ScreenShot
| Created | 2021.06.14 13:57 | Machine | s1_win7_x6401 |
| Filename | bmw.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 22 detected (AIDetect, malware1, malicious, high confidence, Save, Hacktool, ZexaF, yuW@aujpc1gK, Attribute, HighConfidence, ET#83%, RDMK, cmRtazoBlvFd2uJlLopQ1, tUOjv9, A + Troj, Kryptik, Static AI, Malicious PE, Unsafe, Score, Azorult, Artemis, BScope, Sabsik, susgen, confidence, 100%) | ||
| md5 | ddbd2fbf64d65e696766e90e21c2a632 | ||
| sha256 | 1c0c17b418e202dc45fef2ac8a04cbd89ea3c13af4ee6b36f3bdc13b2dae4bde | ||
| ssdeep | 6144:EyHPTCkx5Mabl2bhT0RkKFV/9rUsKRe4plgLazCfqsW:dvTCi5MpbF0vFV9ryk4zJz7sW | ||
| imphash | 58959b365b24aa3c98eb39fa519e2c9e | ||
| impfuzzy | 48:3+s2cnOO1DwOdPpR8M17XFEPecAhfpKttdUPuLa2ptBPG+ul:3+uOO6yPLJLOe5fpItdUPuO2pta | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x443008 SetVolumeLabelA
0x44300c CreateFileA
0x443010 GetFileSize
0x443014 GlobalDeleteAtom
0x443018 lstrlenA
0x44301c TlsGetValue
0x443020 GetStringTypeA
0x443024 SetLocalTime
0x443028 GetDriveTypeW
0x44302c GetNumberOfConsoleInputEvents
0x443030 MapUserPhysicalPages
0x443034 CallNamedPipeA
0x443038 InterlockedIncrement
0x44303c InterlockedDecrement
0x443040 CreateDirectoryW
0x443044 WaitForSingleObject
0x443048 WriteConsoleInputA
0x44304c SignalObjectAndWait
0x443050 SetVolumeMountPointW
0x443054 FreeEnvironmentStringsA
0x443058 GetModuleHandleW
0x44305c GetPrivateProfileStringW
0x443060 GetConsoleTitleA
0x443064 GetWindowsDirectoryA
0x443068 SetCommState
0x44306c WriteFileGather
0x443070 CreateDirectoryExW
0x443074 FindResourceExA
0x443078 AddRefActCtx
0x44307c GetPrivateProfileStructW
0x443080 SetSystemTimeAdjustment
0x443084 GlobalFlags
0x443088 GetComputerNameExA
0x44308c Beep
0x443090 SetMessageWaitingIndicator
0x443094 VerifyVersionInfoA
0x443098 GetBinaryTypeA
0x44309c WritePrivateProfileSectionW
0x4430a0 GetAtomNameW
0x4430a4 ReadFile
0x4430a8 CompareStringW
0x4430ac GetACP
0x4430b0 LCMapStringA
0x4430b4 HeapReAlloc
0x4430b8 InterlockedExchange
0x4430bc SetCurrentDirectoryA
0x4430c0 IsDBCSLeadByteEx
0x4430c4 GetProcAddress
0x4430c8 SetStdHandle
0x4430cc SetComputerNameA
0x4430d0 CreateMemoryResourceNotification
0x4430d4 GetPrivateProfileStringA
0x4430d8 SetFileApisToOEM
0x4430dc OpenWaitableTimerA
0x4430e0 Process32FirstW
0x4430e4 OpenMutexA
0x4430e8 LocalAlloc
0x4430ec SetCalendarInfoW
0x4430f0 SetConsoleOutputCP
0x4430f4 AddAtomW
0x4430f8 QueryDosDeviceW
0x4430fc WriteProfileSectionW
0x443100 GetCommMask
0x443104 SetCommMask
0x443108 EnumResourceTypesW
0x44310c GetThreadPriority
0x443110 SetConsoleTitleW
0x443114 FindNextFileW
0x443118 RequestWakeupLatency
0x44311c BuildCommDCBA
0x443120 GetCurrentDirectoryA
0x443124 GetConsoleCursorInfo
0x443128 ScrollConsoleScreenBufferA
0x44312c OpenSemaphoreW
0x443130 GetVersionExA
0x443134 GetCurrentProcessId
0x443138 FindActCtxSectionStringW
0x44313c ReadConsoleOutputCharacterW
0x443140 InterlockedPushEntrySList
0x443144 GetProfileSectionW
0x443148 GetVolumeInformationW
0x44314c IsProcessorFeaturePresent
0x443150 FlushFileBuffers
0x443154 CloseHandle
0x443158 CreateFileW
0x44315c HeapFree
0x443160 VerifyVersionInfoW
0x443164 FileTimeToDosDateTime
0x443168 GetLastError
0x44316c MoveFileA
0x443170 MultiByteToWideChar
0x443174 GetCommandLineW
0x443178 HeapSetInformation
0x44317c GetStartupInfoW
0x443180 LeaveCriticalSection
0x443184 EnterCriticalSection
0x443188 InitializeCriticalSectionAndSpinCount
0x44318c GetFileType
0x443190 WriteFile
0x443194 WideCharToMultiByte
0x443198 GetConsoleCP
0x44319c GetConsoleMode
0x4431a0 DecodePointer
0x4431a4 TerminateProcess
0x4431a8 GetCurrentProcess
0x4431ac UnhandledExceptionFilter
0x4431b0 SetUnhandledExceptionFilter
0x4431b4 IsDebuggerPresent
0x4431b8 EncodePointer
0x4431bc GetModuleFileNameW
0x4431c0 GetOEMCP
0x4431c4 GetCPInfo
0x4431c8 IsValidCodePage
0x4431cc TlsAlloc
0x4431d0 TlsSetValue
0x4431d4 GetCurrentThreadId
0x4431d8 TlsFree
0x4431dc SetLastError
0x4431e0 QueryPerformanceCounter
0x4431e4 GetTickCount
0x4431e8 GetSystemTimeAsFileTime
0x4431ec ExitProcess
0x4431f0 FreeEnvironmentStringsW
0x4431f4 GetEnvironmentStringsW
0x4431f8 SetHandleCount
0x4431fc GetStdHandle
0x443200 DeleteCriticalSection
0x443204 HeapValidate
0x443208 IsBadReadPtr
0x44320c HeapCreate
0x443210 WriteConsoleW
0x443214 SetFilePointer
0x443218 RtlUnwind
0x44321c OutputDebugStringA
0x443220 OutputDebugStringW
0x443224 LoadLibraryW
0x443228 GetStringTypeW
0x44322c LCMapStringW
0x443230 HeapAlloc
0x443234 GetModuleFileNameA
0x443238 HeapSize
0x44323c HeapQueryInformation
0x443240 RaiseException
USER32.dll
0x443248 GetCursorInfo
0x44324c GetMenuInfo
0x443250 GetComboBoxInfo
0x443254 GetMenuBarInfo
ADVAPI32.dll
0x443000 InitiateSystemShutdownW
EAT(Export Address Table) is none
KERNEL32.dll
0x443008 SetVolumeLabelA
0x44300c CreateFileA
0x443010 GetFileSize
0x443014 GlobalDeleteAtom
0x443018 lstrlenA
0x44301c TlsGetValue
0x443020 GetStringTypeA
0x443024 SetLocalTime
0x443028 GetDriveTypeW
0x44302c GetNumberOfConsoleInputEvents
0x443030 MapUserPhysicalPages
0x443034 CallNamedPipeA
0x443038 InterlockedIncrement
0x44303c InterlockedDecrement
0x443040 CreateDirectoryW
0x443044 WaitForSingleObject
0x443048 WriteConsoleInputA
0x44304c SignalObjectAndWait
0x443050 SetVolumeMountPointW
0x443054 FreeEnvironmentStringsA
0x443058 GetModuleHandleW
0x44305c GetPrivateProfileStringW
0x443060 GetConsoleTitleA
0x443064 GetWindowsDirectoryA
0x443068 SetCommState
0x44306c WriteFileGather
0x443070 CreateDirectoryExW
0x443074 FindResourceExA
0x443078 AddRefActCtx
0x44307c GetPrivateProfileStructW
0x443080 SetSystemTimeAdjustment
0x443084 GlobalFlags
0x443088 GetComputerNameExA
0x44308c Beep
0x443090 SetMessageWaitingIndicator
0x443094 VerifyVersionInfoA
0x443098 GetBinaryTypeA
0x44309c WritePrivateProfileSectionW
0x4430a0 GetAtomNameW
0x4430a4 ReadFile
0x4430a8 CompareStringW
0x4430ac GetACP
0x4430b0 LCMapStringA
0x4430b4 HeapReAlloc
0x4430b8 InterlockedExchange
0x4430bc SetCurrentDirectoryA
0x4430c0 IsDBCSLeadByteEx
0x4430c4 GetProcAddress
0x4430c8 SetStdHandle
0x4430cc SetComputerNameA
0x4430d0 CreateMemoryResourceNotification
0x4430d4 GetPrivateProfileStringA
0x4430d8 SetFileApisToOEM
0x4430dc OpenWaitableTimerA
0x4430e0 Process32FirstW
0x4430e4 OpenMutexA
0x4430e8 LocalAlloc
0x4430ec SetCalendarInfoW
0x4430f0 SetConsoleOutputCP
0x4430f4 AddAtomW
0x4430f8 QueryDosDeviceW
0x4430fc WriteProfileSectionW
0x443100 GetCommMask
0x443104 SetCommMask
0x443108 EnumResourceTypesW
0x44310c GetThreadPriority
0x443110 SetConsoleTitleW
0x443114 FindNextFileW
0x443118 RequestWakeupLatency
0x44311c BuildCommDCBA
0x443120 GetCurrentDirectoryA
0x443124 GetConsoleCursorInfo
0x443128 ScrollConsoleScreenBufferA
0x44312c OpenSemaphoreW
0x443130 GetVersionExA
0x443134 GetCurrentProcessId
0x443138 FindActCtxSectionStringW
0x44313c ReadConsoleOutputCharacterW
0x443140 InterlockedPushEntrySList
0x443144 GetProfileSectionW
0x443148 GetVolumeInformationW
0x44314c IsProcessorFeaturePresent
0x443150 FlushFileBuffers
0x443154 CloseHandle
0x443158 CreateFileW
0x44315c HeapFree
0x443160 VerifyVersionInfoW
0x443164 FileTimeToDosDateTime
0x443168 GetLastError
0x44316c MoveFileA
0x443170 MultiByteToWideChar
0x443174 GetCommandLineW
0x443178 HeapSetInformation
0x44317c GetStartupInfoW
0x443180 LeaveCriticalSection
0x443184 EnterCriticalSection
0x443188 InitializeCriticalSectionAndSpinCount
0x44318c GetFileType
0x443190 WriteFile
0x443194 WideCharToMultiByte
0x443198 GetConsoleCP
0x44319c GetConsoleMode
0x4431a0 DecodePointer
0x4431a4 TerminateProcess
0x4431a8 GetCurrentProcess
0x4431ac UnhandledExceptionFilter
0x4431b0 SetUnhandledExceptionFilter
0x4431b4 IsDebuggerPresent
0x4431b8 EncodePointer
0x4431bc GetModuleFileNameW
0x4431c0 GetOEMCP
0x4431c4 GetCPInfo
0x4431c8 IsValidCodePage
0x4431cc TlsAlloc
0x4431d0 TlsSetValue
0x4431d4 GetCurrentThreadId
0x4431d8 TlsFree
0x4431dc SetLastError
0x4431e0 QueryPerformanceCounter
0x4431e4 GetTickCount
0x4431e8 GetSystemTimeAsFileTime
0x4431ec ExitProcess
0x4431f0 FreeEnvironmentStringsW
0x4431f4 GetEnvironmentStringsW
0x4431f8 SetHandleCount
0x4431fc GetStdHandle
0x443200 DeleteCriticalSection
0x443204 HeapValidate
0x443208 IsBadReadPtr
0x44320c HeapCreate
0x443210 WriteConsoleW
0x443214 SetFilePointer
0x443218 RtlUnwind
0x44321c OutputDebugStringA
0x443220 OutputDebugStringW
0x443224 LoadLibraryW
0x443228 GetStringTypeW
0x44322c LCMapStringW
0x443230 HeapAlloc
0x443234 GetModuleFileNameA
0x443238 HeapSize
0x44323c HeapQueryInformation
0x443240 RaiseException
USER32.dll
0x443248 GetCursorInfo
0x44324c GetMenuInfo
0x443250 GetComboBoxInfo
0x443254 GetMenuBarInfo
ADVAPI32.dll
0x443000 InitiateSystemShutdownW
EAT(Export Address Table) is none