ScreenShot
| Created | 2024.07.06 18:22 | Machine | s1_win7_x6401 |
| Filename | univ.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 57 detected (AIDetectMalware, Tepfer, Windows, Threat, Malicious, score, Zusy, Unsafe, Save, Attribute, HighConfidence, Artemis, DropperX, ICLoader, vHLMrzfmgST, AGEN, R002C0DG524, Real Protect, Outbreak, Detected, ai score=83, Eldorado, BScope, Genetic, Oader, Dnhl, Static AI, Malicious PE, confidence, JE8PHU) | ||
| md5 | 217b817f890ef7fc49dc9207d55d2a01 | ||
| sha256 | 4952bdcedd7e1b79a220f6aa4e60e8161e5b18a6dc587c14f98052be633df538 | ||
| ssdeep | 6144:L+O9JN4U5IrZpH5zmKaHVkq8xC2Y+POeMSzeQC81SxSAthE+BHgtTjEbDiLca6y9:L+O9JNaZpH5zmKaHVkq8xC2Y+POeMSzL | ||
| imphash | 3d373b41f750cfe34bc80626c0be52b2 | ||
| impfuzzy | 48:I919hbcGCBsZ4cpVestmCXCMyn9b0CEGuloLidgmsJ:I91TbcGb4cpVestmCXCMyRulMeC | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | A process attempted to delay the analysis task. |
| notice | Checks whether any human activity is being performed by constantly checking whether the foreground window changed |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42a024 SetLastError
0x42a028 VirtualFree
0x42a02c OutputDebugStringA
0x42a030 VirtualAlloc
0x42a034 LocalAlloc
0x42a038 GetLastError
0x42a03c LoadLibraryA
0x42a040 GetNativeSystemInfo
0x42a044 HeapAlloc
0x42a048 GetProcAddress
0x42a04c LocalFree
0x42a050 GetProcessHeap
0x42a054 FreeLibrary
0x42a058 FormatMessageA
0x42a05c IsBadReadPtr
0x42a060 GetModuleFileNameA
0x42a064 FindFirstFileA
0x42a068 HeapFree
0x42a06c FindClose
0x42a070 GetLocaleInfoA
0x42a074 OpenProcess
0x42a078 Sleep
0x42a07c GetTempPathA
0x42a080 K32GetModuleFileNameExA
0x42a084 K32GetModuleBaseNameA
0x42a088 CreateThread
0x42a08c GetCurrentProcessId
0x42a090 K32EnumProcessModules
0x42a094 CreateDirectoryA
0x42a098 HeapSize
0x42a09c GetFileSizeEx
0x42a0a0 GetConsoleOutputCP
0x42a0a4 FlushFileBuffers
0x42a0a8 VirtualProtect
0x42a0ac WideCharToMultiByte
0x42a0b0 CloseHandle
0x42a0b4 CreateFileA
0x42a0b8 MultiByteToWideChar
0x42a0bc WriteFile
0x42a0c0 FindNextFileA
0x42a0c4 CreateFileW
0x42a0c8 SetStdHandle
0x42a0cc SetEnvironmentVariableW
0x42a0d0 FreeEnvironmentStringsW
0x42a0d4 GetEnvironmentStringsW
0x42a0d8 GetCommandLineW
0x42a0dc GetCommandLineA
0x42a0e0 GetOEMCP
0x42a0e4 GetACP
0x42a0e8 IsValidCodePage
0x42a0ec FindNextFileW
0x42a0f0 FindFirstFileExW
0x42a0f4 HeapReAlloc
0x42a0f8 EnumSystemLocalesW
0x42a0fc GetUserDefaultLCID
0x42a100 WriteConsoleW
0x42a104 EnterCriticalSection
0x42a108 LeaveCriticalSection
0x42a10c InitializeCriticalSectionEx
0x42a110 DeleteCriticalSection
0x42a114 EncodePointer
0x42a118 DecodePointer
0x42a11c LCMapStringEx
0x42a120 GetStringTypeW
0x42a124 GetCPInfo
0x42a128 UnhandledExceptionFilter
0x42a12c SetUnhandledExceptionFilter
0x42a130 GetCurrentProcess
0x42a134 TerminateProcess
0x42a138 IsProcessorFeaturePresent
0x42a13c InitializeCriticalSectionAndSpinCount
0x42a140 SetEvent
0x42a144 ResetEvent
0x42a148 WaitForSingleObjectEx
0x42a14c CreateEventW
0x42a150 GetModuleHandleW
0x42a154 IsDebuggerPresent
0x42a158 GetStartupInfoW
0x42a15c QueryPerformanceCounter
0x42a160 GetCurrentThreadId
0x42a164 GetSystemTimeAsFileTime
0x42a168 InitializeSListHead
0x42a16c RtlUnwind
0x42a170 RaiseException
0x42a174 TlsAlloc
0x42a178 TlsGetValue
0x42a17c TlsSetValue
0x42a180 TlsFree
0x42a184 LoadLibraryExW
0x42a188 ExitProcess
0x42a18c GetModuleHandleExW
0x42a190 GetModuleFileNameW
0x42a194 GetStdHandle
0x42a198 SetFilePointerEx
0x42a19c GetConsoleMode
0x42a1a0 GetFileType
0x42a1a4 CompareStringW
0x42a1a8 LCMapStringW
0x42a1ac GetLocaleInfoW
0x42a1b0 IsValidLocale
USER32.dll
0x42a1c4 GetForegroundWindow
0x42a1c8 GetKeyboardLayoutList
0x42a1cc GetWindowTextA
ADVAPI32.dll
0x42a000 CryptAcquireContextW
0x42a004 GetUserNameA
0x42a008 CryptDecrypt
0x42a00c CryptCreateHash
0x42a010 CryptDeriveKey
0x42a014 CryptHashData
0x42a018 CryptReleaseContext
0x42a01c CryptDestroyKey
SHELL32.dll
0x42a1b8 SHGetFolderPathA
0x42a1bc ShellExecuteA
ole32.dll
0x42a200 CoCreateInstance
0x42a204 CoInitialize
0x42a208 CoUninitialize
WININET.dll
0x42a1d4 InternetSetFilePointer
0x42a1d8 HttpQueryInfoA
0x42a1dc HttpAddRequestHeadersA
0x42a1e0 InternetSetOptionA
0x42a1e4 InternetOpenA
0x42a1e8 InternetCloseHandle
0x42a1ec HttpSendRequestA
0x42a1f0 InternetConnectA
0x42a1f4 HttpOpenRequestA
0x42a1f8 InternetReadFile
EAT(Export Address Table) is none
KERNEL32.dll
0x42a024 SetLastError
0x42a028 VirtualFree
0x42a02c OutputDebugStringA
0x42a030 VirtualAlloc
0x42a034 LocalAlloc
0x42a038 GetLastError
0x42a03c LoadLibraryA
0x42a040 GetNativeSystemInfo
0x42a044 HeapAlloc
0x42a048 GetProcAddress
0x42a04c LocalFree
0x42a050 GetProcessHeap
0x42a054 FreeLibrary
0x42a058 FormatMessageA
0x42a05c IsBadReadPtr
0x42a060 GetModuleFileNameA
0x42a064 FindFirstFileA
0x42a068 HeapFree
0x42a06c FindClose
0x42a070 GetLocaleInfoA
0x42a074 OpenProcess
0x42a078 Sleep
0x42a07c GetTempPathA
0x42a080 K32GetModuleFileNameExA
0x42a084 K32GetModuleBaseNameA
0x42a088 CreateThread
0x42a08c GetCurrentProcessId
0x42a090 K32EnumProcessModules
0x42a094 CreateDirectoryA
0x42a098 HeapSize
0x42a09c GetFileSizeEx
0x42a0a0 GetConsoleOutputCP
0x42a0a4 FlushFileBuffers
0x42a0a8 VirtualProtect
0x42a0ac WideCharToMultiByte
0x42a0b0 CloseHandle
0x42a0b4 CreateFileA
0x42a0b8 MultiByteToWideChar
0x42a0bc WriteFile
0x42a0c0 FindNextFileA
0x42a0c4 CreateFileW
0x42a0c8 SetStdHandle
0x42a0cc SetEnvironmentVariableW
0x42a0d0 FreeEnvironmentStringsW
0x42a0d4 GetEnvironmentStringsW
0x42a0d8 GetCommandLineW
0x42a0dc GetCommandLineA
0x42a0e0 GetOEMCP
0x42a0e4 GetACP
0x42a0e8 IsValidCodePage
0x42a0ec FindNextFileW
0x42a0f0 FindFirstFileExW
0x42a0f4 HeapReAlloc
0x42a0f8 EnumSystemLocalesW
0x42a0fc GetUserDefaultLCID
0x42a100 WriteConsoleW
0x42a104 EnterCriticalSection
0x42a108 LeaveCriticalSection
0x42a10c InitializeCriticalSectionEx
0x42a110 DeleteCriticalSection
0x42a114 EncodePointer
0x42a118 DecodePointer
0x42a11c LCMapStringEx
0x42a120 GetStringTypeW
0x42a124 GetCPInfo
0x42a128 UnhandledExceptionFilter
0x42a12c SetUnhandledExceptionFilter
0x42a130 GetCurrentProcess
0x42a134 TerminateProcess
0x42a138 IsProcessorFeaturePresent
0x42a13c InitializeCriticalSectionAndSpinCount
0x42a140 SetEvent
0x42a144 ResetEvent
0x42a148 WaitForSingleObjectEx
0x42a14c CreateEventW
0x42a150 GetModuleHandleW
0x42a154 IsDebuggerPresent
0x42a158 GetStartupInfoW
0x42a15c QueryPerformanceCounter
0x42a160 GetCurrentThreadId
0x42a164 GetSystemTimeAsFileTime
0x42a168 InitializeSListHead
0x42a16c RtlUnwind
0x42a170 RaiseException
0x42a174 TlsAlloc
0x42a178 TlsGetValue
0x42a17c TlsSetValue
0x42a180 TlsFree
0x42a184 LoadLibraryExW
0x42a188 ExitProcess
0x42a18c GetModuleHandleExW
0x42a190 GetModuleFileNameW
0x42a194 GetStdHandle
0x42a198 SetFilePointerEx
0x42a19c GetConsoleMode
0x42a1a0 GetFileType
0x42a1a4 CompareStringW
0x42a1a8 LCMapStringW
0x42a1ac GetLocaleInfoW
0x42a1b0 IsValidLocale
USER32.dll
0x42a1c4 GetForegroundWindow
0x42a1c8 GetKeyboardLayoutList
0x42a1cc GetWindowTextA
ADVAPI32.dll
0x42a000 CryptAcquireContextW
0x42a004 GetUserNameA
0x42a008 CryptDecrypt
0x42a00c CryptCreateHash
0x42a010 CryptDeriveKey
0x42a014 CryptHashData
0x42a018 CryptReleaseContext
0x42a01c CryptDestroyKey
SHELL32.dll
0x42a1b8 SHGetFolderPathA
0x42a1bc ShellExecuteA
ole32.dll
0x42a200 CoCreateInstance
0x42a204 CoInitialize
0x42a208 CoUninitialize
WININET.dll
0x42a1d4 InternetSetFilePointer
0x42a1d8 HttpQueryInfoA
0x42a1dc HttpAddRequestHeadersA
0x42a1e0 InternetSetOptionA
0x42a1e4 InternetOpenA
0x42a1e8 InternetCloseHandle
0x42a1ec HttpSendRequestA
0x42a1f0 InternetConnectA
0x42a1f4 HttpOpenRequestA
0x42a1f8 InternetReadFile
EAT(Export Address Table) is none