popup

Report - SearchUI.exe

UPX PE File PE32 OS Processor Check
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2025.02.03 10:05 Machine s1_win7_x6401
Filename SearchUI.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
AI Score
9
 Behavior Score
3.0
ZERO API
VT API (file) 34 detected (AIDetectMalware, Unsafe, GenericKD, StartPage, AAEK, CLOUD, score, Static AI, Suspicious PE, brsg, Detected, Malware@#2cl1l2ow6hw49, Eldorado, Artemis, MALICIOUS, Regedit, susgen, PossibleThreat)
md5 d72791d9eb757581772716a7573c4a4c
sha256 b87870c36a1c770960979d8958aeb12c0537b5287bd420555931e6f4a28bbebf
ssdeep 384:e8Dr+sQ8zL+/JRrhr/y8vtbNAF4cHjmqLCJPEfhSvLTLKLFwZIzz:ppmJdJy8vNQ/iqGJPEfhSvLTLKLFwZI/
imphash 7976cce1676dbc3f8e5bf1461533e991
impfuzzy 3:swBJAEPwS9KTXzhAXw1MO/EX9CROXdqX1GtLRatdJ0qAIPYL+WXbGeJB:dBJAEHGDvZ/EwRgscidqqySQiWB
  Network IP location

Signature (6cnts)

Level Description
danger File has been identified by 34 AntiVirus engines on VirusTotal as malicious
watch Checks the CPU name from registry
notice Checks for the Locally Unique Identifier on the system for a suspicious privilege
notice The binary likely contains encrypted or compressed data indicative of a packer
notice The executable is compressed using UPX
info The executable uses a known packer

Rules (4cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.DLL
 0x40e3a8 LoadLibraryA
 0x40e3ac GetProcAddress
 0x40e3b0 ExitProcess
ADVAPI32.dll
 0x40e3b8 RegCloseKey
COMCTL32.dll
 0x40e3c0 InitCommonControlsEx
CRTDLL.dll
 0x40e3c8 memset
GDI32.dll
 0x40e3d0 SetBkColor
USER32.dll
 0x40e3d8 IsChild

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure