ScreenShot
| Created | 2021.06.27 18:53 | Machine | s1_win7_x6402 |
| Filename | bmw1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, A + Troj, Kryptik, STOP, SMYXBFX, Emotet, susgen, Static AI, Suspicious PE, Racealer, Caynamer, score, Generic@ML, RDML, 1ztE7LQtpSZM9HpnF2XqMg, ZexaF, vuW@a8aTVDnG, confidence, 100%) | ||
| md5 | 64a80a26bd8286a8f3a170606a8b60b0 | ||
| sha256 | c419b1af2376413571432c670eae9a4f88dfff9d5fd013022e788afbfc589925 | ||
| ssdeep | 6144:zDX8iqcxrRXGl1PzIO1ElL0Sio7izeaCEbPyqtlLZ6:zHWlR8OqLio7iVbfl1 | ||
| imphash | c55a6c5b8dc5009c74a01bc124b7b217 | ||
| impfuzzy | 48:YwRb1lNB8Onh87uX5JyPlp+gFOZ+fc3MaE1t0IUccBipQBg:YU9fnCuXaPvJ6+fclE1t0DccBip/ | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x439000 ExitProcess
0x439004 GetVolumeNameForVolumeMountPointA
0x439008 GetCommandLineW
0x43900c SetVolumeLabelA
0x439010 GetFileSize
0x439014 CreateMutexW
0x439018 WriteConsoleInputW
0x43901c WritePrivateProfileStructA
0x439020 GetConsoleAliasesLengthW
0x439024 GetProfileIntW
0x439028 GetDefaultCommConfigW
0x43902c FindResourceExW
0x439030 SetConsoleTextAttribute
0x439034 InterlockedDecrement
0x439038 ZombifyActCtx
0x43903c ScrollConsoleScreenBufferW
0x439040 GetNamedPipeHandleStateA
0x439044 GetComputerNameW
0x439048 FreeEnvironmentStringsA
0x43904c GetProcessPriorityBoost
0x439050 GetCommConfig
0x439054 GetPrivateProfileStringW
0x439058 WriteFile
0x43905c FindActCtxSectionStringA
0x439060 SetCommState
0x439064 CreateDirectoryExW
0x439068 TlsSetValue
0x43906c ActivateActCtx
0x439070 GlobalAlloc
0x439074 GetSystemDirectoryW
0x439078 GetConsoleMode
0x43907c SizeofResource
0x439080 GetCalendarInfoA
0x439084 ReadFileScatter
0x439088 GetSystemWow64DirectoryW
0x43908c SetSystemTimeAdjustment
0x439090 GetSystemWindowsDirectoryA
0x439094 GlobalFlags
0x439098 SetConsoleCursorPosition
0x43909c GetBinaryTypeA
0x4390a0 IsDBCSLeadByte
0x4390a4 GetOverlappedResult
0x4390a8 CompareStringW
0x4390ac lstrlenW
0x4390b0 SetConsoleTitleA
0x4390b4 GlobalUnlock
0x4390b8 CreateDirectoryA
0x4390bc SetCurrentDirectoryA
0x4390c0 SetThreadLocale
0x4390c4 ReadConsoleOutputCharacterA
0x4390c8 WriteProfileSectionA
0x4390cc FreeUserPhysicalPages
0x4390d0 SetComputerNameA
0x4390d4 SearchPathA
0x4390d8 GetLocalTime
0x4390dc GetAtomNameA
0x4390e0 LoadLibraryA
0x4390e4 IsSystemResumeAutomatic
0x4390e8 SetConsoleOutputCP
0x4390ec SetConsoleWindowInfo
0x4390f0 GetTapeParameters
0x4390f4 WTSGetActiveConsoleSessionId
0x4390f8 SetConsoleCursorInfo
0x4390fc GetModuleHandleA
0x439100 VirtualProtect
0x439104 GetCurrentDirectoryA
0x439108 CompareStringA
0x43910c GetConsoleCursorInfo
0x439110 FindAtomW
0x439114 WriteFileEx
0x439118 GetWindowsDirectoryW
0x43911c FileTimeToLocalFileTime
0x439120 InterlockedPushEntrySList
0x439124 GetProfileSectionW
0x439128 LCMapStringW
0x43912c CopyFileExA
0x439130 CommConfigDialogW
0x439134 DeleteFileA
0x439138 CreateFileA
0x43913c InterlockedIncrement
0x439140 Sleep
0x439144 InitializeCriticalSection
0x439148 DeleteCriticalSection
0x43914c EnterCriticalSection
0x439150 LeaveCriticalSection
0x439154 MultiByteToWideChar
0x439158 GetCommandLineA
0x43915c GetStartupInfoA
0x439160 HeapValidate
0x439164 IsBadReadPtr
0x439168 RaiseException
0x43916c UnhandledExceptionFilter
0x439170 SetUnhandledExceptionFilter
0x439174 RtlUnwind
0x439178 GetModuleFileNameW
0x43917c TerminateProcess
0x439180 GetCurrentProcess
0x439184 IsDebuggerPresent
0x439188 SetHandleCount
0x43918c GetStdHandle
0x439190 GetFileType
0x439194 GetACP
0x439198 GetOEMCP
0x43919c GetCPInfo
0x4391a0 IsValidCodePage
0x4391a4 GetProcAddress
0x4391a8 TlsGetValue
0x4391ac GetModuleHandleW
0x4391b0 TlsAlloc
0x4391b4 GetCurrentThreadId
0x4391b8 TlsFree
0x4391bc SetLastError
0x4391c0 GetLastError
0x4391c4 QueryPerformanceCounter
0x4391c8 GetTickCount
0x4391cc GetCurrentProcessId
0x4391d0 GetSystemTimeAsFileTime
0x4391d4 GetModuleFileNameA
0x4391d8 GetEnvironmentStrings
0x4391dc FreeEnvironmentStringsW
0x4391e0 WideCharToMultiByte
0x4391e4 GetEnvironmentStringsW
0x4391e8 HeapDestroy
0x4391ec HeapCreate
0x4391f0 HeapFree
0x4391f4 VirtualFree
0x4391f8 HeapAlloc
0x4391fc HeapSize
0x439200 HeapReAlloc
0x439204 VirtualAlloc
0x439208 GetStringTypeA
0x43920c GetStringTypeW
0x439210 GetLocaleInfoA
0x439214 FlushFileBuffers
0x439218 GetConsoleCP
0x43921c DebugBreak
0x439220 OutputDebugStringA
0x439224 WriteConsoleW
0x439228 OutputDebugStringW
0x43922c LoadLibraryW
0x439230 InitializeCriticalSectionAndSpinCount
0x439234 SetFilePointer
0x439238 LCMapStringA
0x43923c SetStdHandle
0x439240 WriteConsoleA
0x439244 GetConsoleOutputCP
0x439248 CloseHandle
USER32.dll
0x439250 GetMessageTime
0x439254 GetMenuCheckMarkDimensions
EAT(Export Address Table) Library
0x42ea30 _CallPattern@8
KERNEL32.dll
0x439000 ExitProcess
0x439004 GetVolumeNameForVolumeMountPointA
0x439008 GetCommandLineW
0x43900c SetVolumeLabelA
0x439010 GetFileSize
0x439014 CreateMutexW
0x439018 WriteConsoleInputW
0x43901c WritePrivateProfileStructA
0x439020 GetConsoleAliasesLengthW
0x439024 GetProfileIntW
0x439028 GetDefaultCommConfigW
0x43902c FindResourceExW
0x439030 SetConsoleTextAttribute
0x439034 InterlockedDecrement
0x439038 ZombifyActCtx
0x43903c ScrollConsoleScreenBufferW
0x439040 GetNamedPipeHandleStateA
0x439044 GetComputerNameW
0x439048 FreeEnvironmentStringsA
0x43904c GetProcessPriorityBoost
0x439050 GetCommConfig
0x439054 GetPrivateProfileStringW
0x439058 WriteFile
0x43905c FindActCtxSectionStringA
0x439060 SetCommState
0x439064 CreateDirectoryExW
0x439068 TlsSetValue
0x43906c ActivateActCtx
0x439070 GlobalAlloc
0x439074 GetSystemDirectoryW
0x439078 GetConsoleMode
0x43907c SizeofResource
0x439080 GetCalendarInfoA
0x439084 ReadFileScatter
0x439088 GetSystemWow64DirectoryW
0x43908c SetSystemTimeAdjustment
0x439090 GetSystemWindowsDirectoryA
0x439094 GlobalFlags
0x439098 SetConsoleCursorPosition
0x43909c GetBinaryTypeA
0x4390a0 IsDBCSLeadByte
0x4390a4 GetOverlappedResult
0x4390a8 CompareStringW
0x4390ac lstrlenW
0x4390b0 SetConsoleTitleA
0x4390b4 GlobalUnlock
0x4390b8 CreateDirectoryA
0x4390bc SetCurrentDirectoryA
0x4390c0 SetThreadLocale
0x4390c4 ReadConsoleOutputCharacterA
0x4390c8 WriteProfileSectionA
0x4390cc FreeUserPhysicalPages
0x4390d0 SetComputerNameA
0x4390d4 SearchPathA
0x4390d8 GetLocalTime
0x4390dc GetAtomNameA
0x4390e0 LoadLibraryA
0x4390e4 IsSystemResumeAutomatic
0x4390e8 SetConsoleOutputCP
0x4390ec SetConsoleWindowInfo
0x4390f0 GetTapeParameters
0x4390f4 WTSGetActiveConsoleSessionId
0x4390f8 SetConsoleCursorInfo
0x4390fc GetModuleHandleA
0x439100 VirtualProtect
0x439104 GetCurrentDirectoryA
0x439108 CompareStringA
0x43910c GetConsoleCursorInfo
0x439110 FindAtomW
0x439114 WriteFileEx
0x439118 GetWindowsDirectoryW
0x43911c FileTimeToLocalFileTime
0x439120 InterlockedPushEntrySList
0x439124 GetProfileSectionW
0x439128 LCMapStringW
0x43912c CopyFileExA
0x439130 CommConfigDialogW
0x439134 DeleteFileA
0x439138 CreateFileA
0x43913c InterlockedIncrement
0x439140 Sleep
0x439144 InitializeCriticalSection
0x439148 DeleteCriticalSection
0x43914c EnterCriticalSection
0x439150 LeaveCriticalSection
0x439154 MultiByteToWideChar
0x439158 GetCommandLineA
0x43915c GetStartupInfoA
0x439160 HeapValidate
0x439164 IsBadReadPtr
0x439168 RaiseException
0x43916c UnhandledExceptionFilter
0x439170 SetUnhandledExceptionFilter
0x439174 RtlUnwind
0x439178 GetModuleFileNameW
0x43917c TerminateProcess
0x439180 GetCurrentProcess
0x439184 IsDebuggerPresent
0x439188 SetHandleCount
0x43918c GetStdHandle
0x439190 GetFileType
0x439194 GetACP
0x439198 GetOEMCP
0x43919c GetCPInfo
0x4391a0 IsValidCodePage
0x4391a4 GetProcAddress
0x4391a8 TlsGetValue
0x4391ac GetModuleHandleW
0x4391b0 TlsAlloc
0x4391b4 GetCurrentThreadId
0x4391b8 TlsFree
0x4391bc SetLastError
0x4391c0 GetLastError
0x4391c4 QueryPerformanceCounter
0x4391c8 GetTickCount
0x4391cc GetCurrentProcessId
0x4391d0 GetSystemTimeAsFileTime
0x4391d4 GetModuleFileNameA
0x4391d8 GetEnvironmentStrings
0x4391dc FreeEnvironmentStringsW
0x4391e0 WideCharToMultiByte
0x4391e4 GetEnvironmentStringsW
0x4391e8 HeapDestroy
0x4391ec HeapCreate
0x4391f0 HeapFree
0x4391f4 VirtualFree
0x4391f8 HeapAlloc
0x4391fc HeapSize
0x439200 HeapReAlloc
0x439204 VirtualAlloc
0x439208 GetStringTypeA
0x43920c GetStringTypeW
0x439210 GetLocaleInfoA
0x439214 FlushFileBuffers
0x439218 GetConsoleCP
0x43921c DebugBreak
0x439220 OutputDebugStringA
0x439224 WriteConsoleW
0x439228 OutputDebugStringW
0x43922c LoadLibraryW
0x439230 InitializeCriticalSectionAndSpinCount
0x439234 SetFilePointer
0x439238 LCMapStringA
0x43923c SetStdHandle
0x439240 WriteConsoleA
0x439244 GetConsoleOutputCP
0x439248 CloseHandle
USER32.dll
0x439250 GetMessageTime
0x439254 GetMenuCheckMarkDimensions
EAT(Export Address Table) Library
0x42ea30 _CallPattern@8