ScreenShot
| Created | 2024.09.19 10:09 | Machine | s1_win7_x6403 |
| Filename | univ.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (AIDetectMalware, StopCrypt, Malicious, score, Stop, GenericKD, Unsafe, Kryptik, Vzt4, confidence, 100%, Attribute, HighConfidence, high confidence, HXVG, BotX, Pwsx, Tepfer, Stealerc, 62qlktkfLgH, AceCrypter, jjadj, DownLoader47, HPGANDCRAB, SMONT2, Real Protect, high, Krypt, Static AI, Malicious PE, Detected, Convagent, Malware@#1m3gagiro55h9, MREZZ9, Eldorado, R658943, Artemis, BScope, Tofsee, Gencirc, susgen) | ||
| md5 | 85737d1c7426259423c84f96719e82ea | ||
| sha256 | 5aba703ae3636bbd23110d80621643e39f4b924a664f85bd6542f9f10c6b983b | ||
| ssdeep | 6144:SfH1EM1595tnpAFQoUQzxh/vtuknuIiF/Q:mHh1595VpAWkT1uCuF/ | ||
| imphash | 85dac74763b3c77327ffae5e53f25749 | ||
| impfuzzy | 48:Mcp1mKZdidWPQyG1R6mb6yq2HK9GcPkA8:LmyoWoyGT6mbxq2HQGcPS | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x431000 GetComputerNameA
0x431004 FillConsoleOutputCharacterA
0x431008 SearchPathW
0x43100c GetConsoleAliasesLengthW
0x431010 CopyFileExW
0x431014 GetNumaProcessorNode
0x431018 DebugActiveProcessStop
0x43101c GetDefaultCommConfigW
0x431020 CallNamedPipeA
0x431024 WriteConsoleOutputW
0x431028 HeapAlloc
0x43102c InterlockedDecrement
0x431030 GlobalSize
0x431034 GetEnvironmentStringsW
0x431038 CreateDirectoryW
0x43103c GetSystemDefaultLCID
0x431040 GetModuleHandleW
0x431044 GetCommandLineA
0x431048 GetSystemTimes
0x43104c GlobalAlloc
0x431050 LoadLibraryW
0x431054 GetConsoleAliasExesLengthW
0x431058 SetConsoleMode
0x43105c GetFileAttributesW
0x431060 GetBinaryTypeW
0x431064 GetStartupInfoW
0x431068 SetConsoleTitleA
0x43106c GetShortPathNameA
0x431070 InterlockedExchange
0x431074 GetLastError
0x431078 GetProcAddress
0x43107c CopyFileA
0x431080 SetStdHandle
0x431084 EnterCriticalSection
0x431088 BuildCommDCBW
0x43108c GetNumaHighestNodeNumber
0x431090 OpenWaitableTimerA
0x431094 LoadLibraryA
0x431098 UnhandledExceptionFilter
0x43109c WritePrivateProfileStringA
0x4310a0 QueryDosDeviceW
0x4310a4 VirtualLock
0x4310a8 FindAtomA
0x4310ac FoldStringA
0x4310b0 GetModuleFileNameA
0x4310b4 FreeEnvironmentStringsW
0x4310b8 SetCalendarInfoA
0x4310bc WriteConsoleW
0x4310c0 CloseHandle
0x4310c4 MultiByteToWideChar
0x4310c8 EncodePointer
0x4310cc DecodePointer
0x4310d0 ExitProcess
0x4310d4 GetCommandLineW
0x4310d8 HeapSetInformation
0x4310dc TerminateProcess
0x4310e0 GetCurrentProcess
0x4310e4 SetUnhandledExceptionFilter
0x4310e8 IsDebuggerPresent
0x4310ec GetCPInfo
0x4310f0 InterlockedIncrement
0x4310f4 GetACP
0x4310f8 GetOEMCP
0x4310fc IsValidCodePage
0x431100 TlsAlloc
0x431104 TlsGetValue
0x431108 TlsSetValue
0x43110c TlsFree
0x431110 SetLastError
0x431114 GetCurrentThreadId
0x431118 LeaveCriticalSection
0x43111c SetHandleCount
0x431120 GetStdHandle
0x431124 InitializeCriticalSectionAndSpinCount
0x431128 GetFileType
0x43112c DeleteCriticalSection
0x431130 Sleep
0x431134 HeapSize
0x431138 WriteFile
0x43113c GetModuleFileNameW
0x431140 HeapCreate
0x431144 QueryPerformanceCounter
0x431148 GetTickCount
0x43114c GetCurrentProcessId
0x431150 GetSystemTimeAsFileTime
0x431154 WideCharToMultiByte
0x431158 LCMapStringW
0x43115c GetStringTypeW
0x431160 HeapFree
0x431164 RtlUnwind
0x431168 ReadFile
0x43116c HeapReAlloc
0x431170 IsProcessorFeaturePresent
0x431174 GetConsoleCP
0x431178 GetConsoleMode
0x43117c FlushFileBuffers
0x431180 SetFilePointer
0x431184 CreateFileW
USER32.dll
0x43118c GetUserObjectInformationW
EAT(Export Address Table) is none
KERNEL32.dll
0x431000 GetComputerNameA
0x431004 FillConsoleOutputCharacterA
0x431008 SearchPathW
0x43100c GetConsoleAliasesLengthW
0x431010 CopyFileExW
0x431014 GetNumaProcessorNode
0x431018 DebugActiveProcessStop
0x43101c GetDefaultCommConfigW
0x431020 CallNamedPipeA
0x431024 WriteConsoleOutputW
0x431028 HeapAlloc
0x43102c InterlockedDecrement
0x431030 GlobalSize
0x431034 GetEnvironmentStringsW
0x431038 CreateDirectoryW
0x43103c GetSystemDefaultLCID
0x431040 GetModuleHandleW
0x431044 GetCommandLineA
0x431048 GetSystemTimes
0x43104c GlobalAlloc
0x431050 LoadLibraryW
0x431054 GetConsoleAliasExesLengthW
0x431058 SetConsoleMode
0x43105c GetFileAttributesW
0x431060 GetBinaryTypeW
0x431064 GetStartupInfoW
0x431068 SetConsoleTitleA
0x43106c GetShortPathNameA
0x431070 InterlockedExchange
0x431074 GetLastError
0x431078 GetProcAddress
0x43107c CopyFileA
0x431080 SetStdHandle
0x431084 EnterCriticalSection
0x431088 BuildCommDCBW
0x43108c GetNumaHighestNodeNumber
0x431090 OpenWaitableTimerA
0x431094 LoadLibraryA
0x431098 UnhandledExceptionFilter
0x43109c WritePrivateProfileStringA
0x4310a0 QueryDosDeviceW
0x4310a4 VirtualLock
0x4310a8 FindAtomA
0x4310ac FoldStringA
0x4310b0 GetModuleFileNameA
0x4310b4 FreeEnvironmentStringsW
0x4310b8 SetCalendarInfoA
0x4310bc WriteConsoleW
0x4310c0 CloseHandle
0x4310c4 MultiByteToWideChar
0x4310c8 EncodePointer
0x4310cc DecodePointer
0x4310d0 ExitProcess
0x4310d4 GetCommandLineW
0x4310d8 HeapSetInformation
0x4310dc TerminateProcess
0x4310e0 GetCurrentProcess
0x4310e4 SetUnhandledExceptionFilter
0x4310e8 IsDebuggerPresent
0x4310ec GetCPInfo
0x4310f0 InterlockedIncrement
0x4310f4 GetACP
0x4310f8 GetOEMCP
0x4310fc IsValidCodePage
0x431100 TlsAlloc
0x431104 TlsGetValue
0x431108 TlsSetValue
0x43110c TlsFree
0x431110 SetLastError
0x431114 GetCurrentThreadId
0x431118 LeaveCriticalSection
0x43111c SetHandleCount
0x431120 GetStdHandle
0x431124 InitializeCriticalSectionAndSpinCount
0x431128 GetFileType
0x43112c DeleteCriticalSection
0x431130 Sleep
0x431134 HeapSize
0x431138 WriteFile
0x43113c GetModuleFileNameW
0x431140 HeapCreate
0x431144 QueryPerformanceCounter
0x431148 GetTickCount
0x43114c GetCurrentProcessId
0x431150 GetSystemTimeAsFileTime
0x431154 WideCharToMultiByte
0x431158 LCMapStringW
0x43115c GetStringTypeW
0x431160 HeapFree
0x431164 RtlUnwind
0x431168 ReadFile
0x43116c HeapReAlloc
0x431170 IsProcessorFeaturePresent
0x431174 GetConsoleCP
0x431178 GetConsoleMode
0x43117c FlushFileBuffers
0x431180 SetFilePointer
0x431184 CreateFileW
USER32.dll
0x43118c GetUserObjectInformationW
EAT(Export Address Table) is none