ScreenShot
| Created | 2023.12.22 08:13 | Machine | s1_win7_x6401 |
| Filename | brg.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 21 detected (AIDetectMalware, malicious, high confidence, score, unsafe, Attribute, HighConfidence, VMProtect, BB suspicious, FileRepMalware, Generic@AI, RDML, oIf8traIkPa1q7F6UtNdxg, Generic ML PUA, Wacapew, ZexaF, @R1@ayrMj1dj, susgen, confidence) | ||
| md5 | dff334fa8d2c701dba4139875f14c9ff | ||
| sha256 | 8fdeb093bec0bc7dc01ef7f0aa61476deaaddbf42a8da2d711e21693fc3ecbd6 | ||
| ssdeep | 98304:XmQNg/7b+DOWjg5/3xxVAjls6CIcvA/ArCvxU3qthfzJ6FKLN+VzaN44KNPn83Cp:Xev+FkYJCjvWAKmIfzeKL8aNGNPn83Cp | ||
| imphash | a2b52377798765a91e307d887f9408b3 | ||
| impfuzzy | 12:1sXm3EQb4ZGoQtXJxZGb9AJcDfA5kLfP9bOZGqAJcDW:1smEQaQtXJHc9NDI5QVadNDW | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 21 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is likely packed with VMProtect |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| watch | VMProtect_Zero | VMProtect packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x8d4000 HeapCreate
USER32.dll
0x8d4008 DestroyCursor
GDI32.dll
0x8d4010 SetBkMode
ole32.dll
0x8d4018 OleUninitialize
OLEAUT32.dll
0x8d4020 VariantClear
MSVCRT.dll
0x8d4028 _initterm
VERSION.dll
0x8d4030 GetFileVersionInfoW
KERNEL32.dll
0x8d4038 LocalAlloc
0x8d403c LocalFree
0x8d4040 GetModuleFileNameW
0x8d4044 GetProcessAffinityMask
0x8d4048 SetProcessAffinityMask
0x8d404c SetThreadAffinityMask
0x8d4050 Sleep
0x8d4054 ExitProcess
0x8d4058 FreeLibrary
0x8d405c LoadLibraryA
0x8d4060 GetModuleHandleA
0x8d4064 GetProcAddress
USER32.dll
0x8d406c GetProcessWindowStation
0x8d4070 GetUserObjectInformationW
KERNEL32.dll
0x8d4078 HeapAlloc
0x8d407c HeapFree
0x8d4080 ExitProcess
0x8d4084 LoadLibraryA
0x8d4088 GetModuleHandleA
0x8d408c GetProcAddress
EAT(Export Address Table) is none
KERNEL32.dll
0x8d4000 HeapCreate
USER32.dll
0x8d4008 DestroyCursor
GDI32.dll
0x8d4010 SetBkMode
ole32.dll
0x8d4018 OleUninitialize
OLEAUT32.dll
0x8d4020 VariantClear
MSVCRT.dll
0x8d4028 _initterm
VERSION.dll
0x8d4030 GetFileVersionInfoW
KERNEL32.dll
0x8d4038 LocalAlloc
0x8d403c LocalFree
0x8d4040 GetModuleFileNameW
0x8d4044 GetProcessAffinityMask
0x8d4048 SetProcessAffinityMask
0x8d404c SetThreadAffinityMask
0x8d4050 Sleep
0x8d4054 ExitProcess
0x8d4058 FreeLibrary
0x8d405c LoadLibraryA
0x8d4060 GetModuleHandleA
0x8d4064 GetProcAddress
USER32.dll
0x8d406c GetProcessWindowStation
0x8d4070 GetUserObjectInformationW
KERNEL32.dll
0x8d4078 HeapAlloc
0x8d407c HeapFree
0x8d4080 ExitProcess
0x8d4084 LoadLibraryA
0x8d4088 GetModuleHandleA
0x8d408c GetProcAddress
EAT(Export Address Table) is none