ScreenShot
| Created | 2021.05.31 09:17 | Machine | s1_win7_x6402 |
| Filename | bmw1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 05b5c49112ebf3d93b737c5540a28faa | ||
| sha256 | 54011d537926ffde4721d13e1f10e7ed062ae86bac18ab57747ae134dc8b8cec | ||
| ssdeep | 6144:xq4leUSUDy5oCx3VoQPFWUeer+zDMARFNpHwEYW6XhV0Ymf:xqcDy5oCxFooWUec+zD7NpGxTq | ||
| imphash | 95eaf4fd2fbe9d4cd7d4ba331c148b36 | ||
| impfuzzy | 48:BoiMAJX1zuXTuAg0gvEpBe2+fclO+VUaEGgtjzUcX+p+T:BxvX1zuXTlgn+Bd+fclDTEGgtjzUcOi | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42f000 GetComputerNameA
0x42f004 FillConsoleOutputCharacterA
0x42f008 GetPrivateProfileSectionNamesW
0x42f00c GetFileSize
0x42f010 SetPriorityClass
0x42f014 WriteConsoleInputW
0x42f018 lstrlenA
0x42f01c TlsGetValue
0x42f020 FindResourceExW
0x42f024 SetConsoleTextAttribute
0x42f028 SetEnvironmentVariableW
0x42f02c GetModuleHandleExW
0x42f030 SetComputerNameW
0x42f034 AddConsoleAliasW
0x42f038 CreateDirectoryExA
0x42f03c CallNamedPipeW
0x42f040 FreeEnvironmentStringsA
0x42f044 GetCurrentThread
0x42f048 GetConsoleAliasesLengthA
0x42f04c EnumTimeFormatsA
0x42f050 SetProcessPriorityBoost
0x42f054 ActivateActCtx
0x42f058 LoadLibraryW
0x42f05c ReadConsoleInputA
0x42f060 SetVolumeMountPointA
0x42f064 GetVersionExW
0x42f068 GetFileAttributesA
0x42f06c SetConsoleMode
0x42f070 WriteConsoleW
0x42f074 WritePrivateProfileSectionW
0x42f078 IsDBCSLeadByte
0x42f07c CompareStringW
0x42f080 SetThreadPriority
0x42f084 VerifyVersionInfoW
0x42f088 ReleaseActCtx
0x42f08c SetCurrentDirectoryA
0x42f090 SetThreadLocale
0x42f094 GetStdHandle
0x42f098 FindFirstFileExA
0x42f09c GetHandleInformation
0x42f0a0 GetLastError
0x42f0a4 GetCurrentDirectoryW
0x42f0a8 GetProcAddress
0x42f0ac GetProcessHeaps
0x42f0b0 MoveFileW
0x42f0b4 CopyFileA
0x42f0b8 SetStdHandle
0x42f0bc LoadLibraryA
0x42f0c0 OpenMutexA
0x42f0c4 ProcessIdToSessionId
0x42f0c8 OpenWaitableTimerW
0x42f0cc LocalAlloc
0x42f0d0 DnsHostnameToComputerNameA
0x42f0d4 SetFileApisToANSI
0x42f0d8 WriteProfileSectionW
0x42f0dc AddAtomA
0x42f0e0 GlobalWire
0x42f0e4 SetConsoleCursorInfo
0x42f0e8 DebugSetProcessKillOnExit
0x42f0ec SetConsoleTitleW
0x42f0f0 ContinueDebugEvent
0x42f0f4 BuildCommDCBA
0x42f0f8 VirtualProtect
0x42f0fc CompareStringA
0x42f100 SetProcessShutdownParameters
0x42f104 OpenSemaphoreW
0x42f108 GetVersionExA
0x42f10c LocalSize
0x42f110 FindAtomW
0x42f114 GetWindowsDirectoryW
0x42f118 FindActCtxSectionStringW
0x42f11c ReadConsoleOutputCharacterW
0x42f120 OpenFileMappingA
0x42f124 GlobalReAlloc
0x42f128 GetProfileSectionW
0x42f12c CommConfigDialogW
0x42f130 GetVolumeInformationW
0x42f134 CloseHandle
0x42f138 CreateFileW
0x42f13c LCMapStringW
0x42f140 InterlockedIncrement
0x42f144 InterlockedDecrement
0x42f148 InitializeCriticalSection
0x42f14c DeleteCriticalSection
0x42f150 EnterCriticalSection
0x42f154 LeaveCriticalSection
0x42f158 EncodePointer
0x42f15c DecodePointer
0x42f160 DeleteFileA
0x42f164 GetModuleHandleW
0x42f168 ExitProcess
0x42f16c MultiByteToWideChar
0x42f170 GetCommandLineA
0x42f174 HeapSetInformation
0x42f178 GetStartupInfoW
0x42f17c GetModuleFileNameW
0x42f180 HeapValidate
0x42f184 IsBadReadPtr
0x42f188 RaiseException
0x42f18c RtlUnwind
0x42f190 IsProcessorFeaturePresent
0x42f194 TerminateProcess
0x42f198 GetCurrentProcess
0x42f19c UnhandledExceptionFilter
0x42f1a0 SetUnhandledExceptionFilter
0x42f1a4 IsDebuggerPresent
0x42f1a8 InitializeCriticalSectionAndSpinCount
0x42f1ac WriteFile
0x42f1b0 GetACP
0x42f1b4 GetOEMCP
0x42f1b8 GetCPInfo
0x42f1bc IsValidCodePage
0x42f1c0 TlsAlloc
0x42f1c4 TlsSetValue
0x42f1c8 GetCurrentThreadId
0x42f1cc TlsFree
0x42f1d0 SetLastError
0x42f1d4 QueryPerformanceCounter
0x42f1d8 GetTickCount
0x42f1dc GetCurrentProcessId
0x42f1e0 GetSystemTimeAsFileTime
0x42f1e4 GetModuleFileNameA
0x42f1e8 FreeEnvironmentStringsW
0x42f1ec WideCharToMultiByte
0x42f1f0 GetEnvironmentStringsW
0x42f1f4 SetHandleCount
0x42f1f8 GetFileType
0x42f1fc HeapCreate
0x42f200 OutputDebugStringA
0x42f204 OutputDebugStringW
0x42f208 HeapAlloc
0x42f20c HeapReAlloc
0x42f210 HeapSize
0x42f214 HeapQueryInformation
0x42f218 HeapFree
0x42f21c GetStringTypeW
0x42f220 SetFilePointer
0x42f224 GetConsoleCP
0x42f228 GetConsoleMode
0x42f22c FlushFileBuffers
USER32.dll
0x42f234 GetComboBoxInfo
0x42f238 GetMenuBarInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x42f000 GetComputerNameA
0x42f004 FillConsoleOutputCharacterA
0x42f008 GetPrivateProfileSectionNamesW
0x42f00c GetFileSize
0x42f010 SetPriorityClass
0x42f014 WriteConsoleInputW
0x42f018 lstrlenA
0x42f01c TlsGetValue
0x42f020 FindResourceExW
0x42f024 SetConsoleTextAttribute
0x42f028 SetEnvironmentVariableW
0x42f02c GetModuleHandleExW
0x42f030 SetComputerNameW
0x42f034 AddConsoleAliasW
0x42f038 CreateDirectoryExA
0x42f03c CallNamedPipeW
0x42f040 FreeEnvironmentStringsA
0x42f044 GetCurrentThread
0x42f048 GetConsoleAliasesLengthA
0x42f04c EnumTimeFormatsA
0x42f050 SetProcessPriorityBoost
0x42f054 ActivateActCtx
0x42f058 LoadLibraryW
0x42f05c ReadConsoleInputA
0x42f060 SetVolumeMountPointA
0x42f064 GetVersionExW
0x42f068 GetFileAttributesA
0x42f06c SetConsoleMode
0x42f070 WriteConsoleW
0x42f074 WritePrivateProfileSectionW
0x42f078 IsDBCSLeadByte
0x42f07c CompareStringW
0x42f080 SetThreadPriority
0x42f084 VerifyVersionInfoW
0x42f088 ReleaseActCtx
0x42f08c SetCurrentDirectoryA
0x42f090 SetThreadLocale
0x42f094 GetStdHandle
0x42f098 FindFirstFileExA
0x42f09c GetHandleInformation
0x42f0a0 GetLastError
0x42f0a4 GetCurrentDirectoryW
0x42f0a8 GetProcAddress
0x42f0ac GetProcessHeaps
0x42f0b0 MoveFileW
0x42f0b4 CopyFileA
0x42f0b8 SetStdHandle
0x42f0bc LoadLibraryA
0x42f0c0 OpenMutexA
0x42f0c4 ProcessIdToSessionId
0x42f0c8 OpenWaitableTimerW
0x42f0cc LocalAlloc
0x42f0d0 DnsHostnameToComputerNameA
0x42f0d4 SetFileApisToANSI
0x42f0d8 WriteProfileSectionW
0x42f0dc AddAtomA
0x42f0e0 GlobalWire
0x42f0e4 SetConsoleCursorInfo
0x42f0e8 DebugSetProcessKillOnExit
0x42f0ec SetConsoleTitleW
0x42f0f0 ContinueDebugEvent
0x42f0f4 BuildCommDCBA
0x42f0f8 VirtualProtect
0x42f0fc CompareStringA
0x42f100 SetProcessShutdownParameters
0x42f104 OpenSemaphoreW
0x42f108 GetVersionExA
0x42f10c LocalSize
0x42f110 FindAtomW
0x42f114 GetWindowsDirectoryW
0x42f118 FindActCtxSectionStringW
0x42f11c ReadConsoleOutputCharacterW
0x42f120 OpenFileMappingA
0x42f124 GlobalReAlloc
0x42f128 GetProfileSectionW
0x42f12c CommConfigDialogW
0x42f130 GetVolumeInformationW
0x42f134 CloseHandle
0x42f138 CreateFileW
0x42f13c LCMapStringW
0x42f140 InterlockedIncrement
0x42f144 InterlockedDecrement
0x42f148 InitializeCriticalSection
0x42f14c DeleteCriticalSection
0x42f150 EnterCriticalSection
0x42f154 LeaveCriticalSection
0x42f158 EncodePointer
0x42f15c DecodePointer
0x42f160 DeleteFileA
0x42f164 GetModuleHandleW
0x42f168 ExitProcess
0x42f16c MultiByteToWideChar
0x42f170 GetCommandLineA
0x42f174 HeapSetInformation
0x42f178 GetStartupInfoW
0x42f17c GetModuleFileNameW
0x42f180 HeapValidate
0x42f184 IsBadReadPtr
0x42f188 RaiseException
0x42f18c RtlUnwind
0x42f190 IsProcessorFeaturePresent
0x42f194 TerminateProcess
0x42f198 GetCurrentProcess
0x42f19c UnhandledExceptionFilter
0x42f1a0 SetUnhandledExceptionFilter
0x42f1a4 IsDebuggerPresent
0x42f1a8 InitializeCriticalSectionAndSpinCount
0x42f1ac WriteFile
0x42f1b0 GetACP
0x42f1b4 GetOEMCP
0x42f1b8 GetCPInfo
0x42f1bc IsValidCodePage
0x42f1c0 TlsAlloc
0x42f1c4 TlsSetValue
0x42f1c8 GetCurrentThreadId
0x42f1cc TlsFree
0x42f1d0 SetLastError
0x42f1d4 QueryPerformanceCounter
0x42f1d8 GetTickCount
0x42f1dc GetCurrentProcessId
0x42f1e0 GetSystemTimeAsFileTime
0x42f1e4 GetModuleFileNameA
0x42f1e8 FreeEnvironmentStringsW
0x42f1ec WideCharToMultiByte
0x42f1f0 GetEnvironmentStringsW
0x42f1f4 SetHandleCount
0x42f1f8 GetFileType
0x42f1fc HeapCreate
0x42f200 OutputDebugStringA
0x42f204 OutputDebugStringW
0x42f208 HeapAlloc
0x42f20c HeapReAlloc
0x42f210 HeapSize
0x42f214 HeapQueryInformation
0x42f218 HeapFree
0x42f21c GetStringTypeW
0x42f220 SetFilePointer
0x42f224 GetConsoleCP
0x42f228 GetConsoleMode
0x42f22c FlushFileBuffers
USER32.dll
0x42f234 GetComboBoxInfo
0x42f238 GetMenuBarInfo
EAT(Export Address Table) is none