ScreenShot
| Created | 2021.05.28 16:43 | Machine | s1_win7_x6401 |
| Filename | bmw.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, ZexaF, IqW@aGKEN0pi, Kryptik, Eldorado, Attribute, HighConfidence, FileRepMalware, ET#82%, RDMK, cmRtazptTUcDFgXHKfPTkXR6cDuq, score, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | cffded7466d8a28a09577a407c907fc3 | ||
| sha256 | 3782c99373f1569a81779cf5dd2b0db5569be6d145e173cd3adb5f32a0baa563 | ||
| ssdeep | 12288:RmI0+I8bb2kDkIBIjBrhzSzI81Vk3OF7xGPLfwyKv4+jrOMvo:K+I8bKMItK1jkeVMjfwyKgu | ||
| imphash | 9c1c0bbb212d87567abf60c2a5258a8e | ||
| impfuzzy | 48:rzppRW9EXX1JuXYAm7cEpA9UOZ6Otyauefc/SyWqtBBY:rXY9kX1JuXGvA9UWBtfuefc/Sbqt4 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x471000 EnumResourceNamesW
0x471004 SetPriorityClass
0x471008 lstrlenA
0x47100c GetConsoleAliasesLengthW
0x471010 TlsGetValue
0x471014 CommConfigDialogA
0x471018 ZombifyActCtx
0x47101c GlobalSize
0x471020 SetHandleInformation
0x471024 WriteConsoleInputA
0x471028 GetComputerNameW
0x47102c OpenSemaphoreA
0x471030 FindFirstFileExW
0x471034 CallNamedPipeW
0x471038 GetTickCount
0x47103c GetWindowsDirectoryA
0x471040 FindActCtxSectionStringA
0x471044 EnumTimeFormatsW
0x471048 FindResourceExA
0x47104c GlobalAlloc
0x471050 GetVolumeInformationA
0x471054 ReadConsoleInputA
0x471058 GetPrivateProfileStructW
0x47105c SetVolumeMountPointA
0x471060 DnsHostnameToComputerNameW
0x471064 SetConsoleMode
0x471068 GetFileAttributesW
0x47106c VerifyVersionInfoA
0x471070 WriteConsoleW
0x471074 WritePrivateProfileSectionW
0x471078 IsDBCSLeadByte
0x47107c ReadFile
0x471080 SetThreadPriority
0x471084 SetConsoleTitleA
0x471088 ReleaseActCtx
0x47108c GetFileSizeEx
0x471090 SetCurrentDirectoryA
0x471094 SetThreadLocale
0x471098 GetStdHandle
0x47109c FillConsoleOutputCharacterW
0x4710a0 OpenMutexW
0x4710a4 GetLastError
0x4710a8 SetLastError
0x4710ac ReadConsoleOutputCharacterA
0x4710b0 WriteProfileSectionA
0x4710b4 SetStdHandle
0x4710b8 LoadLibraryA
0x4710bc ProcessIdToSessionId
0x4710c0 MoveFileA
0x4710c4 AddAtomW
0x4710c8 SetFileApisToANSI
0x4710cc SetConsoleWindowInfo
0x4710d0 FindAtomA
0x4710d4 WaitForMultipleObjects
0x4710d8 GetPrivateProfileSectionNamesA
0x4710dc SetConsoleCursorInfo
0x4710e0 DebugSetProcessKillOnExit
0x4710e4 GetProcessShutdownParameters
0x4710e8 BuildCommDCBA
0x4710ec VirtualProtect
0x4710f0 CompareStringA
0x4710f4 WaitForDebugEvent
0x4710f8 GetCurrentThreadId
0x4710fc GetVersionExA
0x471100 LocalSize
0x471104 AddConsoleAliasA
0x471108 OpenFileMappingA
0x47110c GlobalReAlloc
0x471110 DeleteFileA
0x471114 InterlockedIncrement
0x471118 InterlockedDecrement
0x47111c DecodePointer
0x471120 GetProcAddress
0x471124 GetModuleHandleW
0x471128 ExitProcess
0x47112c GetCommandLineW
0x471130 HeapSetInformation
0x471134 GetStartupInfoW
0x471138 TerminateProcess
0x47113c GetCurrentProcess
0x471140 UnhandledExceptionFilter
0x471144 SetUnhandledExceptionFilter
0x471148 IsDebuggerPresent
0x47114c EncodePointer
0x471150 GetModuleFileNameW
0x471154 HeapValidate
0x471158 IsBadReadPtr
0x47115c WriteFile
0x471160 GetACP
0x471164 GetOEMCP
0x471168 GetCPInfo
0x47116c IsValidCodePage
0x471170 TlsAlloc
0x471174 TlsSetValue
0x471178 TlsFree
0x47117c InitializeCriticalSectionAndSpinCount
0x471180 DeleteCriticalSection
0x471184 EnterCriticalSection
0x471188 LeaveCriticalSection
0x47118c LoadLibraryW
0x471190 QueryPerformanceCounter
0x471194 GetCurrentProcessId
0x471198 GetSystemTimeAsFileTime
0x47119c FreeEnvironmentStringsW
0x4711a0 GetEnvironmentStringsW
0x4711a4 SetHandleCount
0x4711a8 GetFileType
0x4711ac HeapCreate
0x4711b0 SetFilePointer
0x4711b4 WideCharToMultiByte
0x4711b8 GetConsoleCP
0x4711bc GetConsoleMode
0x4711c0 OutputDebugStringA
0x4711c4 OutputDebugStringW
0x4711c8 MultiByteToWideChar
0x4711cc IsProcessorFeaturePresent
0x4711d0 HeapAlloc
0x4711d4 GetModuleFileNameA
0x4711d8 HeapReAlloc
0x4711dc HeapSize
0x4711e0 HeapQueryInformation
0x4711e4 HeapFree
0x4711e8 RtlUnwind
0x4711ec LCMapStringW
0x4711f0 GetStringTypeW
0x4711f4 CreateFileW
0x4711f8 CloseHandle
0x4711fc FlushFileBuffers
0x471200 RaiseException
USER32.dll
0x471208 GetMessageTime
0x47120c GetMenuInfo
EAT(Export Address Table) Library
0x467a50 _zabiray@8
KERNEL32.dll
0x471000 EnumResourceNamesW
0x471004 SetPriorityClass
0x471008 lstrlenA
0x47100c GetConsoleAliasesLengthW
0x471010 TlsGetValue
0x471014 CommConfigDialogA
0x471018 ZombifyActCtx
0x47101c GlobalSize
0x471020 SetHandleInformation
0x471024 WriteConsoleInputA
0x471028 GetComputerNameW
0x47102c OpenSemaphoreA
0x471030 FindFirstFileExW
0x471034 CallNamedPipeW
0x471038 GetTickCount
0x47103c GetWindowsDirectoryA
0x471040 FindActCtxSectionStringA
0x471044 EnumTimeFormatsW
0x471048 FindResourceExA
0x47104c GlobalAlloc
0x471050 GetVolumeInformationA
0x471054 ReadConsoleInputA
0x471058 GetPrivateProfileStructW
0x47105c SetVolumeMountPointA
0x471060 DnsHostnameToComputerNameW
0x471064 SetConsoleMode
0x471068 GetFileAttributesW
0x47106c VerifyVersionInfoA
0x471070 WriteConsoleW
0x471074 WritePrivateProfileSectionW
0x471078 IsDBCSLeadByte
0x47107c ReadFile
0x471080 SetThreadPriority
0x471084 SetConsoleTitleA
0x471088 ReleaseActCtx
0x47108c GetFileSizeEx
0x471090 SetCurrentDirectoryA
0x471094 SetThreadLocale
0x471098 GetStdHandle
0x47109c FillConsoleOutputCharacterW
0x4710a0 OpenMutexW
0x4710a4 GetLastError
0x4710a8 SetLastError
0x4710ac ReadConsoleOutputCharacterA
0x4710b0 WriteProfileSectionA
0x4710b4 SetStdHandle
0x4710b8 LoadLibraryA
0x4710bc ProcessIdToSessionId
0x4710c0 MoveFileA
0x4710c4 AddAtomW
0x4710c8 SetFileApisToANSI
0x4710cc SetConsoleWindowInfo
0x4710d0 FindAtomA
0x4710d4 WaitForMultipleObjects
0x4710d8 GetPrivateProfileSectionNamesA
0x4710dc SetConsoleCursorInfo
0x4710e0 DebugSetProcessKillOnExit
0x4710e4 GetProcessShutdownParameters
0x4710e8 BuildCommDCBA
0x4710ec VirtualProtect
0x4710f0 CompareStringA
0x4710f4 WaitForDebugEvent
0x4710f8 GetCurrentThreadId
0x4710fc GetVersionExA
0x471100 LocalSize
0x471104 AddConsoleAliasA
0x471108 OpenFileMappingA
0x47110c GlobalReAlloc
0x471110 DeleteFileA
0x471114 InterlockedIncrement
0x471118 InterlockedDecrement
0x47111c DecodePointer
0x471120 GetProcAddress
0x471124 GetModuleHandleW
0x471128 ExitProcess
0x47112c GetCommandLineW
0x471130 HeapSetInformation
0x471134 GetStartupInfoW
0x471138 TerminateProcess
0x47113c GetCurrentProcess
0x471140 UnhandledExceptionFilter
0x471144 SetUnhandledExceptionFilter
0x471148 IsDebuggerPresent
0x47114c EncodePointer
0x471150 GetModuleFileNameW
0x471154 HeapValidate
0x471158 IsBadReadPtr
0x47115c WriteFile
0x471160 GetACP
0x471164 GetOEMCP
0x471168 GetCPInfo
0x47116c IsValidCodePage
0x471170 TlsAlloc
0x471174 TlsSetValue
0x471178 TlsFree
0x47117c InitializeCriticalSectionAndSpinCount
0x471180 DeleteCriticalSection
0x471184 EnterCriticalSection
0x471188 LeaveCriticalSection
0x47118c LoadLibraryW
0x471190 QueryPerformanceCounter
0x471194 GetCurrentProcessId
0x471198 GetSystemTimeAsFileTime
0x47119c FreeEnvironmentStringsW
0x4711a0 GetEnvironmentStringsW
0x4711a4 SetHandleCount
0x4711a8 GetFileType
0x4711ac HeapCreate
0x4711b0 SetFilePointer
0x4711b4 WideCharToMultiByte
0x4711b8 GetConsoleCP
0x4711bc GetConsoleMode
0x4711c0 OutputDebugStringA
0x4711c4 OutputDebugStringW
0x4711c8 MultiByteToWideChar
0x4711cc IsProcessorFeaturePresent
0x4711d0 HeapAlloc
0x4711d4 GetModuleFileNameA
0x4711d8 HeapReAlloc
0x4711dc HeapSize
0x4711e0 HeapQueryInformation
0x4711e4 HeapFree
0x4711e8 RtlUnwind
0x4711ec LCMapStringW
0x4711f0 GetStringTypeW
0x4711f4 CreateFileW
0x4711f8 CloseHandle
0x4711fc FlushFileBuffers
0x471200 RaiseException
USER32.dll
0x471208 GetMessageTime
0x47120c GetMenuInfo
EAT(Export Address Table) Library
0x467a50 _zabiray@8