ScreenShot
| Created | 2021.08.02 09:14 | Machine | s1_win7_x6402 |
| Filename | bbrpg.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Enigma, HackTool, Htran, MalwareX, Generic ML PUA, Ymacco, KVMH015, kcloud, se39933, score, BScope, Tasker, Probably Heur, ExeHeaderH, HgIASZQA) | ||
| md5 | 207450ff08453cc47b40df231032d4d0 | ||
| sha256 | 5638a743d42c3622f1826cb1120aa4e22a40d1e853472620071cba8a1388409b | ||
| ssdeep | 98304:zzlsF6obmLepm99gQS8kzdO1foaQr/lfO3wRXzv7+ey2dDkkCkM1pue8:zzlsF6Sc9BkzdIgailW3kDTpHdD8kM | ||
| imphash | fbf8d2064762660e5e8e47447b532751 | ||
| impfuzzy | 12:EcDvZGqA9AwDXRgKQcO4CJVQ02/clgG/YrZfPxJ2TAake4CyVsfaSzJTjZ:7DRdWAwDOTJmlrJbzCyVsLJZ | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1559114 GetModuleHandleA
0x1559118 GetProcAddress
0x155911c ExitProcess
0x1559120 LoadLibraryA
user32.dll
0x1559128 MessageBoxA
advapi32.dll
0x1559130 RegCloseKey
oleaut32.dll
0x1559138 SysFreeString
gdi32.dll
0x1559140 CreateFontA
shell32.dll
0x1559148 ShellExecuteA
version.dll
0x1559150 GetFileVersionInfoA
WINMM.dll
0x1559158 timeGetTime
DDRAW.dll
0x1559160 DirectDrawCreateEx
DSOUND.dll
0x1559168 None
WSOCK32.dll
0x1559170 gethostbyname
WS2_32.dll
0x1559178 ntohl
dxgi.dll
0x1559180 CreateDXGIFactory
ole32.dll
0x1559188 CoTaskMemFree
SensApi.dll
0x1559190 IsNetworkAlive
CRYPT32.dll
0x1559198 CertFreeCertificateContext
WLDAP32.dll
0x15591a0 None
Normaliz.dll
0x15591a8 IdnToAscii
SHLWAPI.dll
0x15591b0 PathIsDirectoryA
IMM32.dll
0x15591b8 ImmGetCompositionStringW
IPHLPAPI.DLL
0x15591c0 GetAdaptersInfo
WININET.dll
0x15591c8 FtpRemoveDirectoryA
VCRUNTIME140.dll
0x15591d0 memcmp
api-ms-win-crt-runtime-l1-1-0.dll
0x15591d8 strerror
api-ms-win-crt-string-l1-1-0.dll
0x15591e0 _strnicmp
api-ms-win-crt-stdio-l1-1-0.dll
0x15591e8 __stdio_common_vswscanf
api-ms-win-crt-convert-l1-1-0.dll
0x15591f0 strtod
api-ms-win-crt-locale-l1-1-0.dll
0x15591f8 _lock_locales
api-ms-win-crt-heap-l1-1-0.dll
0x1559200 _recalloc
api-ms-win-crt-math-l1-1-0.dll
0x1559208 _libm_sse2_pow_precise
api-ms-win-crt-utility-l1-1-0.dll
0x1559210 srand
api-ms-win-crt-time-l1-1-0.dll
0x1559218 _W_Gettnames
api-ms-win-crt-filesystem-l1-1-0.dll
0x1559220 _lock_file
api-ms-win-crt-multibyte-l1-1-0.dll
0x1559228 _ismbblead
api-ms-win-crt-environment-l1-1-0.dll
0x1559230 getenv
EAT(Export Address Table) Library
kernel32.dll
0x1559114 GetModuleHandleA
0x1559118 GetProcAddress
0x155911c ExitProcess
0x1559120 LoadLibraryA
user32.dll
0x1559128 MessageBoxA
advapi32.dll
0x1559130 RegCloseKey
oleaut32.dll
0x1559138 SysFreeString
gdi32.dll
0x1559140 CreateFontA
shell32.dll
0x1559148 ShellExecuteA
version.dll
0x1559150 GetFileVersionInfoA
WINMM.dll
0x1559158 timeGetTime
DDRAW.dll
0x1559160 DirectDrawCreateEx
DSOUND.dll
0x1559168 None
WSOCK32.dll
0x1559170 gethostbyname
WS2_32.dll
0x1559178 ntohl
dxgi.dll
0x1559180 CreateDXGIFactory
ole32.dll
0x1559188 CoTaskMemFree
SensApi.dll
0x1559190 IsNetworkAlive
CRYPT32.dll
0x1559198 CertFreeCertificateContext
WLDAP32.dll
0x15591a0 None
Normaliz.dll
0x15591a8 IdnToAscii
SHLWAPI.dll
0x15591b0 PathIsDirectoryA
IMM32.dll
0x15591b8 ImmGetCompositionStringW
IPHLPAPI.DLL
0x15591c0 GetAdaptersInfo
WININET.dll
0x15591c8 FtpRemoveDirectoryA
VCRUNTIME140.dll
0x15591d0 memcmp
api-ms-win-crt-runtime-l1-1-0.dll
0x15591d8 strerror
api-ms-win-crt-string-l1-1-0.dll
0x15591e0 _strnicmp
api-ms-win-crt-stdio-l1-1-0.dll
0x15591e8 __stdio_common_vswscanf
api-ms-win-crt-convert-l1-1-0.dll
0x15591f0 strtod
api-ms-win-crt-locale-l1-1-0.dll
0x15591f8 _lock_locales
api-ms-win-crt-heap-l1-1-0.dll
0x1559200 _recalloc
api-ms-win-crt-math-l1-1-0.dll
0x1559208 _libm_sse2_pow_precise
api-ms-win-crt-utility-l1-1-0.dll
0x1559210 srand
api-ms-win-crt-time-l1-1-0.dll
0x1559218 _W_Gettnames
api-ms-win-crt-filesystem-l1-1-0.dll
0x1559220 _lock_file
api-ms-win-crt-multibyte-l1-1-0.dll
0x1559228 _ismbblead
api-ms-win-crt-environment-l1-1-0.dll
0x1559230 getenv
EAT(Export Address Table) Library