ScreenShot
| Created | 2021.05.26 17:53 | Machine | s1_win7_x6402 |
| Filename | bmw1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, ZexaF, qqW@aeO40kmG, Attribute, HighConfidence, A + Mal, GandCrypt, Wacatac, score, Artemis, ET#84%, RDMK, cmRtazoDcL0QVkLvjOQbC5P8yT9C, Static AI, Malicious PE, susgen) | ||
| md5 | e566e9b44e24135623225c6626391307 | ||
| sha256 | 2be32eea88031e426a238d075c6c68d10f180b98b4b9abd8e04b576200fca199 | ||
| ssdeep | 6144:log1t1H1rYnNu3joOwHl1mwlBVg1Ox1XMYNnlr:qct11rYnNxOwHl1mwHVNx9MY | ||
| imphash | d7c81dc5d7a7339f83d752904b3324f5 | ||
| impfuzzy | 48:WzpZoVcLzUJX1rdN01fP9iFqP46hfpKQtBaC/SxpzB+Y:WI6veX1JePqO4CfpftoC/SxpzD | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x422000 FillConsoleOutputCharacterA
0x422004 WriteConsoleInputW
0x422008 SetFilePointer
0x42200c lstrlenA
0x422010 GetConsoleAliasesLengthW
0x422014 TlsGetValue
0x422018 CommConfigDialogA
0x42201c FindResourceExW
0x422020 CallNamedPipeA
0x422024 LoadResource
0x422028 WritePrivateProfileSectionA
0x42202c GlobalSize
0x422030 CreateJobObjectW
0x422034 WaitForSingleObject
0x422038 SignalObjectAndWait
0x42203c SetComputerNameW
0x422040 SetVolumeMountPointW
0x422044 GetProcessPriorityBoost
0x422048 GetTickCount
0x42204c GetPrivateProfileStringW
0x422050 EnumTimeFormatsW
0x422054 GlobalAlloc
0x422058 GetConsoleMode
0x42205c TerminateThread
0x422060 ReadConsoleInputA
0x422064 SizeofResource
0x422068 SetVolumeMountPointA
0x42206c GetVersionExW
0x422070 DnsHostnameToComputerNameW
0x422074 SetConsoleMode
0x422078 SetConsoleCursorPosition
0x42207c GetFileAttributesW
0x422080 SetTimeZoneInformation
0x422084 WriteConsoleW
0x422088 ReadFile
0x42208c CompareStringW
0x422090 SetThreadPriority
0x422094 DeactivateActCtx
0x422098 VerifyVersionInfoW
0x42209c InterlockedExchange
0x4220a0 GetFileSizeEx
0x4220a4 GetStdHandle
0x4220a8 OpenMutexW
0x4220ac FindFirstFileExA
0x4220b0 GetLastError
0x4220b4 ReadConsoleOutputCharacterA
0x4220b8 GetProcAddress
0x4220bc VirtualAlloc
0x4220c0 SetVolumeLabelW
0x4220c4 MoveFileW
0x4220c8 WriteProfileSectionA
0x4220cc SetStdHandle
0x4220d0 SetComputerNameA
0x4220d4 ResetEvent
0x4220d8 SetFileApisToOEM
0x4220dc LoadLibraryA
0x4220e0 ProcessIdToSessionId
0x4220e4 LocalAlloc
0x4220e8 IsSystemResumeAutomatic
0x4220ec AddAtomW
0x4220f0 SetCurrentDirectoryW
0x4220f4 SetFileApisToANSI
0x4220f8 WriteProfileSectionW
0x4220fc FindAtomA
0x422100 GetPrivateProfileStructA
0x422104 GetPrivateProfileSectionNamesA
0x422108 GetThreadPriority
0x42210c DebugBreakProcess
0x422110 EnumResourceNamesA
0x422114 GetStringTypeW
0x422118 BuildCommDCBA
0x42211c WaitForDebugEvent
0x422120 ScrollConsoleScreenBufferA
0x422124 GetCurrentThreadId
0x422128 DuplicateHandle
0x42212c SetProcessShutdownParameters
0x422130 OpenSemaphoreW
0x422134 LocalSize
0x422138 AddConsoleAliasA
0x42213c DebugBreak
0x422140 FindActCtxSectionStringW
0x422144 GetVolumeInformationW
0x422148 InterlockedIncrement
0x42214c InterlockedDecrement
0x422150 DecodePointer
0x422154 GetModuleHandleW
0x422158 ExitProcess
0x42215c GetCommandLineW
0x422160 HeapSetInformation
0x422164 GetStartupInfoW
0x422168 LeaveCriticalSection
0x42216c EnterCriticalSection
0x422170 InitializeCriticalSectionAndSpinCount
0x422174 GetFileType
0x422178 WriteFile
0x42217c WideCharToMultiByte
0x422180 GetConsoleCP
0x422184 TerminateProcess
0x422188 GetCurrentProcess
0x42218c UnhandledExceptionFilter
0x422190 SetUnhandledExceptionFilter
0x422194 IsDebuggerPresent
0x422198 EncodePointer
0x42219c GetModuleFileNameW
0x4221a0 IsProcessorFeaturePresent
0x4221a4 HeapValidate
0x4221a8 IsBadReadPtr
0x4221ac GetACP
0x4221b0 GetOEMCP
0x4221b4 GetCPInfo
0x4221b8 IsValidCodePage
0x4221bc TlsAlloc
0x4221c0 TlsSetValue
0x4221c4 TlsFree
0x4221c8 SetLastError
0x4221cc DeleteCriticalSection
0x4221d0 LoadLibraryW
0x4221d4 QueryPerformanceCounter
0x4221d8 GetCurrentProcessId
0x4221dc GetSystemTimeAsFileTime
0x4221e0 FreeEnvironmentStringsW
0x4221e4 GetEnvironmentStringsW
0x4221e8 SetHandleCount
0x4221ec HeapCreate
0x4221f0 MultiByteToWideChar
0x4221f4 RtlUnwind
0x4221f8 OutputDebugStringA
0x4221fc OutputDebugStringW
0x422200 HeapAlloc
0x422204 GetModuleFileNameA
0x422208 HeapReAlloc
0x42220c HeapSize
0x422210 HeapQueryInformation
0x422214 HeapFree
0x422218 LCMapStringW
0x42221c CreateFileW
0x422220 CloseHandle
0x422224 FlushFileBuffers
0x422228 RaiseException
USER32.dll
0x422230 GetComboBoxInfo
0x422234 GetMenuInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x422000 FillConsoleOutputCharacterA
0x422004 WriteConsoleInputW
0x422008 SetFilePointer
0x42200c lstrlenA
0x422010 GetConsoleAliasesLengthW
0x422014 TlsGetValue
0x422018 CommConfigDialogA
0x42201c FindResourceExW
0x422020 CallNamedPipeA
0x422024 LoadResource
0x422028 WritePrivateProfileSectionA
0x42202c GlobalSize
0x422030 CreateJobObjectW
0x422034 WaitForSingleObject
0x422038 SignalObjectAndWait
0x42203c SetComputerNameW
0x422040 SetVolumeMountPointW
0x422044 GetProcessPriorityBoost
0x422048 GetTickCount
0x42204c GetPrivateProfileStringW
0x422050 EnumTimeFormatsW
0x422054 GlobalAlloc
0x422058 GetConsoleMode
0x42205c TerminateThread
0x422060 ReadConsoleInputA
0x422064 SizeofResource
0x422068 SetVolumeMountPointA
0x42206c GetVersionExW
0x422070 DnsHostnameToComputerNameW
0x422074 SetConsoleMode
0x422078 SetConsoleCursorPosition
0x42207c GetFileAttributesW
0x422080 SetTimeZoneInformation
0x422084 WriteConsoleW
0x422088 ReadFile
0x42208c CompareStringW
0x422090 SetThreadPriority
0x422094 DeactivateActCtx
0x422098 VerifyVersionInfoW
0x42209c InterlockedExchange
0x4220a0 GetFileSizeEx
0x4220a4 GetStdHandle
0x4220a8 OpenMutexW
0x4220ac FindFirstFileExA
0x4220b0 GetLastError
0x4220b4 ReadConsoleOutputCharacterA
0x4220b8 GetProcAddress
0x4220bc VirtualAlloc
0x4220c0 SetVolumeLabelW
0x4220c4 MoveFileW
0x4220c8 WriteProfileSectionA
0x4220cc SetStdHandle
0x4220d0 SetComputerNameA
0x4220d4 ResetEvent
0x4220d8 SetFileApisToOEM
0x4220dc LoadLibraryA
0x4220e0 ProcessIdToSessionId
0x4220e4 LocalAlloc
0x4220e8 IsSystemResumeAutomatic
0x4220ec AddAtomW
0x4220f0 SetCurrentDirectoryW
0x4220f4 SetFileApisToANSI
0x4220f8 WriteProfileSectionW
0x4220fc FindAtomA
0x422100 GetPrivateProfileStructA
0x422104 GetPrivateProfileSectionNamesA
0x422108 GetThreadPriority
0x42210c DebugBreakProcess
0x422110 EnumResourceNamesA
0x422114 GetStringTypeW
0x422118 BuildCommDCBA
0x42211c WaitForDebugEvent
0x422120 ScrollConsoleScreenBufferA
0x422124 GetCurrentThreadId
0x422128 DuplicateHandle
0x42212c SetProcessShutdownParameters
0x422130 OpenSemaphoreW
0x422134 LocalSize
0x422138 AddConsoleAliasA
0x42213c DebugBreak
0x422140 FindActCtxSectionStringW
0x422144 GetVolumeInformationW
0x422148 InterlockedIncrement
0x42214c InterlockedDecrement
0x422150 DecodePointer
0x422154 GetModuleHandleW
0x422158 ExitProcess
0x42215c GetCommandLineW
0x422160 HeapSetInformation
0x422164 GetStartupInfoW
0x422168 LeaveCriticalSection
0x42216c EnterCriticalSection
0x422170 InitializeCriticalSectionAndSpinCount
0x422174 GetFileType
0x422178 WriteFile
0x42217c WideCharToMultiByte
0x422180 GetConsoleCP
0x422184 TerminateProcess
0x422188 GetCurrentProcess
0x42218c UnhandledExceptionFilter
0x422190 SetUnhandledExceptionFilter
0x422194 IsDebuggerPresent
0x422198 EncodePointer
0x42219c GetModuleFileNameW
0x4221a0 IsProcessorFeaturePresent
0x4221a4 HeapValidate
0x4221a8 IsBadReadPtr
0x4221ac GetACP
0x4221b0 GetOEMCP
0x4221b4 GetCPInfo
0x4221b8 IsValidCodePage
0x4221bc TlsAlloc
0x4221c0 TlsSetValue
0x4221c4 TlsFree
0x4221c8 SetLastError
0x4221cc DeleteCriticalSection
0x4221d0 LoadLibraryW
0x4221d4 QueryPerformanceCounter
0x4221d8 GetCurrentProcessId
0x4221dc GetSystemTimeAsFileTime
0x4221e0 FreeEnvironmentStringsW
0x4221e4 GetEnvironmentStringsW
0x4221e8 SetHandleCount
0x4221ec HeapCreate
0x4221f0 MultiByteToWideChar
0x4221f4 RtlUnwind
0x4221f8 OutputDebugStringA
0x4221fc OutputDebugStringW
0x422200 HeapAlloc
0x422204 GetModuleFileNameA
0x422208 HeapReAlloc
0x42220c HeapSize
0x422210 HeapQueryInformation
0x422214 HeapFree
0x422218 LCMapStringW
0x42221c CreateFileW
0x422220 CloseHandle
0x422224 FlushFileBuffers
0x422228 RaiseException
USER32.dll
0x422230 GetComboBoxInfo
0x422234 GetMenuInfo
EAT(Export Address Table) is none