ScreenShot
| Created | 2021.06.15 22:16 | Machine | s1_win7_x6402 |
| Filename | bmw.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 25 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Hacktool, confidence, 100%, ZexaF, vuW@a4G31XkG, Attribute, HighConfidence, Zenpak, Static AI, Malicious PE, Racealer, Score, Glupteba, Artemis, BScope, Sabsik, ET#88%, RDMK, cmRtazpen2KsqtZFrIRrbUnyenkj, susgen) | ||
| md5 | f7bd49ac1e676db8c9f2e3bbd5b03a75 | ||
| sha256 | 365fd289daa60e68b54237aaec835baaf8e2cab5050c7982d2cf6dd7061842d3 | ||
| ssdeep | 6144:Fhq4TR5nDgwzs0Km6oeRrDPBQmKIvAAH1BVrUEgOUC+U:FhqIR1gw5KmyBQFIoAVYEDT | ||
| imphash | 709d5c7631204ea8a49d3c234309fc0e | ||
| impfuzzy | 48:dffaOV9XPD9h8So2Fs4p6bq8whV2KK9LaAqSc74JPBuz:dV7r9ooX6OthV2KQOAqSc74I | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x442008 WriteConsoleInputW
0x44200c CopyFileExW
0x442010 TlsGetValue
0x442014 SetLocalTime
0x442018 GetDriveTypeW
0x44201c GetNumberOfConsoleInputEvents
0x442020 FindResourceExW
0x442024 MapUserPhysicalPages
0x442028 InterlockedIncrement
0x44202c GetQueuedCompletionStatus
0x442030 GetCommState
0x442034 InterlockedDecrement
0x442038 ScrollConsoleScreenBufferW
0x44203c QueryDosDeviceA
0x442040 WaitForSingleObject
0x442044 OpenSemaphoreA
0x442048 CallNamedPipeW
0x44204c GetModuleHandleW
0x442050 GetPrivateProfileStringW
0x442054 GetConsoleTitleA
0x442058 FindActCtxSectionStringA
0x44205c WriteFileGather
0x442060 CreateDirectoryExW
0x442064 GlobalAlloc
0x442068 GetVolumeInformationA
0x44206c Sleep
0x442070 GetSystemTimeAdjustment
0x442074 GlobalFlags
0x442078 Beep
0x44207c SetMessageWaitingIndicator
0x442080 WritePrivateProfileSectionW
0x442084 IsDBCSLeadByte
0x442088 ReadFile
0x44208c CreateFileW
0x442090 GetBinaryTypeW
0x442094 GetACP
0x442098 lstrlenW
0x44209c VerifyVersionInfoW
0x4420a0 CreateDirectoryA
0x4420a4 GetStdHandle
0x4420a8 OpenMutexW
0x4420ac FindFirstFileW
0x4420b0 GetProcAddress
0x4420b4 GetComputerNameExW
0x4420b8 SetVolumeLabelW
0x4420bc WriteProfileSectionA
0x4420c0 ReadFileEx
0x4420c4 SetComputerNameA
0x4420c8 CreateMemoryResourceNotification
0x4420cc GetPrivateProfileStringA
0x4420d0 SetFileApisToOEM
0x4420d4 GetAtomNameA
0x4420d8 Process32FirstW
0x4420dc OpenWaitableTimerW
0x4420e0 IsSystemResumeAutomatic
0x4420e4 SetConsoleOutputCP
0x4420e8 AddAtomW
0x4420ec SetCurrentDirectoryW
0x4420f0 GetCommMask
0x4420f4 SetCommMask
0x4420f8 GetPrivateProfileStructA
0x4420fc EnumResourceTypesW
0x442100 SetConsoleCursorInfo
0x442104 GetThreadPriority
0x442108 SetConsoleTitleW
0x44210c GetModuleHandleA
0x442110 FreeEnvironmentStringsW
0x442114 EnumResourceNamesA
0x442118 BuildCommDCBA
0x44211c CompareStringA
0x442120 SetCalendarInfoA
0x442124 GetVersionExA
0x442128 GetWindowsDirectoryW
0x44212c GetCurrentProcessId
0x442130 InterlockedPushEntrySList
0x442134 GetProfileSectionW
0x442138 ResumeThread
0x44213c LCMapStringW
0x442140 CloseHandle
0x442144 SetStdHandle
0x442148 GetConsoleMode
0x44214c GetConsoleCP
0x442150 GetCurrentDirectoryW
0x442154 GetFileSize
0x442158 GetLastError
0x44215c MoveFileA
0x442160 GetCommandLineW
0x442164 HeapSetInformation
0x442168 GetStartupInfoW
0x44216c SetUnhandledExceptionFilter
0x442170 QueryPerformanceCounter
0x442174 GetTickCount
0x442178 GetCurrentThreadId
0x44217c GetSystemTimeAsFileTime
0x442180 DecodePointer
0x442184 ExitProcess
0x442188 GetModuleFileNameW
0x44218c GetEnvironmentStringsW
0x442190 SetHandleCount
0x442194 InitializeCriticalSectionAndSpinCount
0x442198 GetFileType
0x44219c DeleteCriticalSection
0x4421a0 HeapValidate
0x4421a4 IsBadReadPtr
0x4421a8 EncodePointer
0x4421ac TlsAlloc
0x4421b0 TlsSetValue
0x4421b4 TlsFree
0x4421b8 SetLastError
0x4421bc HeapCreate
0x4421c0 WriteFile
0x4421c4 TerminateProcess
0x4421c8 GetCurrentProcess
0x4421cc UnhandledExceptionFilter
0x4421d0 IsDebuggerPresent
0x4421d4 RtlUnwind
0x4421d8 GetOEMCP
0x4421dc GetCPInfo
0x4421e0 IsValidCodePage
0x4421e4 EnterCriticalSection
0x4421e8 LeaveCriticalSection
0x4421ec LoadLibraryW
0x4421f0 HeapAlloc
0x4421f4 GetModuleFileNameA
0x4421f8 HeapReAlloc
0x4421fc HeapSize
0x442200 HeapQueryInformation
0x442204 HeapFree
0x442208 OutputDebugStringA
0x44220c WriteConsoleW
0x442210 OutputDebugStringW
0x442214 GetStringTypeW
0x442218 MultiByteToWideChar
0x44221c WideCharToMultiByte
0x442220 IsProcessorFeaturePresent
0x442224 RaiseException
0x442228 SetFilePointer
0x44222c FlushFileBuffers
USER32.dll
0x442234 GetCursorInfo
0x442238 GetMessageTime
0x44223c GetMenuBarInfo
ADVAPI32.dll
0x442000 InitiateSystemShutdownA
EAT(Export Address Table) is none
KERNEL32.dll
0x442008 WriteConsoleInputW
0x44200c CopyFileExW
0x442010 TlsGetValue
0x442014 SetLocalTime
0x442018 GetDriveTypeW
0x44201c GetNumberOfConsoleInputEvents
0x442020 FindResourceExW
0x442024 MapUserPhysicalPages
0x442028 InterlockedIncrement
0x44202c GetQueuedCompletionStatus
0x442030 GetCommState
0x442034 InterlockedDecrement
0x442038 ScrollConsoleScreenBufferW
0x44203c QueryDosDeviceA
0x442040 WaitForSingleObject
0x442044 OpenSemaphoreA
0x442048 CallNamedPipeW
0x44204c GetModuleHandleW
0x442050 GetPrivateProfileStringW
0x442054 GetConsoleTitleA
0x442058 FindActCtxSectionStringA
0x44205c WriteFileGather
0x442060 CreateDirectoryExW
0x442064 GlobalAlloc
0x442068 GetVolumeInformationA
0x44206c Sleep
0x442070 GetSystemTimeAdjustment
0x442074 GlobalFlags
0x442078 Beep
0x44207c SetMessageWaitingIndicator
0x442080 WritePrivateProfileSectionW
0x442084 IsDBCSLeadByte
0x442088 ReadFile
0x44208c CreateFileW
0x442090 GetBinaryTypeW
0x442094 GetACP
0x442098 lstrlenW
0x44209c VerifyVersionInfoW
0x4420a0 CreateDirectoryA
0x4420a4 GetStdHandle
0x4420a8 OpenMutexW
0x4420ac FindFirstFileW
0x4420b0 GetProcAddress
0x4420b4 GetComputerNameExW
0x4420b8 SetVolumeLabelW
0x4420bc WriteProfileSectionA
0x4420c0 ReadFileEx
0x4420c4 SetComputerNameA
0x4420c8 CreateMemoryResourceNotification
0x4420cc GetPrivateProfileStringA
0x4420d0 SetFileApisToOEM
0x4420d4 GetAtomNameA
0x4420d8 Process32FirstW
0x4420dc OpenWaitableTimerW
0x4420e0 IsSystemResumeAutomatic
0x4420e4 SetConsoleOutputCP
0x4420e8 AddAtomW
0x4420ec SetCurrentDirectoryW
0x4420f0 GetCommMask
0x4420f4 SetCommMask
0x4420f8 GetPrivateProfileStructA
0x4420fc EnumResourceTypesW
0x442100 SetConsoleCursorInfo
0x442104 GetThreadPriority
0x442108 SetConsoleTitleW
0x44210c GetModuleHandleA
0x442110 FreeEnvironmentStringsW
0x442114 EnumResourceNamesA
0x442118 BuildCommDCBA
0x44211c CompareStringA
0x442120 SetCalendarInfoA
0x442124 GetVersionExA
0x442128 GetWindowsDirectoryW
0x44212c GetCurrentProcessId
0x442130 InterlockedPushEntrySList
0x442134 GetProfileSectionW
0x442138 ResumeThread
0x44213c LCMapStringW
0x442140 CloseHandle
0x442144 SetStdHandle
0x442148 GetConsoleMode
0x44214c GetConsoleCP
0x442150 GetCurrentDirectoryW
0x442154 GetFileSize
0x442158 GetLastError
0x44215c MoveFileA
0x442160 GetCommandLineW
0x442164 HeapSetInformation
0x442168 GetStartupInfoW
0x44216c SetUnhandledExceptionFilter
0x442170 QueryPerformanceCounter
0x442174 GetTickCount
0x442178 GetCurrentThreadId
0x44217c GetSystemTimeAsFileTime
0x442180 DecodePointer
0x442184 ExitProcess
0x442188 GetModuleFileNameW
0x44218c GetEnvironmentStringsW
0x442190 SetHandleCount
0x442194 InitializeCriticalSectionAndSpinCount
0x442198 GetFileType
0x44219c DeleteCriticalSection
0x4421a0 HeapValidate
0x4421a4 IsBadReadPtr
0x4421a8 EncodePointer
0x4421ac TlsAlloc
0x4421b0 TlsSetValue
0x4421b4 TlsFree
0x4421b8 SetLastError
0x4421bc HeapCreate
0x4421c0 WriteFile
0x4421c4 TerminateProcess
0x4421c8 GetCurrentProcess
0x4421cc UnhandledExceptionFilter
0x4421d0 IsDebuggerPresent
0x4421d4 RtlUnwind
0x4421d8 GetOEMCP
0x4421dc GetCPInfo
0x4421e0 IsValidCodePage
0x4421e4 EnterCriticalSection
0x4421e8 LeaveCriticalSection
0x4421ec LoadLibraryW
0x4421f0 HeapAlloc
0x4421f4 GetModuleFileNameA
0x4421f8 HeapReAlloc
0x4421fc HeapSize
0x442200 HeapQueryInformation
0x442204 HeapFree
0x442208 OutputDebugStringA
0x44220c WriteConsoleW
0x442210 OutputDebugStringW
0x442214 GetStringTypeW
0x442218 MultiByteToWideChar
0x44221c WideCharToMultiByte
0x442220 IsProcessorFeaturePresent
0x442224 RaiseException
0x442228 SetFilePointer
0x44222c FlushFileBuffers
USER32.dll
0x442234 GetCursorInfo
0x442238 GetMessageTime
0x44223c GetMenuBarInfo
ADVAPI32.dll
0x442000 InitiateSystemShutdownA
EAT(Export Address Table) is none