDirectoryA
0x40c044 GetCurrentDirectoryW
0x40c048 GetLongPathNameW
0x40c04c SetLastError
0x40c050 GetProcAddress
0x40c054 GetConsoleDisplayMode
0x40c058 BuildCommDCBW
0x40c05c SetFileApisToOEM
0x40c060 LoadLibraryA
0x40c064 WriteConsoleA
0x40c068 AddAtomW
0x40c06c FindNextChangeNotification
0x40c070 OpenJobObjectW
0x40c074 FindAtomA
0x40c078 FreeEnvironmentStringsW
0x40c07c BuildCommDCBA
0x40c080 PurgeComm
0x40c084 EnumDateFormatsW
0x40c088 SetCalendarInfoA
0x40c08c GetFileInformationByHandle
0x40c090 GetSystemTime
0x40c094 HeapAlloc
0x40c098 ExitProcess
0x40c09c GetCommandLineA
0x40c0a0 GetStartupInfoA
0x40c0a4 TerminateProcess
0x40c0a8 GetCurrentProcess
0x40c0ac UnhandledExceptionFilter
0x40c0b0 SetUnhandledExceptionFilter
0x40c0b4 IsDebuggerPresent
0x40c0b8 DeleteCriticalSection
0x40c0bc LeaveCriticalSection
0x40c0c0 EnterCriticalSection
0x40c0c4 HeapFree
0x40c0c8 VirtualFree
0x40c0cc VirtualAlloc
0x40c0d0 HeapReAlloc
0x40c0d4 HeapCreate
0x40c0d8 WriteFile
0x40c0dc GetStdHandle
0x40c0e0 GetModuleFileNameA
0x40c0e4 TlsGetValue
0x40c0e8 TlsAlloc
0x40c0ec TlsSetValue
0x40c0f0 TlsFree
0x40c0f4 GetCurrentThreadId
0x40c0f8 GetLastError
0x40c0fc InterlockedDecrement
0x40c100 InitializeCriticalSectionAndSpinCount
0x40c104 FreeEnvironmentStringsA
0x40c108 GetEnvironmentStrings
0x40c10c WideCharToMultiByte
0x40c110 GetEnvironmentStringsW
0x40c114 SetHandleCount
0x40c118 GetFileType
0x40c11c QueryPerformanceCounter
0x40c120 GetTickCount
0x40c124 GetCurrentProcessId
0x40c128 GetSystemTimeAsFileTime
0x40c12c SetFilePointer
0x40c130 GetConsoleCP
0x40c134 GetConsoleMode
0x40c138 GetCPInfo
0x40c13c GetACP
0x40c140 GetOEMCP
0x40c144 IsValidCodePage
0x40c148 RtlUnwind
0x40c14c MultiByteToWideChar
0x40c150 HeapSize
0x40c154 GetLocaleInfoA
0x40c158 SetStdHandle
0x40c15c GetConsoleOutputCP
0x40c160 WriteConsoleW
0x40c164 LCMapStringA
0x40c168 LCMapStringW
0x40c16c GetStringTypeA
0x40c170 GetStringTypeW
0x40c174 FlushFileBuffers
0x40c178 ReadFile
0x40c17c CreateFileA
0x40c180 CloseHandle
USER32.dll
0x40c188 SetActiveWindow
EAT(Export Address Table) is none