ScreenShot
| Created | 2021.05.28 16:45 | Machine | s1_win7_x6401 |
| Filename | bmw1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 24 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Kryptik, Eldorado, Attribute, HighConfidence, FileRepMalware, Static AI, Malicious PE, Score, Azorult, ET#82%, RDMK, cmRtazqEEotfcP6Hl4cOzP8JPKqE, susgen, ZexaF, qqW@ayPPstli, confidence) | ||
| md5 | 6387d9c50daa7741006fbe72cf0ee048 | ||
| sha256 | 5df2241fa2897475737e276eb1b835b2842549db4a3f878f563c471c23cc0530 | ||
| ssdeep | 6144:T2hfGFzfLX0UbaDjRoEdv0CjMRtjiDvzLvWa/R:T2hOFzfLxbpCv1MRBiDnvZ | ||
| imphash | 9c1c0bbb212d87567abf60c2a5258a8e | ||
| impfuzzy | 48:rzppRW9EXX1JuXYAm7cEpA9UOZ6Otyauefc/SyWqtBBY:rXY9kX1JuXGvA9UWBtfuefc/Sbqt4 | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 24 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42a000 EnumResourceNamesW
0x42a004 SetPriorityClass
0x42a008 lstrlenA
0x42a00c GetConsoleAliasesLengthW
0x42a010 TlsGetValue
0x42a014 CommConfigDialogA
0x42a018 ZombifyActCtx
0x42a01c GlobalSize
0x42a020 SetHandleInformation
0x42a024 WriteConsoleInputA
0x42a028 GetComputerNameW
0x42a02c OpenSemaphoreA
0x42a030 FindFirstFileExW
0x42a034 CallNamedPipeW
0x42a038 GetTickCount
0x42a03c GetWindowsDirectoryA
0x42a040 FindActCtxSectionStringA
0x42a044 EnumTimeFormatsW
0x42a048 FindResourceExA
0x42a04c GlobalAlloc
0x42a050 GetVolumeInformationA
0x42a054 ReadConsoleInputA
0x42a058 GetPrivateProfileStructW
0x42a05c SetVolumeMountPointA
0x42a060 DnsHostnameToComputerNameW
0x42a064 SetConsoleMode
0x42a068 GetFileAttributesW
0x42a06c VerifyVersionInfoA
0x42a070 WriteConsoleW
0x42a074 WritePrivateProfileSectionW
0x42a078 IsDBCSLeadByte
0x42a07c ReadFile
0x42a080 SetThreadPriority
0x42a084 SetConsoleTitleA
0x42a088 ReleaseActCtx
0x42a08c GetFileSizeEx
0x42a090 SetCurrentDirectoryA
0x42a094 SetThreadLocale
0x42a098 GetStdHandle
0x42a09c FillConsoleOutputCharacterW
0x42a0a0 OpenMutexW
0x42a0a4 GetLastError
0x42a0a8 SetLastError
0x42a0ac ReadConsoleOutputCharacterA
0x42a0b0 WriteProfileSectionA
0x42a0b4 SetStdHandle
0x42a0b8 LoadLibraryA
0x42a0bc ProcessIdToSessionId
0x42a0c0 MoveFileA
0x42a0c4 AddAtomW
0x42a0c8 SetFileApisToANSI
0x42a0cc SetConsoleWindowInfo
0x42a0d0 FindAtomA
0x42a0d4 WaitForMultipleObjects
0x42a0d8 GetPrivateProfileSectionNamesA
0x42a0dc SetConsoleCursorInfo
0x42a0e0 DebugSetProcessKillOnExit
0x42a0e4 GetProcessShutdownParameters
0x42a0e8 BuildCommDCBA
0x42a0ec VirtualProtect
0x42a0f0 CompareStringA
0x42a0f4 WaitForDebugEvent
0x42a0f8 GetCurrentThreadId
0x42a0fc GetVersionExA
0x42a100 LocalSize
0x42a104 AddConsoleAliasA
0x42a108 OpenFileMappingA
0x42a10c GlobalReAlloc
0x42a110 DeleteFileA
0x42a114 InterlockedIncrement
0x42a118 InterlockedDecrement
0x42a11c DecodePointer
0x42a120 GetProcAddress
0x42a124 GetModuleHandleW
0x42a128 ExitProcess
0x42a12c GetCommandLineW
0x42a130 HeapSetInformation
0x42a134 GetStartupInfoW
0x42a138 TerminateProcess
0x42a13c GetCurrentProcess
0x42a140 UnhandledExceptionFilter
0x42a144 SetUnhandledExceptionFilter
0x42a148 IsDebuggerPresent
0x42a14c EncodePointer
0x42a150 GetModuleFileNameW
0x42a154 HeapValidate
0x42a158 IsBadReadPtr
0x42a15c WriteFile
0x42a160 GetACP
0x42a164 GetOEMCP
0x42a168 GetCPInfo
0x42a16c IsValidCodePage
0x42a170 TlsAlloc
0x42a174 TlsSetValue
0x42a178 TlsFree
0x42a17c InitializeCriticalSectionAndSpinCount
0x42a180 DeleteCriticalSection
0x42a184 EnterCriticalSection
0x42a188 LeaveCriticalSection
0x42a18c LoadLibraryW
0x42a190 QueryPerformanceCounter
0x42a194 GetCurrentProcessId
0x42a198 GetSystemTimeAsFileTime
0x42a19c FreeEnvironmentStringsW
0x42a1a0 GetEnvironmentStringsW
0x42a1a4 SetHandleCount
0x42a1a8 GetFileType
0x42a1ac HeapCreate
0x42a1b0 SetFilePointer
0x42a1b4 WideCharToMultiByte
0x42a1b8 GetConsoleCP
0x42a1bc GetConsoleMode
0x42a1c0 OutputDebugStringA
0x42a1c4 OutputDebugStringW
0x42a1c8 MultiByteToWideChar
0x42a1cc IsProcessorFeaturePresent
0x42a1d0 HeapAlloc
0x42a1d4 GetModuleFileNameA
0x42a1d8 HeapReAlloc
0x42a1dc HeapSize
0x42a1e0 HeapQueryInformation
0x42a1e4 HeapFree
0x42a1e8 RtlUnwind
0x42a1ec LCMapStringW
0x42a1f0 GetStringTypeW
0x42a1f4 CreateFileW
0x42a1f8 CloseHandle
0x42a1fc FlushFileBuffers
0x42a200 RaiseException
USER32.dll
0x42a208 GetMessageTime
0x42a20c GetMenuInfo
EAT(Export Address Table) Library
0x420ec0 _zabiray@8
KERNEL32.dll
0x42a000 EnumResourceNamesW
0x42a004 SetPriorityClass
0x42a008 lstrlenA
0x42a00c GetConsoleAliasesLengthW
0x42a010 TlsGetValue
0x42a014 CommConfigDialogA
0x42a018 ZombifyActCtx
0x42a01c GlobalSize
0x42a020 SetHandleInformation
0x42a024 WriteConsoleInputA
0x42a028 GetComputerNameW
0x42a02c OpenSemaphoreA
0x42a030 FindFirstFileExW
0x42a034 CallNamedPipeW
0x42a038 GetTickCount
0x42a03c GetWindowsDirectoryA
0x42a040 FindActCtxSectionStringA
0x42a044 EnumTimeFormatsW
0x42a048 FindResourceExA
0x42a04c GlobalAlloc
0x42a050 GetVolumeInformationA
0x42a054 ReadConsoleInputA
0x42a058 GetPrivateProfileStructW
0x42a05c SetVolumeMountPointA
0x42a060 DnsHostnameToComputerNameW
0x42a064 SetConsoleMode
0x42a068 GetFileAttributesW
0x42a06c VerifyVersionInfoA
0x42a070 WriteConsoleW
0x42a074 WritePrivateProfileSectionW
0x42a078 IsDBCSLeadByte
0x42a07c ReadFile
0x42a080 SetThreadPriority
0x42a084 SetConsoleTitleA
0x42a088 ReleaseActCtx
0x42a08c GetFileSizeEx
0x42a090 SetCurrentDirectoryA
0x42a094 SetThreadLocale
0x42a098 GetStdHandle
0x42a09c FillConsoleOutputCharacterW
0x42a0a0 OpenMutexW
0x42a0a4 GetLastError
0x42a0a8 SetLastError
0x42a0ac ReadConsoleOutputCharacterA
0x42a0b0 WriteProfileSectionA
0x42a0b4 SetStdHandle
0x42a0b8 LoadLibraryA
0x42a0bc ProcessIdToSessionId
0x42a0c0 MoveFileA
0x42a0c4 AddAtomW
0x42a0c8 SetFileApisToANSI
0x42a0cc SetConsoleWindowInfo
0x42a0d0 FindAtomA
0x42a0d4 WaitForMultipleObjects
0x42a0d8 GetPrivateProfileSectionNamesA
0x42a0dc SetConsoleCursorInfo
0x42a0e0 DebugSetProcessKillOnExit
0x42a0e4 GetProcessShutdownParameters
0x42a0e8 BuildCommDCBA
0x42a0ec VirtualProtect
0x42a0f0 CompareStringA
0x42a0f4 WaitForDebugEvent
0x42a0f8 GetCurrentThreadId
0x42a0fc GetVersionExA
0x42a100 LocalSize
0x42a104 AddConsoleAliasA
0x42a108 OpenFileMappingA
0x42a10c GlobalReAlloc
0x42a110 DeleteFileA
0x42a114 InterlockedIncrement
0x42a118 InterlockedDecrement
0x42a11c DecodePointer
0x42a120 GetProcAddress
0x42a124 GetModuleHandleW
0x42a128 ExitProcess
0x42a12c GetCommandLineW
0x42a130 HeapSetInformation
0x42a134 GetStartupInfoW
0x42a138 TerminateProcess
0x42a13c GetCurrentProcess
0x42a140 UnhandledExceptionFilter
0x42a144 SetUnhandledExceptionFilter
0x42a148 IsDebuggerPresent
0x42a14c EncodePointer
0x42a150 GetModuleFileNameW
0x42a154 HeapValidate
0x42a158 IsBadReadPtr
0x42a15c WriteFile
0x42a160 GetACP
0x42a164 GetOEMCP
0x42a168 GetCPInfo
0x42a16c IsValidCodePage
0x42a170 TlsAlloc
0x42a174 TlsSetValue
0x42a178 TlsFree
0x42a17c InitializeCriticalSectionAndSpinCount
0x42a180 DeleteCriticalSection
0x42a184 EnterCriticalSection
0x42a188 LeaveCriticalSection
0x42a18c LoadLibraryW
0x42a190 QueryPerformanceCounter
0x42a194 GetCurrentProcessId
0x42a198 GetSystemTimeAsFileTime
0x42a19c FreeEnvironmentStringsW
0x42a1a0 GetEnvironmentStringsW
0x42a1a4 SetHandleCount
0x42a1a8 GetFileType
0x42a1ac HeapCreate
0x42a1b0 SetFilePointer
0x42a1b4 WideCharToMultiByte
0x42a1b8 GetConsoleCP
0x42a1bc GetConsoleMode
0x42a1c0 OutputDebugStringA
0x42a1c4 OutputDebugStringW
0x42a1c8 MultiByteToWideChar
0x42a1cc IsProcessorFeaturePresent
0x42a1d0 HeapAlloc
0x42a1d4 GetModuleFileNameA
0x42a1d8 HeapReAlloc
0x42a1dc HeapSize
0x42a1e0 HeapQueryInformation
0x42a1e4 HeapFree
0x42a1e8 RtlUnwind
0x42a1ec LCMapStringW
0x42a1f0 GetStringTypeW
0x42a1f4 CreateFileW
0x42a1f8 CloseHandle
0x42a1fc FlushFileBuffers
0x42a200 RaiseException
USER32.dll
0x42a208 GetMessageTime
0x42a20c GetMenuInfo
EAT(Export Address Table) Library
0x420ec0 _zabiray@8