ScreenShot
| Created | 2023.01.22 15:48 | Machine | s1_win7_x6401 |
| Filename | bebra.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (PiuffTrojanX, Convagent, GenericKDZ, Trojanpws, Artemis, Unsafe, WinGo, ABRisk, BWYE, Attribute, HighConfidence, a variant of WinGo, Malicious, score, Agen, Majl, AdwareTskLnk, Outbreak, PSWTroj, kcloud, Sabsik, Malware@#7g29j9e3gdh0, Casdet, Detected, R544858, ai score=80, R002H0CAI23, CLOUD, Chgt) | ||
| md5 | 7c3c33a79f460a4536433f5ba99b3fcd | ||
| sha256 | 88dbf134cd4628fc8b97cc1adf5201cae875df1fa5280b3cbc0306478161e9f4 | ||
| ssdeep | 49152:x+ECdxFuMK6Vrb/ThvO90d7HjmAFd4A64nsfJLlvUL8kx/rGEai2XIggXoHmKq8d:wqEXzBhXvZvlTEgAzG5a | ||
| imphash | 57c9b357ae0cb2f414b0a5873e2f216d | ||
| impfuzzy | 96:nB0xlCFX7+C4S5O1eTucwOcX8gXj+JG46BRqt3R:nK3CN774S5lTmXxt46Bct3R | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xbc84fc AddVectoredExceptionHandler
0xbc8504 AreFileApisANSI
0xbc850c CloseHandle
0xbc8514 CreateEventA
0xbc851c CreateFileA
0xbc8524 CreateFileMappingA
0xbc852c CreateFileMappingW
0xbc8534 CreateFileW
0xbc853c CreateIoCompletionPort
0xbc8544 CreateMutexW
0xbc854c CreateThread
0xbc8554 CreateWaitableTimerA
0xbc855c CreateWaitableTimerExW
0xbc8564 DeleteCriticalSection
0xbc856c DeleteFileA
0xbc8574 DeleteFileW
0xbc857c DuplicateHandle
0xbc8584 EnterCriticalSection
0xbc858c ExitProcess
0xbc8594 FlushFileBuffers
0xbc859c FlushViewOfFile
0xbc85a4 FormatMessageA
0xbc85ac FormatMessageW
0xbc85b4 FreeEnvironmentStringsW
0xbc85bc FreeLibrary
0xbc85c4 GetConsoleMode
0xbc85cc GetCurrentProcess
0xbc85d4 GetCurrentProcessId
0xbc85dc GetCurrentThreadId
0xbc85e4 GetDiskFreeSpaceA
0xbc85ec GetDiskFreeSpaceW
0xbc85f4 GetEnvironmentStringsW
0xbc85fc GetFileAttributesA
0xbc8604 GetFileAttributesExW
0xbc860c GetFileAttributesW
0xbc8614 GetFileSize
0xbc861c GetFullPathNameA
0xbc8624 GetFullPathNameW
0xbc862c GetLastError
0xbc8634 GetProcAddress
0xbc863c GetProcessAffinityMask
0xbc8644 GetProcessHeap
0xbc864c GetQueuedCompletionStatusEx
0xbc8654 GetStartupInfoA
0xbc865c GetStdHandle
0xbc8664 GetSystemDirectoryA
0xbc866c GetSystemInfo
0xbc8674 GetSystemTime
0xbc867c GetSystemTimeAsFileTime
0xbc8684 GetTempPathA
0xbc868c GetTempPathW
0xbc8694 GetThreadContext
0xbc869c GetTickCount
0xbc86a4 GetVersionExA
0xbc86ac GetVersionExW
0xbc86b4 HeapAlloc
0xbc86bc HeapCompact
0xbc86c4 HeapCreate
0xbc86cc HeapDestroy
0xbc86d4 HeapFree
0xbc86dc HeapReAlloc
0xbc86e4 HeapSize
0xbc86ec HeapValidate
0xbc86f4 InitializeCriticalSection
0xbc86fc LeaveCriticalSection
0xbc8704 LoadLibraryA
0xbc870c LoadLibraryW
0xbc8714 LocalFree
0xbc871c LockFile
0xbc8724 LockFileEx
0xbc872c MapViewOfFile
0xbc8734 MultiByteToWideChar
0xbc873c OutputDebugStringA
0xbc8744 OutputDebugStringW
0xbc874c PostQueuedCompletionStatus
0xbc8754 QueryPerformanceCounter
0xbc875c ReadFile
0xbc8764 ResumeThread
0xbc876c RtlAddFunctionTable
0xbc8774 RtlCaptureContext
0xbc877c RtlLookupFunctionEntry
0xbc8784 RtlVirtualUnwind
0xbc878c SetConsoleCtrlHandler
0xbc8794 SetEndOfFile
0xbc879c SetErrorMode
0xbc87a4 SetEvent
0xbc87ac SetFilePointer
0xbc87b4 SetProcessPriorityBoost
0xbc87bc SetThreadContext
0xbc87c4 SetUnhandledExceptionFilter
0xbc87cc SetWaitableTimer
0xbc87d4 Sleep
0xbc87dc SuspendThread
0xbc87e4 SwitchToThread
0xbc87ec SystemTimeToFileTime
0xbc87f4 TerminateProcess
0xbc87fc TlsGetValue
0xbc8804 TryEnterCriticalSection
0xbc880c UnhandledExceptionFilter
0xbc8814 UnlockFile
0xbc881c UnlockFileEx
0xbc8824 UnmapViewOfFile
0xbc882c VirtualAlloc
0xbc8834 VirtualFree
0xbc883c VirtualProtect
0xbc8844 VirtualQuery
0xbc884c WaitForMultipleObjects
0xbc8854 WaitForSingleObject
0xbc885c WaitForSingleObjectEx
0xbc8864 WideCharToMultiByte
0xbc886c WriteConsoleW
0xbc8874 WriteFile
0xbc887c __C_specific_handler
msvcrt.dll
0xbc888c __getmainargs
0xbc8894 __initenv
0xbc889c __iob_func
0xbc88a4 __lconv_init
0xbc88ac __set_app_type
0xbc88b4 __setusermatherr
0xbc88bc _acmdln
0xbc88c4 _amsg_exit
0xbc88cc _beginthread
0xbc88d4 _beginthreadex
0xbc88dc _cexit
0xbc88e4 _endthreadex
0xbc88ec _errno
0xbc88f4 _fmode
0xbc88fc _initterm
0xbc8904 _localtime64
0xbc890c _onexit
0xbc8914 abort
0xbc891c calloc
0xbc8924 exit
0xbc892c fprintf
0xbc8934 free
0xbc893c fwrite
0xbc8944 malloc
0xbc894c memcmp
0xbc8954 memcpy
0xbc895c memmove
0xbc8964 memset
0xbc896c qsort
0xbc8974 realloc
0xbc897c signal
0xbc8984 strcmp
0xbc898c strcspn
0xbc8994 strlen
0xbc899c strncmp
0xbc89a4 strrchr
0xbc89ac vfprintf
EAT(Export Address Table) Library
0xbc6e50 _cgo_dummy_export
0x734640 authorizerTrampoline
0x734360 callbackTrampoline
0x734520 commitHookTrampoline
0x734480 compareTrampoline
0x734430 doneTrampoline
0x7346c0 preUpdateHookTrampoline
0x734580 rollbackHookTrampoline
0x7343c0 stepTrampoline
0x7345d0 updateHookTrampoline
KERNEL32.dll
0xbc84fc AddVectoredExceptionHandler
0xbc8504 AreFileApisANSI
0xbc850c CloseHandle
0xbc8514 CreateEventA
0xbc851c CreateFileA
0xbc8524 CreateFileMappingA
0xbc852c CreateFileMappingW
0xbc8534 CreateFileW
0xbc853c CreateIoCompletionPort
0xbc8544 CreateMutexW
0xbc854c CreateThread
0xbc8554 CreateWaitableTimerA
0xbc855c CreateWaitableTimerExW
0xbc8564 DeleteCriticalSection
0xbc856c DeleteFileA
0xbc8574 DeleteFileW
0xbc857c DuplicateHandle
0xbc8584 EnterCriticalSection
0xbc858c ExitProcess
0xbc8594 FlushFileBuffers
0xbc859c FlushViewOfFile
0xbc85a4 FormatMessageA
0xbc85ac FormatMessageW
0xbc85b4 FreeEnvironmentStringsW
0xbc85bc FreeLibrary
0xbc85c4 GetConsoleMode
0xbc85cc GetCurrentProcess
0xbc85d4 GetCurrentProcessId
0xbc85dc GetCurrentThreadId
0xbc85e4 GetDiskFreeSpaceA
0xbc85ec GetDiskFreeSpaceW
0xbc85f4 GetEnvironmentStringsW
0xbc85fc GetFileAttributesA
0xbc8604 GetFileAttributesExW
0xbc860c GetFileAttributesW
0xbc8614 GetFileSize
0xbc861c GetFullPathNameA
0xbc8624 GetFullPathNameW
0xbc862c GetLastError
0xbc8634 GetProcAddress
0xbc863c GetProcessAffinityMask
0xbc8644 GetProcessHeap
0xbc864c GetQueuedCompletionStatusEx
0xbc8654 GetStartupInfoA
0xbc865c GetStdHandle
0xbc8664 GetSystemDirectoryA
0xbc866c GetSystemInfo
0xbc8674 GetSystemTime
0xbc867c GetSystemTimeAsFileTime
0xbc8684 GetTempPathA
0xbc868c GetTempPathW
0xbc8694 GetThreadContext
0xbc869c GetTickCount
0xbc86a4 GetVersionExA
0xbc86ac GetVersionExW
0xbc86b4 HeapAlloc
0xbc86bc HeapCompact
0xbc86c4 HeapCreate
0xbc86cc HeapDestroy
0xbc86d4 HeapFree
0xbc86dc HeapReAlloc
0xbc86e4 HeapSize
0xbc86ec HeapValidate
0xbc86f4 InitializeCriticalSection
0xbc86fc LeaveCriticalSection
0xbc8704 LoadLibraryA
0xbc870c LoadLibraryW
0xbc8714 LocalFree
0xbc871c LockFile
0xbc8724 LockFileEx
0xbc872c MapViewOfFile
0xbc8734 MultiByteToWideChar
0xbc873c OutputDebugStringA
0xbc8744 OutputDebugStringW
0xbc874c PostQueuedCompletionStatus
0xbc8754 QueryPerformanceCounter
0xbc875c ReadFile
0xbc8764 ResumeThread
0xbc876c RtlAddFunctionTable
0xbc8774 RtlCaptureContext
0xbc877c RtlLookupFunctionEntry
0xbc8784 RtlVirtualUnwind
0xbc878c SetConsoleCtrlHandler
0xbc8794 SetEndOfFile
0xbc879c SetErrorMode
0xbc87a4 SetEvent
0xbc87ac SetFilePointer
0xbc87b4 SetProcessPriorityBoost
0xbc87bc SetThreadContext
0xbc87c4 SetUnhandledExceptionFilter
0xbc87cc SetWaitableTimer
0xbc87d4 Sleep
0xbc87dc SuspendThread
0xbc87e4 SwitchToThread
0xbc87ec SystemTimeToFileTime
0xbc87f4 TerminateProcess
0xbc87fc TlsGetValue
0xbc8804 TryEnterCriticalSection
0xbc880c UnhandledExceptionFilter
0xbc8814 UnlockFile
0xbc881c UnlockFileEx
0xbc8824 UnmapViewOfFile
0xbc882c VirtualAlloc
0xbc8834 VirtualFree
0xbc883c VirtualProtect
0xbc8844 VirtualQuery
0xbc884c WaitForMultipleObjects
0xbc8854 WaitForSingleObject
0xbc885c WaitForSingleObjectEx
0xbc8864 WideCharToMultiByte
0xbc886c WriteConsoleW
0xbc8874 WriteFile
0xbc887c __C_specific_handler
msvcrt.dll
0xbc888c __getmainargs
0xbc8894 __initenv
0xbc889c __iob_func
0xbc88a4 __lconv_init
0xbc88ac __set_app_type
0xbc88b4 __setusermatherr
0xbc88bc _acmdln
0xbc88c4 _amsg_exit
0xbc88cc _beginthread
0xbc88d4 _beginthreadex
0xbc88dc _cexit
0xbc88e4 _endthreadex
0xbc88ec _errno
0xbc88f4 _fmode
0xbc88fc _initterm
0xbc8904 _localtime64
0xbc890c _onexit
0xbc8914 abort
0xbc891c calloc
0xbc8924 exit
0xbc892c fprintf
0xbc8934 free
0xbc893c fwrite
0xbc8944 malloc
0xbc894c memcmp
0xbc8954 memcpy
0xbc895c memmove
0xbc8964 memset
0xbc896c qsort
0xbc8974 realloc
0xbc897c signal
0xbc8984 strcmp
0xbc898c strcspn
0xbc8994 strlen
0xbc899c strncmp
0xbc89a4 strrchr
0xbc89ac vfprintf
EAT(Export Address Table) Library
0xbc6e50 _cgo_dummy_export
0x734640 authorizerTrampoline
0x734360 callbackTrampoline
0x734520 commitHookTrampoline
0x734480 compareTrampoline
0x734430 doneTrampoline
0x7346c0 preUpdateHookTrampoline
0x734580 rollbackHookTrampoline
0x7343c0 stepTrampoline
0x7345d0 updateHookTrampoline