ScreenShot
Created | 2021.08.10 10:45 | Machine | s1_win7_x6402 |
Filename | bda.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 23 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Eldorado, Attribute, HighConfidence, Kryptik, HMAB, Noon, Siggen3, Crowti, score, BScope, Static AI, Suspicious PE, GenKryptik, FIBB, ZexaF, tuZ@aWvTpTmi, QVM10) | ||
md5 | b9b5b54cf3469380c133057543a9362e | ||
sha256 | 25b5931496772d55a7fc68ae07c5a61ff9acaf5182384f06ad7c809738fdfe31 | ||
ssdeep | 6144:XubkZIphwQqzaMIgsAJja+2DGYHRifx/Fvybz:wkZLQRMInijuDhw/FvI | ||
imphash | 8c9e2729b91e6cd98523a27cc78ab06c | ||
impfuzzy | 24:dyZ1OuMUnS1jtuhlJnc+pl3eDoLouXSOovHZiv4B4iXM19mSwxhGp:0Zw0S1jtu5c+ppXr54B4L9mVh8 |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Terminates another process |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
info | This executable has a PDB path |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f010 CloseHandle
0x40f014 VirtualProtect
0x40f018 CreateFileMappingW
0x40f01c MapViewOfFile
0x40f020 UnmapViewOfFile
0x40f024 lstrcmpW
0x40f028 GetFullPathNameW
0x40f02c MultiByteToWideChar
0x40f030 GetUserDefaultLCID
0x40f034 DecodePointer
0x40f038 WriteConsoleW
0x40f03c GetFileSize
0x40f040 CreateFileW
0x40f044 lstrcatW
0x40f048 GetCommandLineW
0x40f04c SetFilePointerEx
0x40f050 GetConsoleMode
0x40f054 GetConsoleOutputCP
0x40f058 FlushFileBuffers
0x40f05c HeapReAlloc
0x40f060 HeapSize
0x40f064 GetProcessHeap
0x40f068 QueryPerformanceCounter
0x40f06c GetCurrentProcessId
0x40f070 GetCurrentThreadId
0x40f074 GetSystemTimeAsFileTime
0x40f078 InitializeSListHead
0x40f07c IsDebuggerPresent
0x40f080 UnhandledExceptionFilter
0x40f084 SetUnhandledExceptionFilter
0x40f088 GetStartupInfoW
0x40f08c IsProcessorFeaturePresent
0x40f090 GetModuleHandleW
0x40f094 GetCurrentProcess
0x40f098 TerminateProcess
0x40f09c RtlUnwind
0x40f0a0 GetLastError
0x40f0a4 SetLastError
0x40f0a8 EnterCriticalSection
0x40f0ac LeaveCriticalSection
0x40f0b0 DeleteCriticalSection
0x40f0b4 InitializeCriticalSectionAndSpinCount
0x40f0b8 TlsAlloc
0x40f0bc TlsGetValue
0x40f0c0 TlsSetValue
0x40f0c4 TlsFree
0x40f0c8 FreeLibrary
0x40f0cc GetProcAddress
0x40f0d0 LoadLibraryExW
0x40f0d4 GetStdHandle
0x40f0d8 WriteFile
0x40f0dc GetModuleFileNameW
0x40f0e0 ExitProcess
0x40f0e4 GetModuleHandleExW
0x40f0e8 HeapFree
0x40f0ec HeapAlloc
0x40f0f0 FindClose
0x40f0f4 FindFirstFileExW
0x40f0f8 FindNextFileW
0x40f0fc IsValidCodePage
0x40f100 GetACP
0x40f104 GetOEMCP
0x40f108 GetCPInfo
0x40f10c GetCommandLineA
0x40f110 WideCharToMultiByte
0x40f114 GetEnvironmentStringsW
0x40f118 FreeEnvironmentStringsW
0x40f11c SetStdHandle
0x40f120 GetFileType
0x40f124 GetStringTypeW
0x40f128 LCMapStringW
0x40f12c RaiseException
USER32.dll
0x40f14c GetDC
0x40f150 GrayStringW
ADVAPI32.dll
0x40f000 RegOpenKeyW
0x40f004 RegCloseKey
0x40f008 RegQueryValueW
SHELL32.dll
0x40f144 CommandLineToArgvW
ole32.dll
0x40f158 CoInitialize
0x40f15c CLSIDFromProgID
0x40f160 CoUninitialize
0x40f164 CoCreateInstance
OLEAUT32.dll
0x40f134 LoadTypeLib
0x40f138 SysFreeString
0x40f13c SysAllocStringLen
EAT(Export Address Table) is none
KERNEL32.dll
0x40f010 CloseHandle
0x40f014 VirtualProtect
0x40f018 CreateFileMappingW
0x40f01c MapViewOfFile
0x40f020 UnmapViewOfFile
0x40f024 lstrcmpW
0x40f028 GetFullPathNameW
0x40f02c MultiByteToWideChar
0x40f030 GetUserDefaultLCID
0x40f034 DecodePointer
0x40f038 WriteConsoleW
0x40f03c GetFileSize
0x40f040 CreateFileW
0x40f044 lstrcatW
0x40f048 GetCommandLineW
0x40f04c SetFilePointerEx
0x40f050 GetConsoleMode
0x40f054 GetConsoleOutputCP
0x40f058 FlushFileBuffers
0x40f05c HeapReAlloc
0x40f060 HeapSize
0x40f064 GetProcessHeap
0x40f068 QueryPerformanceCounter
0x40f06c GetCurrentProcessId
0x40f070 GetCurrentThreadId
0x40f074 GetSystemTimeAsFileTime
0x40f078 InitializeSListHead
0x40f07c IsDebuggerPresent
0x40f080 UnhandledExceptionFilter
0x40f084 SetUnhandledExceptionFilter
0x40f088 GetStartupInfoW
0x40f08c IsProcessorFeaturePresent
0x40f090 GetModuleHandleW
0x40f094 GetCurrentProcess
0x40f098 TerminateProcess
0x40f09c RtlUnwind
0x40f0a0 GetLastError
0x40f0a4 SetLastError
0x40f0a8 EnterCriticalSection
0x40f0ac LeaveCriticalSection
0x40f0b0 DeleteCriticalSection
0x40f0b4 InitializeCriticalSectionAndSpinCount
0x40f0b8 TlsAlloc
0x40f0bc TlsGetValue
0x40f0c0 TlsSetValue
0x40f0c4 TlsFree
0x40f0c8 FreeLibrary
0x40f0cc GetProcAddress
0x40f0d0 LoadLibraryExW
0x40f0d4 GetStdHandle
0x40f0d8 WriteFile
0x40f0dc GetModuleFileNameW
0x40f0e0 ExitProcess
0x40f0e4 GetModuleHandleExW
0x40f0e8 HeapFree
0x40f0ec HeapAlloc
0x40f0f0 FindClose
0x40f0f4 FindFirstFileExW
0x40f0f8 FindNextFileW
0x40f0fc IsValidCodePage
0x40f100 GetACP
0x40f104 GetOEMCP
0x40f108 GetCPInfo
0x40f10c GetCommandLineA
0x40f110 WideCharToMultiByte
0x40f114 GetEnvironmentStringsW
0x40f118 FreeEnvironmentStringsW
0x40f11c SetStdHandle
0x40f120 GetFileType
0x40f124 GetStringTypeW
0x40f128 LCMapStringW
0x40f12c RaiseException
USER32.dll
0x40f14c GetDC
0x40f150 GrayStringW
ADVAPI32.dll
0x40f000 RegOpenKeyW
0x40f004 RegCloseKey
0x40f008 RegQueryValueW
SHELL32.dll
0x40f144 CommandLineToArgvW
ole32.dll
0x40f158 CoInitialize
0x40f15c CLSIDFromProgID
0x40f160 CoUninitialize
0x40f164 CoCreateInstance
OLEAUT32.dll
0x40f134 LoadTypeLib
0x40f138 SysFreeString
0x40f13c SysAllocStringLen
EAT(Export Address Table) is none