ScreenShot
| Created | 2024.07.11 13:42 | Machine | s1_win7_x6403 |
| Filename | ubt.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 15 detected (AIDetectMalware, HackTool, Malicious, Knotweed, CLOUD, Cobaltstrike, Detected, Wacapew, R002H0DGA24) | ||
| md5 | f8012ce30f73905e89212dcb0ff4a73b | ||
| sha256 | 78111af024efbe39b61a9414e988db36d3937cac10d050e0f50d6a97cfe50c9b | ||
| ssdeep | 1536:26v1hyFWsAM2Xz/y1wD55Ds2/0VSjbVd3aPSs:jXywj5X2ql8StNYS | ||
| imphash | 5d069bc732d5a8b393d595273a72a80a | ||
| impfuzzy | 48:r1QpgnFRzLyv8/pxfi4Awba9c+ClI0tHIGxIqOcKi8Mv9/n:rGpgnFRzLyv8/pxf5A/9c+CBtoGxIq1l | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 15 AntiVirus engines on VirusTotal as malicious |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14000c000 GetModuleFileNameW
0x14000c008 OpenProcess
0x14000c010 CloseHandle
0x14000c018 GetWindowsDirectoryW
0x14000c020 GetProcAddress
0x14000c028 ReadProcessMemory
0x14000c030 GetCurrentProcessId
0x14000c038 GetModuleHandleW
0x14000c040 FreeLibrary
0x14000c048 ExitProcess
0x14000c050 Sleep
0x14000c058 LCIDToLocaleName
0x14000c060 RaiseException
0x14000c068 VirtualQuery
0x14000c070 RtlUnwindEx
0x14000c078 TerminateProcess
0x14000c080 GetCurrentProcess
0x14000c088 IsProcessorFeaturePresent
0x14000c090 SetUnhandledExceptionFilter
0x14000c098 UnhandledExceptionFilter
0x14000c0a0 IsDebuggerPresent
0x14000c0a8 RtlVirtualUnwind
0x14000c0b0 RtlLookupFunctionEntry
0x14000c0b8 RtlCaptureContext
0x14000c0c0 InitializeSListHead
0x14000c0c8 GetSystemTimeAsFileTime
0x14000c0d0 GetCurrentThreadId
0x14000c0d8 QueryPerformanceCounter
0x14000c0e0 LCMapStringEx
0x14000c0e8 GetLocaleInfoEx
0x14000c0f0 DecodePointer
0x14000c0f8 EncodePointer
0x14000c100 DeleteCriticalSection
0x14000c108 InitializeCriticalSectionEx
0x14000c110 LeaveCriticalSection
0x14000c118 EnterCriticalSection
0x14000c120 WideCharToMultiByte
0x14000c128 GetStringTypeW
0x14000c130 MultiByteToWideChar
0x14000c138 GetModuleHandleExW
ole32.dll
0x14000c318 CoInitializeEx
0x14000c320 CoUninitialize
0x14000c328 CoGetObject
msvcrt.dll
0x14000c148 realloc
0x14000c150 abort
0x14000c158 wcsnlen
0x14000c160 _callnewh
0x14000c168 _initterm
0x14000c170 _initterm_e
0x14000c178 _set_fmode
0x14000c180 strcpy_s
0x14000c188 _lock
0x14000c190 _unlock
0x14000c198 ___mb_cur_max_func
0x14000c1a0 _iob
0x14000c1a8 ___lc_handle_func
0x14000c1b0 _XcptFilter
0x14000c1b8 __set_app_type
0x14000c1c0 __wgetmainargs
0x14000c1c8 _wenviron
0x14000c1d0 __argc
0x14000c1d8 __wargv
0x14000c1e0 ?_set_new_mode@@YAHH@Z
0x14000c1e8 _commode
0x14000c1f0 _msize
0x14000c1f8 ?terminate@@YAXXZ
0x14000c200 _isatty
0x14000c208 _fileno
0x14000c210 _wcsdup
0x14000c218 calloc
0x14000c220 ___lc_codepage_func
0x14000c228 __pctype_func
0x14000c230 ungetc
0x14000c238 setvbuf
0x14000c240 _fseeki64
0x14000c248 fsetpos
0x14000c250 fgetpos
0x14000c258 fgetc
0x14000c260 fflush
0x14000c268 fclose
0x14000c270 ungetwc
0x14000c278 fgetwc
0x14000c280 _errno
0x14000c288 malloc
0x14000c290 free
0x14000c298 wcscat_s
0x14000c2a0 wcscpy_s
0x14000c2a8 _wcsicmp
0x14000c2b0 _local_unwind
0x14000c2b8 __DestructExceptionObject
0x14000c2c0 _amsg_exit
0x14000c2c8 __C_specific_handler
0x14000c2d0 memset
0x14000c2d8 memmove
0x14000c2e0 __uncaught_exception
0x14000c2e8 memcpy
0x14000c2f0 _CxxThrowException
0x14000c2f8 strchr
0x14000c300 wcsrchr
0x14000c308 __CxxFrameHandler3
EAT(Export Address Table) is none
KERNEL32.dll
0x14000c000 GetModuleFileNameW
0x14000c008 OpenProcess
0x14000c010 CloseHandle
0x14000c018 GetWindowsDirectoryW
0x14000c020 GetProcAddress
0x14000c028 ReadProcessMemory
0x14000c030 GetCurrentProcessId
0x14000c038 GetModuleHandleW
0x14000c040 FreeLibrary
0x14000c048 ExitProcess
0x14000c050 Sleep
0x14000c058 LCIDToLocaleName
0x14000c060 RaiseException
0x14000c068 VirtualQuery
0x14000c070 RtlUnwindEx
0x14000c078 TerminateProcess
0x14000c080 GetCurrentProcess
0x14000c088 IsProcessorFeaturePresent
0x14000c090 SetUnhandledExceptionFilter
0x14000c098 UnhandledExceptionFilter
0x14000c0a0 IsDebuggerPresent
0x14000c0a8 RtlVirtualUnwind
0x14000c0b0 RtlLookupFunctionEntry
0x14000c0b8 RtlCaptureContext
0x14000c0c0 InitializeSListHead
0x14000c0c8 GetSystemTimeAsFileTime
0x14000c0d0 GetCurrentThreadId
0x14000c0d8 QueryPerformanceCounter
0x14000c0e0 LCMapStringEx
0x14000c0e8 GetLocaleInfoEx
0x14000c0f0 DecodePointer
0x14000c0f8 EncodePointer
0x14000c100 DeleteCriticalSection
0x14000c108 InitializeCriticalSectionEx
0x14000c110 LeaveCriticalSection
0x14000c118 EnterCriticalSection
0x14000c120 WideCharToMultiByte
0x14000c128 GetStringTypeW
0x14000c130 MultiByteToWideChar
0x14000c138 GetModuleHandleExW
ole32.dll
0x14000c318 CoInitializeEx
0x14000c320 CoUninitialize
0x14000c328 CoGetObject
msvcrt.dll
0x14000c148 realloc
0x14000c150 abort
0x14000c158 wcsnlen
0x14000c160 _callnewh
0x14000c168 _initterm
0x14000c170 _initterm_e
0x14000c178 _set_fmode
0x14000c180 strcpy_s
0x14000c188 _lock
0x14000c190 _unlock
0x14000c198 ___mb_cur_max_func
0x14000c1a0 _iob
0x14000c1a8 ___lc_handle_func
0x14000c1b0 _XcptFilter
0x14000c1b8 __set_app_type
0x14000c1c0 __wgetmainargs
0x14000c1c8 _wenviron
0x14000c1d0 __argc
0x14000c1d8 __wargv
0x14000c1e0 ?_set_new_mode@@YAHH@Z
0x14000c1e8 _commode
0x14000c1f0 _msize
0x14000c1f8 ?terminate@@YAXXZ
0x14000c200 _isatty
0x14000c208 _fileno
0x14000c210 _wcsdup
0x14000c218 calloc
0x14000c220 ___lc_codepage_func
0x14000c228 __pctype_func
0x14000c230 ungetc
0x14000c238 setvbuf
0x14000c240 _fseeki64
0x14000c248 fsetpos
0x14000c250 fgetpos
0x14000c258 fgetc
0x14000c260 fflush
0x14000c268 fclose
0x14000c270 ungetwc
0x14000c278 fgetwc
0x14000c280 _errno
0x14000c288 malloc
0x14000c290 free
0x14000c298 wcscat_s
0x14000c2a0 wcscpy_s
0x14000c2a8 _wcsicmp
0x14000c2b0 _local_unwind
0x14000c2b8 __DestructExceptionObject
0x14000c2c0 _amsg_exit
0x14000c2c8 __C_specific_handler
0x14000c2d0 memset
0x14000c2d8 memmove
0x14000c2e0 __uncaught_exception
0x14000c2e8 memcpy
0x14000c2f0 _CxxThrowException
0x14000c2f8 strchr
0x14000c300 wcsrchr
0x14000c308 __CxxFrameHandler3
EAT(Export Address Table) is none