ScreenShot
| Created | 2024.06.09 09:15 | Machine | s1_win7_x6403 |
| Filename | UNP%20Setup.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 3 detected (Themida, Detected, Presenoker) | ||
| md5 | a2f39491c9d6e8be4a1bf05ac024fdb4 | ||
| sha256 | 6cadfb0b3edb3fd000c5df1c8853957efe2de172befc3132c96e4afeee2b0427 | ||
| ssdeep | 196608:vOlhlJ0nBjr+3XR1qU1SoisXgLp7iy39KqQv43nKZ:GhfYJy3HSBsXgRfO43y | ||
| imphash | 817659d4155ea1f078b4ced0ba1f20e9 | ||
| impfuzzy | 96:B9+F8DnFcEgnqCtxzrkrUYrtvf2sgeISlNH3t:HFcHxzgIYJOsgqbH3t | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | File has been identified by 3 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| info | Checks amount of memory in system |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | CAB_file_format | CAB archive file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x448040 EnterCriticalSection
0x448044 LoadLibraryExW
0x448048 GetModuleHandleW
0x44804c GetModuleFileNameW
0x448050 InitializeCriticalSection
0x448054 DeleteCriticalSection
0x448058 InterlockedDecrement
0x44805c InterlockedIncrement
0x448060 LoadLibraryW
0x448064 GetCurrentThreadId
0x448068 CloseHandle
0x44806c GetShortPathNameW
0x448070 CreateEventW
0x448074 LeaveCriticalSection
0x448078 GetCommandLineW
0x44807c SetCurrentDirectoryW
0x448080 CreateThread
0x448084 WaitForSingleObject
0x448088 SetEvent
0x44808c GetDriveTypeW
0x448090 GetVersionExW
0x448094 SetFileAttributesW
0x448098 CopyFileW
0x44809c GetExitCodeThread
0x4480a0 GetCurrentProcess
0x4480a4 FlushInstructionCache
0x4480a8 SetLastError
0x4480ac lstrcmpiW
0x4480b0 FreeLibrary
0x4480b4 GetLastError
0x4480b8 WriteFile
0x4480bc CreateFileW
0x4480c0 FindResourceExW
0x4480c4 FindResourceW
0x4480c8 LoadResource
0x4480cc LockResource
0x4480d0 SizeofResource
0x4480d4 GetCurrentProcessId
0x4480d8 RaiseException
0x4480dc WriteConsoleW
0x4480e0 GetConsoleOutputCP
0x4480e4 WriteConsoleA
0x4480e8 SetStdHandle
0x4480ec LCMapStringA
0x4480f0 GetConsoleMode
0x4480f4 GetConsoleCP
0x4480f8 InitializeCriticalSectionAndSpinCount
0x4480fc lstrlenW
0x448100 MultiByteToWideChar
0x448104 GetFileAttributesW
0x448108 WideCharToMultiByte
0x44810c GetModuleHandleA
0x448110 RtlUnwind
0x448114 LCMapStringW
0x448118 GetStringTypeA
0x44811c IsValidLocale
0x448120 EnumSystemLocalesA
0x448124 LocalAlloc
0x448128 LocalFree
0x44812c GetProcAddress
0x448130 InterlockedExchange
0x448134 LoadLibraryA
0x448138 GetTempPathW
0x44813c GetTempFileNameW
0x448140 DeleteFileW
0x448144 FindFirstFileW
0x448148 FindNextFileW
0x44814c RemoveDirectoryW
0x448150 FindClose
0x448154 CreateDirectoryW
0x448158 GetLogicalDriveStringsW
0x44815c GetFileSize
0x448160 ReadFile
0x448164 GetDiskFreeSpaceExW
0x448168 GetEnvironmentVariableW
0x44816c SetFilePointer
0x448170 SetEndOfFile
0x448174 EnumResourceLanguagesW
0x448178 GetLocaleInfoW
0x44817c GetSystemDefaultLangID
0x448180 GetUserDefaultLangID
0x448184 GetSystemTime
0x448188 CreateProcessW
0x44818c GetExitCodeProcess
0x448190 GetWindowsDirectoryW
0x448194 CreateToolhelp32Snapshot
0x448198 Process32FirstW
0x44819c Process32NextW
0x4481a0 GetVersion
0x4481a4 GlobalMemoryStatus
0x4481a8 OutputDebugStringW
0x4481ac GetLocalTime
0x4481b0 FlushFileBuffers
0x4481b4 lstrcpynW
0x4481b8 GetSystemDirectoryW
0x4481bc TerminateThread
0x4481c0 MoveFileW
0x4481c4 Sleep
0x4481c8 ResetEvent
0x4481cc GlobalFree
0x4481d0 MulDiv
0x4481d4 CreateFileA
0x4481d8 CreateNamedPipeW
0x4481dc ConnectNamedPipe
0x4481e0 FormatMessageW
0x4481e4 GetTempPathA
0x4481e8 GetTempFileNameA
0x4481ec DuplicateHandle
0x4481f0 GetStdHandle
0x4481f4 CreateProcessA
0x4481f8 DeleteFileA
0x4481fc LockFile
0x448200 UnlockFile
0x448204 GetStringTypeW
0x448208 GetLocaleInfoA
0x44820c SearchPathW
0x448210 GlobalLock
0x448214 GlobalUnlock
0x448218 GlobalAlloc
0x44821c lstrcmpW
0x448220 HeapDestroy
0x448224 HeapAlloc
0x448228 HeapFree
0x44822c HeapReAlloc
0x448230 HeapSize
0x448234 GetProcessHeap
0x448238 InterlockedCompareExchange
0x44823c IsProcessorFeaturePresent
0x448240 VirtualFree
0x448244 VirtualAlloc
0x448248 GetStartupInfoW
0x44824c TerminateProcess
0x448250 UnhandledExceptionFilter
0x448254 SetUnhandledExceptionFilter
0x448258 IsDebuggerPresent
0x44825c TlsGetValue
0x448260 TlsAlloc
0x448264 TlsSetValue
0x448268 TlsFree
0x44826c ExitProcess
0x448270 HeapCreate
0x448274 GetModuleFileNameA
0x448278 GetCPInfo
0x44827c GetACP
0x448280 GetOEMCP
0x448284 IsValidCodePage
0x448288 FreeEnvironmentStringsW
0x44828c GetEnvironmentStringsW
0x448290 SetHandleCount
0x448294 GetFileType
0x448298 GetStartupInfoA
0x44829c QueryPerformanceCounter
0x4482a0 GetTickCount
0x4482a4 GetSystemTimeAsFileTime
0x4482a8 GetUserDefaultLCID
USER32.dll
0x4482ec SetWindowPos
0x4482f0 MapWindowPoints
0x4482f4 GetClientRect
0x4482f8 GetParent
0x4482fc GetWindowRect
0x448300 GetMonitorInfoW
0x448304 MonitorFromWindow
0x448308 GetWindowLongW
0x44830c GetWindow
0x448310 ShowWindow
0x448314 EnableWindow
0x448318 EndDialog
0x44831c CreateDialogParamW
0x448320 SendMessageW
0x448324 MsgWaitForMultipleObjects
0x448328 PeekMessageW
0x44832c TranslateMessage
0x448330 DispatchMessageW
0x448334 GetForegroundWindow
0x448338 LoadStringW
0x44833c SetForegroundWindow
0x448340 EnumWindows
0x448344 GetWindowThreadProcessId
0x448348 IsWindowVisible
0x44834c GetSystemMetrics
0x448350 GetDC
0x448354 CreateWindowExW
0x448358 ScreenToClient
0x44835c PostQuitMessage
0x448360 CallWindowProcW
0x448364 GetPropW
0x448368 RedrawWindow
0x44836c InvalidateRect
0x448370 GetWindowTextW
0x448374 SetWindowTextW
0x448378 SetFocus
0x44837c LoadImageW
0x448380 GetDesktopWindow
0x448384 GetSystemMenu
0x448388 EnableMenuItem
0x44838c DestroyMenu
0x448390 ModifyMenuW
0x448394 FindWindowW
0x448398 MessageBeep
0x44839c ExitWindowsEx
0x4483a0 GetScrollRange
0x4483a4 GetScrollPos
0x4483a8 GetDlgCtrlID
0x4483ac SetPropW
0x4483b0 RemovePropW
0x4483b4 TrackPopupMenu
0x4483b8 LoadMenuW
0x4483bc GetSubMenu
0x4483c0 SetTimer
0x4483c4 KillTimer
0x4483c8 ReleaseDC
0x4483cc OpenClipboard
0x4483d0 CloseClipboard
0x4483d4 EmptyClipboard
0x4483d8 SetClipboardData
0x4483dc UnregisterClassA
0x4483e0 GetDlgItem
0x4483e4 IsWindow
0x4483e8 DialogBoxParamW
0x4483ec MessageBoxW
0x4483f0 GetActiveWindow
0x4483f4 SetWindowLongW
0x4483f8 DefWindowProcW
0x4483fc CharNextW
0x448400 DestroyWindow
0x448404 PostMessageW
0x448408 GetWindowTextLengthW
GDI32.dll
0x448010 GetDeviceCaps
0x448014 DeleteObject
0x448018 GetObjectW
0x44801c DeleteDC
0x448020 SetBkMode
0x448024 GetStockObject
0x448028 CreateCompatibleBitmap
0x44802c CreateCompatibleDC
0x448030 SelectObject
0x448034 BitBlt
0x448038 CreateFontIndirectW
SHELL32.dll
0x4482bc SHGetPathFromIDListW
0x4482c0 ShellExecuteW
0x4482c4 SHGetFolderPathW
0x4482c8 SHBrowseForFolderW
0x4482cc SHGetMalloc
0x4482d0 ShellExecuteExW
0x4482d4 SHGetSpecialFolderLocation
ole32.dll
0x448420 CoCreateGuid
0x448424 CreateStreamOnHGlobal
0x448428 CoTaskMemAlloc
0x44842c StgCreateDocfileOnILockBytes
0x448430 CoCreateInstance
0x448434 CoTaskMemRealloc
0x448438 CoTaskMemFree
0x44843c CoUninitialize
0x448440 CreateILockBytesOnHGlobal
0x448444 CoInitialize
OLEAUT32.dll
0x4482b0 OleLoadPicture
0x4482b4 VarUI4FromStr
SHLWAPI.dll
0x4482dc PathFileExistsW
COMCTL32.dll
0x448000 PropertySheetW
0x448004 DestroyPropertySheetPage
0x448008 CreatePropertySheetPageW
VERSION.dll
0x448410 VerQueryValueW
0x448414 GetFileVersionInfoW
0x448418 GetFileVersionInfoSizeW
Secur32.dll
0x4482e4 GetUserNameExW
EAT(Export Address Table) is none
KERNEL32.dll
0x448040 EnterCriticalSection
0x448044 LoadLibraryExW
0x448048 GetModuleHandleW
0x44804c GetModuleFileNameW
0x448050 InitializeCriticalSection
0x448054 DeleteCriticalSection
0x448058 InterlockedDecrement
0x44805c InterlockedIncrement
0x448060 LoadLibraryW
0x448064 GetCurrentThreadId
0x448068 CloseHandle
0x44806c GetShortPathNameW
0x448070 CreateEventW
0x448074 LeaveCriticalSection
0x448078 GetCommandLineW
0x44807c SetCurrentDirectoryW
0x448080 CreateThread
0x448084 WaitForSingleObject
0x448088 SetEvent
0x44808c GetDriveTypeW
0x448090 GetVersionExW
0x448094 SetFileAttributesW
0x448098 CopyFileW
0x44809c GetExitCodeThread
0x4480a0 GetCurrentProcess
0x4480a4 FlushInstructionCache
0x4480a8 SetLastError
0x4480ac lstrcmpiW
0x4480b0 FreeLibrary
0x4480b4 GetLastError
0x4480b8 WriteFile
0x4480bc CreateFileW
0x4480c0 FindResourceExW
0x4480c4 FindResourceW
0x4480c8 LoadResource
0x4480cc LockResource
0x4480d0 SizeofResource
0x4480d4 GetCurrentProcessId
0x4480d8 RaiseException
0x4480dc WriteConsoleW
0x4480e0 GetConsoleOutputCP
0x4480e4 WriteConsoleA
0x4480e8 SetStdHandle
0x4480ec LCMapStringA
0x4480f0 GetConsoleMode
0x4480f4 GetConsoleCP
0x4480f8 InitializeCriticalSectionAndSpinCount
0x4480fc lstrlenW
0x448100 MultiByteToWideChar
0x448104 GetFileAttributesW
0x448108 WideCharToMultiByte
0x44810c GetModuleHandleA
0x448110 RtlUnwind
0x448114 LCMapStringW
0x448118 GetStringTypeA
0x44811c IsValidLocale
0x448120 EnumSystemLocalesA
0x448124 LocalAlloc
0x448128 LocalFree
0x44812c GetProcAddress
0x448130 InterlockedExchange
0x448134 LoadLibraryA
0x448138 GetTempPathW
0x44813c GetTempFileNameW
0x448140 DeleteFileW
0x448144 FindFirstFileW
0x448148 FindNextFileW
0x44814c RemoveDirectoryW
0x448150 FindClose
0x448154 CreateDirectoryW
0x448158 GetLogicalDriveStringsW
0x44815c GetFileSize
0x448160 ReadFile
0x448164 GetDiskFreeSpaceExW
0x448168 GetEnvironmentVariableW
0x44816c SetFilePointer
0x448170 SetEndOfFile
0x448174 EnumResourceLanguagesW
0x448178 GetLocaleInfoW
0x44817c GetSystemDefaultLangID
0x448180 GetUserDefaultLangID
0x448184 GetSystemTime
0x448188 CreateProcessW
0x44818c GetExitCodeProcess
0x448190 GetWindowsDirectoryW
0x448194 CreateToolhelp32Snapshot
0x448198 Process32FirstW
0x44819c Process32NextW
0x4481a0 GetVersion
0x4481a4 GlobalMemoryStatus
0x4481a8 OutputDebugStringW
0x4481ac GetLocalTime
0x4481b0 FlushFileBuffers
0x4481b4 lstrcpynW
0x4481b8 GetSystemDirectoryW
0x4481bc TerminateThread
0x4481c0 MoveFileW
0x4481c4 Sleep
0x4481c8 ResetEvent
0x4481cc GlobalFree
0x4481d0 MulDiv
0x4481d4 CreateFileA
0x4481d8 CreateNamedPipeW
0x4481dc ConnectNamedPipe
0x4481e0 FormatMessageW
0x4481e4 GetTempPathA
0x4481e8 GetTempFileNameA
0x4481ec DuplicateHandle
0x4481f0 GetStdHandle
0x4481f4 CreateProcessA
0x4481f8 DeleteFileA
0x4481fc LockFile
0x448200 UnlockFile
0x448204 GetStringTypeW
0x448208 GetLocaleInfoA
0x44820c SearchPathW
0x448210 GlobalLock
0x448214 GlobalUnlock
0x448218 GlobalAlloc
0x44821c lstrcmpW
0x448220 HeapDestroy
0x448224 HeapAlloc
0x448228 HeapFree
0x44822c HeapReAlloc
0x448230 HeapSize
0x448234 GetProcessHeap
0x448238 InterlockedCompareExchange
0x44823c IsProcessorFeaturePresent
0x448240 VirtualFree
0x448244 VirtualAlloc
0x448248 GetStartupInfoW
0x44824c TerminateProcess
0x448250 UnhandledExceptionFilter
0x448254 SetUnhandledExceptionFilter
0x448258 IsDebuggerPresent
0x44825c TlsGetValue
0x448260 TlsAlloc
0x448264 TlsSetValue
0x448268 TlsFree
0x44826c ExitProcess
0x448270 HeapCreate
0x448274 GetModuleFileNameA
0x448278 GetCPInfo
0x44827c GetACP
0x448280 GetOEMCP
0x448284 IsValidCodePage
0x448288 FreeEnvironmentStringsW
0x44828c GetEnvironmentStringsW
0x448290 SetHandleCount
0x448294 GetFileType
0x448298 GetStartupInfoA
0x44829c QueryPerformanceCounter
0x4482a0 GetTickCount
0x4482a4 GetSystemTimeAsFileTime
0x4482a8 GetUserDefaultLCID
USER32.dll
0x4482ec SetWindowPos
0x4482f0 MapWindowPoints
0x4482f4 GetClientRect
0x4482f8 GetParent
0x4482fc GetWindowRect
0x448300 GetMonitorInfoW
0x448304 MonitorFromWindow
0x448308 GetWindowLongW
0x44830c GetWindow
0x448310 ShowWindow
0x448314 EnableWindow
0x448318 EndDialog
0x44831c CreateDialogParamW
0x448320 SendMessageW
0x448324 MsgWaitForMultipleObjects
0x448328 PeekMessageW
0x44832c TranslateMessage
0x448330 DispatchMessageW
0x448334 GetForegroundWindow
0x448338 LoadStringW
0x44833c SetForegroundWindow
0x448340 EnumWindows
0x448344 GetWindowThreadProcessId
0x448348 IsWindowVisible
0x44834c GetSystemMetrics
0x448350 GetDC
0x448354 CreateWindowExW
0x448358 ScreenToClient
0x44835c PostQuitMessage
0x448360 CallWindowProcW
0x448364 GetPropW
0x448368 RedrawWindow
0x44836c InvalidateRect
0x448370 GetWindowTextW
0x448374 SetWindowTextW
0x448378 SetFocus
0x44837c LoadImageW
0x448380 GetDesktopWindow
0x448384 GetSystemMenu
0x448388 EnableMenuItem
0x44838c DestroyMenu
0x448390 ModifyMenuW
0x448394 FindWindowW
0x448398 MessageBeep
0x44839c ExitWindowsEx
0x4483a0 GetScrollRange
0x4483a4 GetScrollPos
0x4483a8 GetDlgCtrlID
0x4483ac SetPropW
0x4483b0 RemovePropW
0x4483b4 TrackPopupMenu
0x4483b8 LoadMenuW
0x4483bc GetSubMenu
0x4483c0 SetTimer
0x4483c4 KillTimer
0x4483c8 ReleaseDC
0x4483cc OpenClipboard
0x4483d0 CloseClipboard
0x4483d4 EmptyClipboard
0x4483d8 SetClipboardData
0x4483dc UnregisterClassA
0x4483e0 GetDlgItem
0x4483e4 IsWindow
0x4483e8 DialogBoxParamW
0x4483ec MessageBoxW
0x4483f0 GetActiveWindow
0x4483f4 SetWindowLongW
0x4483f8 DefWindowProcW
0x4483fc CharNextW
0x448400 DestroyWindow
0x448404 PostMessageW
0x448408 GetWindowTextLengthW
GDI32.dll
0x448010 GetDeviceCaps
0x448014 DeleteObject
0x448018 GetObjectW
0x44801c DeleteDC
0x448020 SetBkMode
0x448024 GetStockObject
0x448028 CreateCompatibleBitmap
0x44802c CreateCompatibleDC
0x448030 SelectObject
0x448034 BitBlt
0x448038 CreateFontIndirectW
SHELL32.dll
0x4482bc SHGetPathFromIDListW
0x4482c0 ShellExecuteW
0x4482c4 SHGetFolderPathW
0x4482c8 SHBrowseForFolderW
0x4482cc SHGetMalloc
0x4482d0 ShellExecuteExW
0x4482d4 SHGetSpecialFolderLocation
ole32.dll
0x448420 CoCreateGuid
0x448424 CreateStreamOnHGlobal
0x448428 CoTaskMemAlloc
0x44842c StgCreateDocfileOnILockBytes
0x448430 CoCreateInstance
0x448434 CoTaskMemRealloc
0x448438 CoTaskMemFree
0x44843c CoUninitialize
0x448440 CreateILockBytesOnHGlobal
0x448444 CoInitialize
OLEAUT32.dll
0x4482b0 OleLoadPicture
0x4482b4 VarUI4FromStr
SHLWAPI.dll
0x4482dc PathFileExistsW
COMCTL32.dll
0x448000 PropertySheetW
0x448004 DestroyPropertySheetPage
0x448008 CreatePropertySheetPageW
VERSION.dll
0x448410 VerQueryValueW
0x448414 GetFileVersionInfoW
0x448418 GetFileVersionInfoSizeW
Secur32.dll
0x4482e4 GetUserNameExW
EAT(Export Address Table) is none