ScreenShot
| Created | 2021.11.01 11:15 | Machine | s1_win7_x6401 |
| Filename | LuminarAI.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 19 detected (GenericKD, Artemis, DownLoader43, Sabsik, R002H0DJV21) | ||
| md5 | 7f9ea44699d6223da7f2534cfb3337d8 | ||
| sha256 | f4a41f997c653d47f7e048c5c705bf799e6a01eec36c6a0bffda2cecff141308 | ||
| ssdeep | 384:OQxBpbI/Yqj+IJJh8dg5wY0ymEtg3TTJfYO8ajbm8tLP:1xCRnDRgjTJfYWPTtLP | ||
| imphash | d864f848e8cc402cb451882717c2c0c1 | ||
| impfuzzy | 24:40DRcy2tdSA7IaT5yWNwLTwYgMUJiyWPWKOdUUKMqqB/AzAyihocAJLBSDbJCZhl:jcVtdSGPJNO9/M9qDM+IytYBMQSLMA | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140004000 GetModuleFileNameA
0x140004008 Sleep
0x140004010 LoadLibraryA
0x140004018 GetProcAddress
0x140004020 ExitProcess
0x140004028 FreeLibrary
0x140004030 RtlLookupFunctionEntry
0x140004038 RtlVirtualUnwind
0x140004040 UnhandledExceptionFilter
0x140004048 SetUnhandledExceptionFilter
0x140004050 GetCurrentProcess
0x140004058 TerminateProcess
0x140004060 IsProcessorFeaturePresent
0x140004068 IsDebuggerPresent
0x140004070 GetStartupInfoW
0x140004078 GetModuleHandleW
0x140004080 QueryPerformanceCounter
0x140004088 GetCurrentProcessId
0x140004090 RtlCaptureContext
0x140004098 GetCurrentThreadId
0x1400040a0 GetSystemTimeAsFileTime
0x1400040a8 InitializeSListHead
MSVCP140.dll
0x1400040b8 ?_Xlength_error@std@@YAXPEBD@Z
VCRUNTIME140_1.dll
0x140004128 __CxxFrameHandler4
VCRUNTIME140.dll
0x1400040c8 __current_exception
0x1400040d0 _CxxThrowException
0x1400040d8 __C_specific_handler
0x1400040e0 __std_exception_copy
0x1400040e8 __std_exception_destroy
0x1400040f0 memcpy
0x1400040f8 __current_exception_context
0x140004100 strstr
0x140004108 memchr
0x140004110 memset
0x140004118 memmove
api-ms-win-crt-string-l1-1-0.dll
0x140004228 isalnum
api-ms-win-crt-runtime-l1-1-0.dll
0x140004180 exit
0x140004188 _invalid_parameter_noinfo_noreturn
0x140004190 _initterm_e
0x140004198 _exit
0x1400041a0 terminate
0x1400041a8 _initterm
0x1400041b0 _c_exit
0x1400041b8 _register_thread_local_exe_atexit_callback
0x1400041c0 _seh_filter_exe
0x1400041c8 _cexit
0x1400041d0 _crt_atexit
0x1400041d8 _register_onexit_function
0x1400041e0 _initialize_onexit_table
0x1400041e8 _initialize_narrow_environment
0x1400041f0 _configure_narrow_argv
0x1400041f8 _set_app_type
0x140004200 _get_narrow_winmain_command_line
api-ms-win-crt-heap-l1-1-0.dll
0x140004138 free
0x140004140 _set_new_mode
0x140004148 _callnewh
0x140004150 malloc
api-ms-win-crt-math-l1-1-0.dll
0x140004170 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140004210 _set_fmode
0x140004218 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x140004160 _configthreadlocale
EAT(Export Address Table) Library
0x140002080 exec
KERNEL32.dll
0x140004000 GetModuleFileNameA
0x140004008 Sleep
0x140004010 LoadLibraryA
0x140004018 GetProcAddress
0x140004020 ExitProcess
0x140004028 FreeLibrary
0x140004030 RtlLookupFunctionEntry
0x140004038 RtlVirtualUnwind
0x140004040 UnhandledExceptionFilter
0x140004048 SetUnhandledExceptionFilter
0x140004050 GetCurrentProcess
0x140004058 TerminateProcess
0x140004060 IsProcessorFeaturePresent
0x140004068 IsDebuggerPresent
0x140004070 GetStartupInfoW
0x140004078 GetModuleHandleW
0x140004080 QueryPerformanceCounter
0x140004088 GetCurrentProcessId
0x140004090 RtlCaptureContext
0x140004098 GetCurrentThreadId
0x1400040a0 GetSystemTimeAsFileTime
0x1400040a8 InitializeSListHead
MSVCP140.dll
0x1400040b8 ?_Xlength_error@std@@YAXPEBD@Z
VCRUNTIME140_1.dll
0x140004128 __CxxFrameHandler4
VCRUNTIME140.dll
0x1400040c8 __current_exception
0x1400040d0 _CxxThrowException
0x1400040d8 __C_specific_handler
0x1400040e0 __std_exception_copy
0x1400040e8 __std_exception_destroy
0x1400040f0 memcpy
0x1400040f8 __current_exception_context
0x140004100 strstr
0x140004108 memchr
0x140004110 memset
0x140004118 memmove
api-ms-win-crt-string-l1-1-0.dll
0x140004228 isalnum
api-ms-win-crt-runtime-l1-1-0.dll
0x140004180 exit
0x140004188 _invalid_parameter_noinfo_noreturn
0x140004190 _initterm_e
0x140004198 _exit
0x1400041a0 terminate
0x1400041a8 _initterm
0x1400041b0 _c_exit
0x1400041b8 _register_thread_local_exe_atexit_callback
0x1400041c0 _seh_filter_exe
0x1400041c8 _cexit
0x1400041d0 _crt_atexit
0x1400041d8 _register_onexit_function
0x1400041e0 _initialize_onexit_table
0x1400041e8 _initialize_narrow_environment
0x1400041f0 _configure_narrow_argv
0x1400041f8 _set_app_type
0x140004200 _get_narrow_winmain_command_line
api-ms-win-crt-heap-l1-1-0.dll
0x140004138 free
0x140004140 _set_new_mode
0x140004148 _callnewh
0x140004150 malloc
api-ms-win-crt-math-l1-1-0.dll
0x140004170 __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll
0x140004210 _set_fmode
0x140004218 __p__commode
api-ms-win-crt-locale-l1-1-0.dll
0x140004160 _configthreadlocale
EAT(Export Address Table) Library
0x140002080 exec