ScreenShot
| Created | 2025.01.13 16:35 | Machine | s1_win7_x6401 |
| Filename | utkin.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 59 detected (Common, tsIK, Trojanpws, Meduza, GenericKD, Unsafe, Kryptik, V4zx, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, GenKryptik, HDHG, MalwareX, akpo, TrojanPSW, kudubv, H0SuumTg3ZU, klxhs, Siggen30, MEDUZASTEALER, YXELTZ, Static AI, Suspicious PE, Detected, Malware@#2oc15ss5zfx74, ABTrojan, TTAK, Artemis, Krypt, Chgt, Gencirc, FM4ZjqNbmhc, susgen, AG8PHU) | ||
| md5 | 119891f3f60e7bba10a6b60731a8d211 | ||
| sha256 | ad9b276a5d2f75e7d1c6b21f95d8a7cb70f482f2621847bca4864d90753de72f | ||
| ssdeep | 24576:V9L8hJZ4uB+Ch0lhSMXl72x+GsNompILTDyWD5Q:PL8hD4aurpompILTDyz | ||
| imphash | 259e8414ffd4b8ab603913db518e276c | ||
| impfuzzy | 96:HD8bd5oFrthcQfmz/rBG/8CAq7WrmDChBwZ:YZy7g/YWDaZ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
ntdll.dll
0x14004e3f0 RtlImageDirectoryEntryToData
0x14004e3f8 RtlLeaveCriticalSection
0x14004e400 RtlEnterCriticalSection
0x14004e408 RtlCompareMemory
0x14004e410 NtProtectVirtualMemory
0x14004e418 RtlImageNtHeader
0x14004e420 NtQueryVirtualMemory
0x14004e428 RtlGetNtVersionNumbers
KERNEL32.dll
0x14004e018 FreeEnvironmentStringsW
0x14004e020 GetEnvironmentStringsW
0x14004e028 VirtualFree
0x14004e030 VirtualAlloc
0x14004e038 GetModuleHandleW
0x14004e040 LoadLibraryA
0x14004e048 ReadFile
0x14004e050 WriteFile
0x14004e058 CreateFileW
0x14004e060 CloseHandle
0x14004e068 GetProcAddress
0x14004e070 GetCurrentProcess
0x14004e078 FlushInstructionCache
0x14004e080 VirtualQuery
0x14004e088 WriteProcessMemory
0x14004e090 EnterCriticalSection
0x14004e098 GetModuleFileNameW
0x14004e0a0 LeaveCriticalSection
0x14004e0a8 GetModuleHandleA
0x14004e0b0 MultiByteToWideChar
0x14004e0b8 GetWindowsDirectoryW
0x14004e0c0 ExitProcess
0x14004e0c8 WideCharToMultiByte
0x14004e0d0 GetLastError
0x14004e0d8 SetLastError
0x14004e0e0 RtlCaptureContext
0x14004e0e8 RtlLookupFunctionEntry
0x14004e0f0 RtlVirtualUnwind
0x14004e0f8 IsDebuggerPresent
0x14004e100 UnhandledExceptionFilter
0x14004e108 SetUnhandledExceptionFilter
0x14004e110 TerminateProcess
0x14004e118 IsProcessorFeaturePresent
0x14004e120 CreateThread
0x14004e128 ExitThread
0x14004e130 FreeLibrary
0x14004e138 FreeLibraryAndExitThread
0x14004e140 GetModuleHandleExW
0x14004e148 GetCommandLineA
0x14004e150 GetCommandLineW
0x14004e158 HeapAlloc
0x14004e160 HeapFree
0x14004e168 GetCurrentThreadId
0x14004e170 DeleteCriticalSection
0x14004e178 GetStdHandle
0x14004e180 GetFileType
0x14004e188 GetStartupInfoW
0x14004e190 RaiseException
0x14004e198 FlsAlloc
0x14004e1a0 FlsGetValue
0x14004e1a8 FlsSetValue
0x14004e1b0 FlsFree
0x14004e1b8 InitializeCriticalSectionAndSpinCount
0x14004e1c0 GetSystemTimeAsFileTime
0x14004e1c8 LoadLibraryExW
0x14004e1d0 LCMapStringW
0x14004e1d8 GetLocaleInfoW
0x14004e1e0 IsValidLocale
0x14004e1e8 GetUserDefaultLCID
0x14004e1f0 EnumSystemLocalesW
0x14004e1f8 HeapReAlloc
0x14004e200 HeapSize
0x14004e208 GetProcessHeap
0x14004e210 IsValidCodePage
0x14004e218 GetACP
0x14004e220 GetOEMCP
0x14004e228 GetCPInfo
0x14004e230 GetStringTypeW
0x14004e238 GetFileSizeEx
0x14004e240 SetFilePointerEx
0x14004e248 SetStdHandle
0x14004e250 FlushFileBuffers
0x14004e258 GetConsoleOutputCP
0x14004e260 GetConsoleMode
0x14004e268 ReadConsoleW
0x14004e270 WriteConsoleW
0x14004e278 GetCurrentProcessId
0x14004e280 InitializeSListHead
0x14004e288 RtlUnwindEx
0x14004e290 RtlPcToFileHeader
0x14004e298 RtlUnwind
0x14004e2a0 EncodePointer
0x14004e2a8 TlsAlloc
0x14004e2b0 TlsGetValue
0x14004e2b8 TlsSetValue
0x14004e2c0 TlsFree
0x14004e2c8 WakeAllConditionVariable
0x14004e2d0 QueryPerformanceCounter
0x14004e2d8 LCMapStringEx
0x14004e2e0 DecodePointer
0x14004e2e8 InitializeCriticalSectionEx
0x14004e2f0 GetFileInformationByHandleEx
0x14004e2f8 FormatMessageA
0x14004e300 QueryPerformanceFrequency
0x14004e308 ReleaseSRWLockExclusive
0x14004e310 AcquireSRWLockExclusive
0x14004e318 TryAcquireSRWLockExclusive
0x14004e320 Sleep
0x14004e328 WaitForSingleObjectEx
0x14004e330 GetExitCodeThread
0x14004e338 LocalFree
0x14004e340 GetLocaleInfoEx
0x14004e348 FindClose
0x14004e350 FindFirstFileW
0x14004e358 FindFirstFileExW
0x14004e360 FindNextFileW
0x14004e368 GetFileAttributesExW
0x14004e370 AreFileApisANSI
USER32.dll
0x14004e3c8 LoadAcceleratorsW
0x14004e3d0 LoadAcceleratorsA
ADVAPI32.dll
0x14004e000 GetTokenInformation
0x14004e008 OpenProcessToken
OLEAUT32.dll
0x14004e380 SysAllocString
0x14004e388 SafeArrayPutElement
0x14004e390 SafeArrayUnaccessData
0x14004e398 SafeArrayCreate
0x14004e3a0 SafeArrayCreateVector
0x14004e3a8 SafeArrayAccessData
0x14004e3b0 SysFreeString
0x14004e3b8 SafeArrayDestroy
mscoree.dll
0x14004e3e0 CLRCreateInstance
EAT(Export Address Table) is none
ntdll.dll
0x14004e3f0 RtlImageDirectoryEntryToData
0x14004e3f8 RtlLeaveCriticalSection
0x14004e400 RtlEnterCriticalSection
0x14004e408 RtlCompareMemory
0x14004e410 NtProtectVirtualMemory
0x14004e418 RtlImageNtHeader
0x14004e420 NtQueryVirtualMemory
0x14004e428 RtlGetNtVersionNumbers
KERNEL32.dll
0x14004e018 FreeEnvironmentStringsW
0x14004e020 GetEnvironmentStringsW
0x14004e028 VirtualFree
0x14004e030 VirtualAlloc
0x14004e038 GetModuleHandleW
0x14004e040 LoadLibraryA
0x14004e048 ReadFile
0x14004e050 WriteFile
0x14004e058 CreateFileW
0x14004e060 CloseHandle
0x14004e068 GetProcAddress
0x14004e070 GetCurrentProcess
0x14004e078 FlushInstructionCache
0x14004e080 VirtualQuery
0x14004e088 WriteProcessMemory
0x14004e090 EnterCriticalSection
0x14004e098 GetModuleFileNameW
0x14004e0a0 LeaveCriticalSection
0x14004e0a8 GetModuleHandleA
0x14004e0b0 MultiByteToWideChar
0x14004e0b8 GetWindowsDirectoryW
0x14004e0c0 ExitProcess
0x14004e0c8 WideCharToMultiByte
0x14004e0d0 GetLastError
0x14004e0d8 SetLastError
0x14004e0e0 RtlCaptureContext
0x14004e0e8 RtlLookupFunctionEntry
0x14004e0f0 RtlVirtualUnwind
0x14004e0f8 IsDebuggerPresent
0x14004e100 UnhandledExceptionFilter
0x14004e108 SetUnhandledExceptionFilter
0x14004e110 TerminateProcess
0x14004e118 IsProcessorFeaturePresent
0x14004e120 CreateThread
0x14004e128 ExitThread
0x14004e130 FreeLibrary
0x14004e138 FreeLibraryAndExitThread
0x14004e140 GetModuleHandleExW
0x14004e148 GetCommandLineA
0x14004e150 GetCommandLineW
0x14004e158 HeapAlloc
0x14004e160 HeapFree
0x14004e168 GetCurrentThreadId
0x14004e170 DeleteCriticalSection
0x14004e178 GetStdHandle
0x14004e180 GetFileType
0x14004e188 GetStartupInfoW
0x14004e190 RaiseException
0x14004e198 FlsAlloc
0x14004e1a0 FlsGetValue
0x14004e1a8 FlsSetValue
0x14004e1b0 FlsFree
0x14004e1b8 InitializeCriticalSectionAndSpinCount
0x14004e1c0 GetSystemTimeAsFileTime
0x14004e1c8 LoadLibraryExW
0x14004e1d0 LCMapStringW
0x14004e1d8 GetLocaleInfoW
0x14004e1e0 IsValidLocale
0x14004e1e8 GetUserDefaultLCID
0x14004e1f0 EnumSystemLocalesW
0x14004e1f8 HeapReAlloc
0x14004e200 HeapSize
0x14004e208 GetProcessHeap
0x14004e210 IsValidCodePage
0x14004e218 GetACP
0x14004e220 GetOEMCP
0x14004e228 GetCPInfo
0x14004e230 GetStringTypeW
0x14004e238 GetFileSizeEx
0x14004e240 SetFilePointerEx
0x14004e248 SetStdHandle
0x14004e250 FlushFileBuffers
0x14004e258 GetConsoleOutputCP
0x14004e260 GetConsoleMode
0x14004e268 ReadConsoleW
0x14004e270 WriteConsoleW
0x14004e278 GetCurrentProcessId
0x14004e280 InitializeSListHead
0x14004e288 RtlUnwindEx
0x14004e290 RtlPcToFileHeader
0x14004e298 RtlUnwind
0x14004e2a0 EncodePointer
0x14004e2a8 TlsAlloc
0x14004e2b0 TlsGetValue
0x14004e2b8 TlsSetValue
0x14004e2c0 TlsFree
0x14004e2c8 WakeAllConditionVariable
0x14004e2d0 QueryPerformanceCounter
0x14004e2d8 LCMapStringEx
0x14004e2e0 DecodePointer
0x14004e2e8 InitializeCriticalSectionEx
0x14004e2f0 GetFileInformationByHandleEx
0x14004e2f8 FormatMessageA
0x14004e300 QueryPerformanceFrequency
0x14004e308 ReleaseSRWLockExclusive
0x14004e310 AcquireSRWLockExclusive
0x14004e318 TryAcquireSRWLockExclusive
0x14004e320 Sleep
0x14004e328 WaitForSingleObjectEx
0x14004e330 GetExitCodeThread
0x14004e338 LocalFree
0x14004e340 GetLocaleInfoEx
0x14004e348 FindClose
0x14004e350 FindFirstFileW
0x14004e358 FindFirstFileExW
0x14004e360 FindNextFileW
0x14004e368 GetFileAttributesExW
0x14004e370 AreFileApisANSI
USER32.dll
0x14004e3c8 LoadAcceleratorsW
0x14004e3d0 LoadAcceleratorsA
ADVAPI32.dll
0x14004e000 GetTokenInformation
0x14004e008 OpenProcessToken
OLEAUT32.dll
0x14004e380 SysAllocString
0x14004e388 SafeArrayPutElement
0x14004e390 SafeArrayUnaccessData
0x14004e398 SafeArrayCreate
0x14004e3a0 SafeArrayCreateVector
0x14004e3a8 SafeArrayAccessData
0x14004e3b0 SysFreeString
0x14004e3b8 SafeArrayDestroy
mscoree.dll
0x14004e3e0 CLRCreateInstance
EAT(Export Address Table) is none