popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

lumma2806.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 1, 2024, 9:36 a.m. July 1, 2024, 9:38 a.m.
Size 516.0KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 0309dd0131150796ea99b30a62194fae
SHA256 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35
CRC32 A5E74164
ssdeep 12288:YwFARGxNB+mIuUOI+J0X6KALNGK34y1sB2Y+Jg4c:Yj4xb+mrZj1VHSB2Y6d
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .BsS
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 

        
      
      
      

    
  
    
      
        exception.instruction_r:
        81 3e 4c 6f 61 64 75 f2 81 7e 08 61 72 79 41 75
        

      
        exception.instruction:
        cmp dword ptr [esi], 0x64616f4c
        

      
        exception.exception_code:
        0xc0000005
        

      
        exception.symbol:
        
        

      
        exception.address:
        0x3c01cb
        

      
    
  
    
      
        registers.esp:
        14547348
        

      
        registers.edi:
        1969008856
        

      
        registers.eax:
        1968766976
        

      
        registers.ebp:
        637
        

      
        registers.edx:
        1969006304
        

      
        registers.ebx:
        0
        

      
        registers.esi:
        1970143252
        

      
        registers.ecx:
        0
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1648
        
      
      
      

    
  
    
      region_size:
      
        
          4096
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x003c0000
        
      
      
      

    
  
    
      allocation_type:
      
        
          4096
        
      
      
        (MEM_COMMIT)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x0004fe00', u'virtual_address': u'0x00030000', u'entropy': 7.990757511119705, u'name': u'.data', u'virtual_size': u'0x00050cf4'}
                                        
                                    
                                        
                                            entropy
                                            7.99075751112
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            entropy
                                            0.620388349515
                                        
                                    
                                        
                                            description
                                            Overall entropy of this PE file is high
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    Bkav
                                    W32.AIDetectMalware
                                    
                                


                            

                        

                            

                                

                                    Elastic
                                    malicious (high confidence)
                                    
                                


                            

                        

                            

                                

                                    Cynet
                                    Malicious (score: 100)
                                    
                                


                            

                        

                            

                                

                                    Skyhigh
                                    BehavesLike.Win32.Generic.hc
                                    
                                


                            

                        

                            

                                

                                    ALYac
                                    Gen:Variant.Lazy.560149
                                    
                                


                            

                        

                            

                                

                                    Cylance
                                    Unsafe
                                    
                                


                            

                        

                            

                                

                                    Sangfor
                                    Trojan.Win32.Save.a
                                    
                                


                            

                        

                            

                                

                                    BitDefender
                                    Gen:Variant.Lazy.560149
                                    
                                


                            

                        

                            

                                

                                    Arcabit
                                    Trojan.Lazy.D88C15
                                    
                                


                            

                        

                            

                                

                                    Symantec
                                    ML.Attribute.HighConfidence
                                    
                                


                            

                        

                            

                                

                                    ESET-NOD32
                                    a variant of Win32/Kryptik.HXDB
                                    
                                


                            

                        

                            

                                

                                    APEX
                                    Malicious
                                    
                                


                            

                        

                            

                                

                                    Avast
                                    Win32:PWSX-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    ClamAV
                                    Win.Keylogger.Lazy-10031941-0
                                    
                                


                            

                        

                            

                                

                                    Kaspersky
                                    HEUR:Trojan.Win32.Injuke.gen
                                    
                                


                            

                        

                            

                                

                                    MicroWorld-eScan
                                    Gen:Variant.Lazy.560149
                                    
                                


                            

                        

                            

                                

                                    Rising
                                    Stealer.Reline!8.132F4 (TFE:5:glZK8UokgrV)
                                    
                                


                            

                        

                            

                                

                                    Emsisoft
                                    Gen:Variant.Lazy.560149 (B)
                                    
                                


                            

                        

                            

                                

                                    TrendMicro
                                    Mal_Locky-1
                                    
                                


                            

                        

                            

                                

                                    McAfeeD
                                    ti!07C09BA5A84F
                                    
                                


                            

                        

                            

                                

                                    Trapmine
                                    malicious.high.ml.score
                                    
                                


                            

                        

                            

                                

                                    FireEye
                                    Generic.mg.0309dd0131150796
                                    
                                


                            

                        

                            

                                

                                    Sophos
                                    ML/PE-A
                                    
                                


                            

                        

                            

                                

                                    Ikarus
                                    Trojan-Spy.LummaStealer
                                    
                                


                            

                        

                            

                                

                                    Google
                                    Detected
                                    
                                


                            

                        

                            

                                

                                    MAX
                                    malware (ai score=80)
                                    
                                


                            

                        

                            

                                

                                    Microsoft
                                    Trojan:Win32/Sabsik.FL.B!ml
                                    
                                


                            

                        

                            

                                

                                    ZoneAlarm
                                    HEUR:Trojan.Win32.Injuke.gen
                                    
                                


                            

                        

                            

                                

                                    GData
                                    Gen:Variant.Lazy.560149
                                    
                                


                            

                        

                            

                                

                                    Varist
                                    W32/Kryptik.MJE.gen!Eldorado
                                    
                                


                            

                        

                            

                                

                                    BitDefenderTheta
                                    Gen:NN.ZexaE.36808.GuW@aG0fYbp
                                    
                                


                            

                        

                            

                                

                                    DeepInstinct
                                    MALICIOUS
                                    
                                


                            

                        

                            

                                

                                    VBA32
                                    BScope.TrojanPSW.MSIL.Convagent
                                    
                                


                            

                        

                            

                                

                                    TrendMicro-HouseCall
                                    Mal_Locky-1
                                    
                                


                            

                        

                            

                                

                                    SentinelOne
                                    Static AI - Malicious PE
                                    
                                


                            

                        

                            

                                

                                    MaxSecure
                                    Trojan.Malware.300983.susgen
                                    
                                


                            

                        

                            

                                

                                    AVG
                                    Win32:PWSX-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    CrowdStrike
                                    win/malicious_confidence_100% (D)