ScreenShot
| Created | 2025.04.30 13:34 | Machine | s1_win7_x6403 |
| Filename | ui.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 33 detected (AIDetectMalware, Ghanarava, Unsafe, Save, Genus, Attribute, HighConfidence, malicious, high confidence, FileRepMalware, Misc, jzgfaj, Generic ML PUA, Blocker, Detected, Wacatac, Malware@#3at0voxrx76nf, ABTrojan, MBGF, Artemis, Chgt, susgen, PossibleThreat) | ||
| md5 | fd2baa8f4a912025dd49c1da504ca352 | ||
| sha256 | 752dd7563038241bd57990937e5e55d0b5e105b32964ba1b1952e5ec56ae0cdc | ||
| ssdeep | 196608:TUEfUIxAumeCM1FFEAt64JdBT9hyWc3hH+pq0W8/LayuTcTBXYPfTk9Kvzq35:TU1qA1eCMDFE+JHTbd0hHoW8ZwcdXsKt | ||
| imphash | fa2936ff523bbe01bb11c81e10c9ad2d | ||
| impfuzzy | 48:t/gub6okoQ54rzSv6xviM3teV9avteS15lc+pICJcgTkOta0Kq14r:pH9deVcteS15lc+pIstkiDHS | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| watch | Appends a known multi-family ransomware file extension to files that have been encrypted |
| watch | Deletes a large number of files from the system indicative of ransomware |
| notice | Creates executable files on the filesystem |
| notice | Drops an executable to the user AppData folder |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
Rules (19cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (download) |
| watch | ASPack_Zero | ASPack packed file | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | ftp_command | ftp command | binaries (download) |
| info | IsDLL | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | PNG_Format_Zero | PNG Format | binaries (download) |
| info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x4261a8 CreateWindowExW
0x4261ac MessageBoxW
0x4261b0 MessageBoxA
0x4261b4 SystemParametersInfoW
0x4261b8 DestroyIcon
0x4261bc SetWindowLongW
0x4261c0 GetWindowLongW
0x4261c4 GetClientRect
0x4261c8 InvalidateRect
0x4261cc ReleaseDC
0x4261d0 GetDC
0x4261d4 DrawTextW
0x4261d8 GetDialogBaseUnits
0x4261dc EndDialog
0x4261e0 DialogBoxIndirectParamW
0x4261e4 MoveWindow
0x4261e8 SendMessageW
COMCTL32.dll
0x426014 None
KERNEL32.dll
0x42602c IsValidCodePage
0x426030 GetStringTypeW
0x426034 GetFileAttributesExW
0x426038 HeapReAlloc
0x42603c FlushFileBuffers
0x426040 GetCurrentDirectoryW
0x426044 GetACP
0x426048 GetOEMCP
0x42604c GetModuleHandleW
0x426050 MulDiv
0x426054 GetLastError
0x426058 SetDllDirectoryW
0x42605c GetModuleFileNameW
0x426060 GetProcAddress
0x426064 GetCommandLineW
0x426068 GetEnvironmentVariableW
0x42606c GetCPInfo
0x426070 ExpandEnvironmentStringsW
0x426074 CreateDirectoryW
0x426078 GetTempPathW
0x42607c WaitForSingleObject
0x426080 Sleep
0x426084 GetExitCodeProcess
0x426088 CreateProcessW
0x42608c GetStartupInfoW
0x426090 FreeLibrary
0x426094 LoadLibraryExW
0x426098 SetConsoleCtrlHandler
0x42609c FindClose
0x4260a0 FindFirstFileExW
0x4260a4 CloseHandle
0x4260a8 GetCurrentProcess
0x4260ac LocalFree
0x4260b0 FormatMessageW
0x4260b4 MultiByteToWideChar
0x4260b8 WideCharToMultiByte
0x4260bc GetEnvironmentStringsW
0x4260c0 FreeEnvironmentStringsW
0x4260c4 GetProcessHeap
0x4260c8 GetTimeZoneInformation
0x4260cc HeapSize
0x4260d0 WriteConsoleW
0x4260d4 SetEndOfFile
0x4260d8 SetEnvironmentVariableW
0x4260dc IsDebuggerPresent
0x4260e0 UnhandledExceptionFilter
0x4260e4 SetUnhandledExceptionFilter
0x4260e8 TerminateProcess
0x4260ec IsProcessorFeaturePresent
0x4260f0 QueryPerformanceCounter
0x4260f4 GetCurrentProcessId
0x4260f8 GetCurrentThreadId
0x4260fc GetSystemTimeAsFileTime
0x426100 InitializeSListHead
0x426104 DecodePointer
0x426108 RtlUnwind
0x42610c SetLastError
0x426110 EnterCriticalSection
0x426114 LeaveCriticalSection
0x426118 DeleteCriticalSection
0x42611c InitializeCriticalSectionAndSpinCount
0x426120 TlsAlloc
0x426124 TlsGetValue
0x426128 TlsSetValue
0x42612c TlsFree
0x426130 EncodePointer
0x426134 RaiseException
0x426138 GetCommandLineA
0x42613c CreateFileW
0x426140 GetDriveTypeW
0x426144 GetFileInformationByHandle
0x426148 GetFileType
0x42614c PeekNamedPipe
0x426150 SystemTimeToTzSpecificLocalTime
0x426154 FileTimeToSystemTime
0x426158 GetFullPathNameW
0x42615c RemoveDirectoryW
0x426160 FindNextFileW
0x426164 SetStdHandle
0x426168 DeleteFileW
0x42616c ReadFile
0x426170 GetStdHandle
0x426174 WriteFile
0x426178 ExitProcess
0x42617c GetModuleHandleExW
0x426180 HeapFree
0x426184 GetConsoleMode
0x426188 ReadConsoleW
0x42618c SetFilePointerEx
0x426190 GetConsoleOutputCP
0x426194 GetFileSizeEx
0x426198 HeapAlloc
0x42619c CompareStringW
0x4261a0 LCMapStringW
ADVAPI32.dll
0x426000 OpenProcessToken
0x426004 GetTokenInformation
0x426008 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x42600c ConvertSidToStringSidW
GDI32.dll
0x42601c SelectObject
0x426020 DeleteObject
0x426024 CreateFontIndirectW
EAT(Export Address Table) is none
USER32.dll
0x4261a8 CreateWindowExW
0x4261ac MessageBoxW
0x4261b0 MessageBoxA
0x4261b4 SystemParametersInfoW
0x4261b8 DestroyIcon
0x4261bc SetWindowLongW
0x4261c0 GetWindowLongW
0x4261c4 GetClientRect
0x4261c8 InvalidateRect
0x4261cc ReleaseDC
0x4261d0 GetDC
0x4261d4 DrawTextW
0x4261d8 GetDialogBaseUnits
0x4261dc EndDialog
0x4261e0 DialogBoxIndirectParamW
0x4261e4 MoveWindow
0x4261e8 SendMessageW
COMCTL32.dll
0x426014 None
KERNEL32.dll
0x42602c IsValidCodePage
0x426030 GetStringTypeW
0x426034 GetFileAttributesExW
0x426038 HeapReAlloc
0x42603c FlushFileBuffers
0x426040 GetCurrentDirectoryW
0x426044 GetACP
0x426048 GetOEMCP
0x42604c GetModuleHandleW
0x426050 MulDiv
0x426054 GetLastError
0x426058 SetDllDirectoryW
0x42605c GetModuleFileNameW
0x426060 GetProcAddress
0x426064 GetCommandLineW
0x426068 GetEnvironmentVariableW
0x42606c GetCPInfo
0x426070 ExpandEnvironmentStringsW
0x426074 CreateDirectoryW
0x426078 GetTempPathW
0x42607c WaitForSingleObject
0x426080 Sleep
0x426084 GetExitCodeProcess
0x426088 CreateProcessW
0x42608c GetStartupInfoW
0x426090 FreeLibrary
0x426094 LoadLibraryExW
0x426098 SetConsoleCtrlHandler
0x42609c FindClose
0x4260a0 FindFirstFileExW
0x4260a4 CloseHandle
0x4260a8 GetCurrentProcess
0x4260ac LocalFree
0x4260b0 FormatMessageW
0x4260b4 MultiByteToWideChar
0x4260b8 WideCharToMultiByte
0x4260bc GetEnvironmentStringsW
0x4260c0 FreeEnvironmentStringsW
0x4260c4 GetProcessHeap
0x4260c8 GetTimeZoneInformation
0x4260cc HeapSize
0x4260d0 WriteConsoleW
0x4260d4 SetEndOfFile
0x4260d8 SetEnvironmentVariableW
0x4260dc IsDebuggerPresent
0x4260e0 UnhandledExceptionFilter
0x4260e4 SetUnhandledExceptionFilter
0x4260e8 TerminateProcess
0x4260ec IsProcessorFeaturePresent
0x4260f0 QueryPerformanceCounter
0x4260f4 GetCurrentProcessId
0x4260f8 GetCurrentThreadId
0x4260fc GetSystemTimeAsFileTime
0x426100 InitializeSListHead
0x426104 DecodePointer
0x426108 RtlUnwind
0x42610c SetLastError
0x426110 EnterCriticalSection
0x426114 LeaveCriticalSection
0x426118 DeleteCriticalSection
0x42611c InitializeCriticalSectionAndSpinCount
0x426120 TlsAlloc
0x426124 TlsGetValue
0x426128 TlsSetValue
0x42612c TlsFree
0x426130 EncodePointer
0x426134 RaiseException
0x426138 GetCommandLineA
0x42613c CreateFileW
0x426140 GetDriveTypeW
0x426144 GetFileInformationByHandle
0x426148 GetFileType
0x42614c PeekNamedPipe
0x426150 SystemTimeToTzSpecificLocalTime
0x426154 FileTimeToSystemTime
0x426158 GetFullPathNameW
0x42615c RemoveDirectoryW
0x426160 FindNextFileW
0x426164 SetStdHandle
0x426168 DeleteFileW
0x42616c ReadFile
0x426170 GetStdHandle
0x426174 WriteFile
0x426178 ExitProcess
0x42617c GetModuleHandleExW
0x426180 HeapFree
0x426184 GetConsoleMode
0x426188 ReadConsoleW
0x42618c SetFilePointerEx
0x426190 GetConsoleOutputCP
0x426194 GetFileSizeEx
0x426198 HeapAlloc
0x42619c CompareStringW
0x4261a0 LCMapStringW
ADVAPI32.dll
0x426000 OpenProcessToken
0x426004 GetTokenInformation
0x426008 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x42600c ConvertSidToStringSidW
GDI32.dll
0x42601c SelectObject
0x426020 DeleteObject
0x426024 CreateFontIndirectW
EAT(Export Address Table) is none