ScreenShot
| Created | 2024.08.11 15:50 | Machine | s1_win7_x6403 |
| Filename | 66afa0d3934d8_ultfix.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 31 detected (AIDetectMalware, malicious, high confidence, score, Artemis, Attribute, HighConfidence, a variant of WinGo, qwiuss, Genric, CLASSIC, AGEN, Static AI, Suspicious PE, Detected, Wacatac, Cordimik, YLTV1B, WinGo, Gencirc) | ||
| md5 | 0da8d6933fc99a15fc4ed8b20145f7b5 | ||
| sha256 | a0906077d04dbccf4fdcaa15f49f5d214bfdb2baf845126d44ff638f620681bf | ||
| ssdeep | 98304:Hy3ex5+JHQDw3/2xXz5pDUcg+b+EmCu8scTiPc8HLaAK4i:aHLuxXz5eWb7mCl/TifKr | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 31 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14107b47c AddAtomA
0x14107b484 AddVectoredExceptionHandler
0x14107b48c CloseHandle
0x14107b494 CreateEventA
0x14107b49c CreateFileA
0x14107b4a4 CreateIoCompletionPort
0x14107b4ac CreateMutexA
0x14107b4b4 CreateSemaphoreA
0x14107b4bc CreateThread
0x14107b4c4 CreateWaitableTimerExW
0x14107b4cc DeleteAtom
0x14107b4d4 DeleteCriticalSection
0x14107b4dc DuplicateHandle
0x14107b4e4 EnterCriticalSection
0x14107b4ec ExitProcess
0x14107b4f4 FindAtomA
0x14107b4fc FormatMessageA
0x14107b504 FreeEnvironmentStringsW
0x14107b50c GetAtomNameA
0x14107b514 GetConsoleMode
0x14107b51c GetCurrentProcess
0x14107b524 GetCurrentProcessId
0x14107b52c GetCurrentThread
0x14107b534 GetCurrentThreadId
0x14107b53c GetEnvironmentStringsW
0x14107b544 GetErrorMode
0x14107b54c GetHandleInformation
0x14107b554 GetLastError
0x14107b55c GetProcAddress
0x14107b564 GetProcessAffinityMask
0x14107b56c GetQueuedCompletionStatusEx
0x14107b574 GetStartupInfoA
0x14107b57c GetStdHandle
0x14107b584 GetSystemDirectoryA
0x14107b58c GetSystemInfo
0x14107b594 GetSystemTimeAsFileTime
0x14107b59c GetThreadContext
0x14107b5a4 GetThreadPriority
0x14107b5ac GetTickCount
0x14107b5b4 InitializeCriticalSection
0x14107b5bc IsDBCSLeadByteEx
0x14107b5c4 IsDebuggerPresent
0x14107b5cc LeaveCriticalSection
0x14107b5d4 LoadLibraryExW
0x14107b5dc LoadLibraryW
0x14107b5e4 LocalFree
0x14107b5ec MultiByteToWideChar
0x14107b5f4 OpenProcess
0x14107b5fc OutputDebugStringA
0x14107b604 PostQueuedCompletionStatus
0x14107b60c QueryPerformanceCounter
0x14107b614 QueryPerformanceFrequency
0x14107b61c RaiseException
0x14107b624 RaiseFailFastException
0x14107b62c ReleaseMutex
0x14107b634 ReleaseSemaphore
0x14107b63c RemoveVectoredExceptionHandler
0x14107b644 ResetEvent
0x14107b64c ResumeThread
0x14107b654 SetConsoleCtrlHandler
0x14107b65c SetErrorMode
0x14107b664 SetEvent
0x14107b66c SetLastError
0x14107b674 SetProcessAffinityMask
0x14107b67c SetProcessPriorityBoost
0x14107b684 SetThreadContext
0x14107b68c SetThreadPriority
0x14107b694 SetUnhandledExceptionFilter
0x14107b69c SetWaitableTimer
0x14107b6a4 Sleep
0x14107b6ac SuspendThread
0x14107b6b4 SwitchToThread
0x14107b6bc TlsAlloc
0x14107b6c4 TlsGetValue
0x14107b6cc TlsSetValue
0x14107b6d4 TryEnterCriticalSection
0x14107b6dc VirtualAlloc
0x14107b6e4 VirtualFree
0x14107b6ec VirtualProtect
0x14107b6f4 VirtualQuery
0x14107b6fc WaitForMultipleObjects
0x14107b704 WaitForSingleObject
0x14107b70c WerGetFlags
0x14107b714 WerSetFlags
0x14107b71c WideCharToMultiByte
0x14107b724 WriteConsoleW
0x14107b72c WriteFile
0x14107b734 __C_specific_handler
msvcrt.dll
0x14107b744 ___lc_codepage_func
0x14107b74c ___mb_cur_max_func
0x14107b754 __getmainargs
0x14107b75c __initenv
0x14107b764 __iob_func
0x14107b76c __lconv_init
0x14107b774 __set_app_type
0x14107b77c __setusermatherr
0x14107b784 _acmdln
0x14107b78c _amsg_exit
0x14107b794 _beginthread
0x14107b79c _beginthreadex
0x14107b7a4 _cexit
0x14107b7ac _commode
0x14107b7b4 _endthreadex
0x14107b7bc _errno
0x14107b7c4 _fmode
0x14107b7cc _initterm
0x14107b7d4 _lock
0x14107b7dc _memccpy
0x14107b7e4 _onexit
0x14107b7ec _setjmp
0x14107b7f4 _strdup
0x14107b7fc _ultoa
0x14107b804 _unlock
0x14107b80c abort
0x14107b814 calloc
0x14107b81c exit
0x14107b824 fprintf
0x14107b82c fputc
0x14107b834 free
0x14107b83c fwrite
0x14107b844 localeconv
0x14107b84c longjmp
0x14107b854 malloc
0x14107b85c memcpy
0x14107b864 memmove
0x14107b86c memset
0x14107b874 printf
0x14107b87c realloc
0x14107b884 signal
0x14107b88c strerror
0x14107b894 strlen
0x14107b89c strncmp
0x14107b8a4 vfprintf
0x14107b8ac wcslen
EAT(Export Address Table) Library
0x141079190 _cgo_dummy_export
KERNEL32.dll
0x14107b47c AddAtomA
0x14107b484 AddVectoredExceptionHandler
0x14107b48c CloseHandle
0x14107b494 CreateEventA
0x14107b49c CreateFileA
0x14107b4a4 CreateIoCompletionPort
0x14107b4ac CreateMutexA
0x14107b4b4 CreateSemaphoreA
0x14107b4bc CreateThread
0x14107b4c4 CreateWaitableTimerExW
0x14107b4cc DeleteAtom
0x14107b4d4 DeleteCriticalSection
0x14107b4dc DuplicateHandle
0x14107b4e4 EnterCriticalSection
0x14107b4ec ExitProcess
0x14107b4f4 FindAtomA
0x14107b4fc FormatMessageA
0x14107b504 FreeEnvironmentStringsW
0x14107b50c GetAtomNameA
0x14107b514 GetConsoleMode
0x14107b51c GetCurrentProcess
0x14107b524 GetCurrentProcessId
0x14107b52c GetCurrentThread
0x14107b534 GetCurrentThreadId
0x14107b53c GetEnvironmentStringsW
0x14107b544 GetErrorMode
0x14107b54c GetHandleInformation
0x14107b554 GetLastError
0x14107b55c GetProcAddress
0x14107b564 GetProcessAffinityMask
0x14107b56c GetQueuedCompletionStatusEx
0x14107b574 GetStartupInfoA
0x14107b57c GetStdHandle
0x14107b584 GetSystemDirectoryA
0x14107b58c GetSystemInfo
0x14107b594 GetSystemTimeAsFileTime
0x14107b59c GetThreadContext
0x14107b5a4 GetThreadPriority
0x14107b5ac GetTickCount
0x14107b5b4 InitializeCriticalSection
0x14107b5bc IsDBCSLeadByteEx
0x14107b5c4 IsDebuggerPresent
0x14107b5cc LeaveCriticalSection
0x14107b5d4 LoadLibraryExW
0x14107b5dc LoadLibraryW
0x14107b5e4 LocalFree
0x14107b5ec MultiByteToWideChar
0x14107b5f4 OpenProcess
0x14107b5fc OutputDebugStringA
0x14107b604 PostQueuedCompletionStatus
0x14107b60c QueryPerformanceCounter
0x14107b614 QueryPerformanceFrequency
0x14107b61c RaiseException
0x14107b624 RaiseFailFastException
0x14107b62c ReleaseMutex
0x14107b634 ReleaseSemaphore
0x14107b63c RemoveVectoredExceptionHandler
0x14107b644 ResetEvent
0x14107b64c ResumeThread
0x14107b654 SetConsoleCtrlHandler
0x14107b65c SetErrorMode
0x14107b664 SetEvent
0x14107b66c SetLastError
0x14107b674 SetProcessAffinityMask
0x14107b67c SetProcessPriorityBoost
0x14107b684 SetThreadContext
0x14107b68c SetThreadPriority
0x14107b694 SetUnhandledExceptionFilter
0x14107b69c SetWaitableTimer
0x14107b6a4 Sleep
0x14107b6ac SuspendThread
0x14107b6b4 SwitchToThread
0x14107b6bc TlsAlloc
0x14107b6c4 TlsGetValue
0x14107b6cc TlsSetValue
0x14107b6d4 TryEnterCriticalSection
0x14107b6dc VirtualAlloc
0x14107b6e4 VirtualFree
0x14107b6ec VirtualProtect
0x14107b6f4 VirtualQuery
0x14107b6fc WaitForMultipleObjects
0x14107b704 WaitForSingleObject
0x14107b70c WerGetFlags
0x14107b714 WerSetFlags
0x14107b71c WideCharToMultiByte
0x14107b724 WriteConsoleW
0x14107b72c WriteFile
0x14107b734 __C_specific_handler
msvcrt.dll
0x14107b744 ___lc_codepage_func
0x14107b74c ___mb_cur_max_func
0x14107b754 __getmainargs
0x14107b75c __initenv
0x14107b764 __iob_func
0x14107b76c __lconv_init
0x14107b774 __set_app_type
0x14107b77c __setusermatherr
0x14107b784 _acmdln
0x14107b78c _amsg_exit
0x14107b794 _beginthread
0x14107b79c _beginthreadex
0x14107b7a4 _cexit
0x14107b7ac _commode
0x14107b7b4 _endthreadex
0x14107b7bc _errno
0x14107b7c4 _fmode
0x14107b7cc _initterm
0x14107b7d4 _lock
0x14107b7dc _memccpy
0x14107b7e4 _onexit
0x14107b7ec _setjmp
0x14107b7f4 _strdup
0x14107b7fc _ultoa
0x14107b804 _unlock
0x14107b80c abort
0x14107b814 calloc
0x14107b81c exit
0x14107b824 fprintf
0x14107b82c fputc
0x14107b834 free
0x14107b83c fwrite
0x14107b844 localeconv
0x14107b84c longjmp
0x14107b854 malloc
0x14107b85c memcpy
0x14107b864 memmove
0x14107b86c memset
0x14107b874 printf
0x14107b87c realloc
0x14107b884 signal
0x14107b88c strerror
0x14107b894 strlen
0x14107b89c strncmp
0x14107b8a4 vfprintf
0x14107b8ac wcslen
EAT(Export Address Table) Library
0x141079190 _cgo_dummy_export