ScreenShot
| Created | 2023.09.23 09:42 | Machine | s1_win7_x6401 |
| Filename | LummaC2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 38 detected (AIDetectMalware, Zusy, PasswordStealer, Save, malicious, confidence, Eldorado, Attribute, HighConfidence, high confidence, score, TrojanX, high, Wacapew, Detected, R605906, ZexaF, DqW@aesJbYj, ai score=83, BScope, Hlux, unsafe, Generic@AI, RDML, aNEfWfH8vYsP7807BTTRzw, Static AI, Suspicious PE) | ||
| md5 | c2ffa5554a8f784cca5476aa87f575e8 | ||
| sha256 | de5c0ce6a181e9a308d7487caaecf33082793cddf0381efa66facfef695e7459 | ||
| ssdeep | 12288:EsAA+RVy+MBlSPyJVuoBa8YyANOV5qp1L0i:E7Auy/Bl6gVJa8fJV5Yx | ||
| imphash | f6f05543bfd8242a24ed7d1738a5cdb5 | ||
| impfuzzy | 48:UXQCt6x3on1LqbmKMJBjO6rcRglyD4rzF5bxtehOh+d6:IQCt6in1LxKGVO6rc6RGAh+M | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| notice | A process attempted to delay the analysis task. |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4727e4 CloseHandle
0x4727e8 CompareStringW
0x4727ec CreateDirectoryW
0x4727f0 CreateFileA
0x4727f4 CreateFileW
0x4727f8 CreateProcessW
0x4727fc DecodePointer
0x472800 DeleteCriticalSection
0x472804 EncodePointer
0x472808 EnterCriticalSection
0x47280c ExitProcess
0x472810 ExpandEnvironmentStringsW
0x472814 FileTimeToSystemTime
0x472818 FindClose
0x47281c FindFirstFileExW
0x472820 FindNextFileW
0x472824 FlushFileBuffers
0x472828 FreeEnvironmentStringsW
0x47282c FreeLibrary
0x472830 GetACP
0x472834 GetCPInfo
0x472838 GetCommandLineA
0x47283c GetCommandLineW
0x472840 GetComputerNameExA
0x472844 GetComputerNameW
0x472848 GetConsoleMode
0x47284c GetConsoleOutputCP
0x472850 GetCurrentDirectoryW
0x472854 GetCurrentProcess
0x472858 GetCurrentProcessId
0x47285c GetCurrentThreadId
0x472860 GetDriveTypeW
0x472864 GetEnvironmentStringsW
0x472868 GetFileInformationByHandle
0x47286c GetFileSizeEx
0x472870 GetFileType
0x472874 GetFullPathNameW
0x472878 GetLastError
0x47287c GetModuleFileNameA
0x472880 GetModuleFileNameW
0x472884 GetModuleHandleExW
0x472888 GetModuleHandleW
0x47288c GetOEMCP
0x472890 GetProcAddress
0x472894 GetProcessHeap
0x472898 GetStartupInfoW
0x47289c GetStdHandle
0x4728a0 GetStringTypeW
0x4728a4 GetSystemTimeAsFileTime
0x4728a8 GetTimeZoneInformation
0x4728ac GetVolumeInformationW
0x4728b0 HeapAlloc
0x4728b4 HeapFree
0x4728b8 HeapReAlloc
0x4728bc HeapSize
0x4728c0 InitializeCriticalSectionAndSpinCount
0x4728c4 InitializeSListHead
0x4728c8 IsDebuggerPresent
0x4728cc IsProcessorFeaturePresent
0x4728d0 IsValidCodePage
0x4728d4 K32EnumProcesses
0x4728d8 LCMapStringW
0x4728dc LeaveCriticalSection
0x4728e0 LoadLibraryA
0x4728e4 LoadLibraryExW
0x4728e8 LoadLibraryW
0x4728ec MultiByteToWideChar
0x4728f0 PeekNamedPipe
0x4728f4 QueryPerformanceCounter
0x4728f8 RaiseException
0x4728fc ReadConsoleW
0x472900 ReadFile
0x472904 RtlUnwind
0x472908 SetEndOfFile
0x47290c SetEnvironmentVariableW
0x472910 SetFilePointerEx
0x472914 SetFileTime
0x472918 SetLastError
0x47291c SetStdHandle
0x472920 SetUnhandledExceptionFilter
0x472924 Sleep
0x472928 SystemTimeToFileTime
0x47292c SystemTimeToTzSpecificLocalTime
0x472930 TerminateProcess
0x472934 TlsAlloc
0x472938 TlsFree
0x47293c TlsGetValue
0x472940 TlsSetValue
0x472944 TzSpecificLocalTimeToSystemTime
0x472948 UnhandledExceptionFilter
0x47294c WideCharToMultiByte
0x472950 WinExec
0x472954 WriteConsoleW
0x472958 WriteFile
0x47295c lstrcatW
0x472960 lstrcmpW
0x472964 lstrcmpiW
0x472968 lstrlenW
USER32.dll
0x472970 EnumDisplayDevicesA
0x472974 GetCursorPos
0x472978 GetDC
0x47297c GetDesktopWindow
0x472980 GetSystemMetrics
0x472984 ReleaseDC
0x472988 SystemParametersInfoW
0x47298c wsprintfW
ADVAPI32.dll
0x472994 GetCurrentHwProfileW
0x472998 RegCloseKey
0x47299c RegEnumKeyExW
0x4729a0 RegOpenKeyExW
0x4729a4 RegQueryValueExW
GDI32.dll
0x4729ac BitBlt
0x4729b0 CreateCompatibleBitmap
0x4729b4 CreateCompatibleDC
0x4729b8 CreateDCW
0x4729bc DeleteDC
0x4729c0 DeleteObject
0x4729c4 GetDIBits
0x4729c8 GetObjectW
0x4729cc SelectObject
SHLWAPI.dll
0x4729d4 PathFileExistsW
WINHTTP.dll
0x4729dc WinHttpCloseHandle
0x4729e0 WinHttpConnect
0x4729e4 WinHttpCrackUrl
0x4729e8 WinHttpOpen
0x4729ec WinHttpOpenRequest
0x4729f0 WinHttpQueryDataAvailable
0x4729f4 WinHttpReadData
0x4729f8 WinHttpReceiveResponse
0x4729fc WinHttpSendRequest
IPHLPAPI.DLL
0x472a04 GetAdaptersInfo
WININET.dll
0x472a0c InternetQueryDataAvailable
0x472a10 InternetReadFile
CRYPT32.dll
0x472a18 CryptStringToBinaryA
EAT(Export Address Table) is none
KERNEL32.dll
0x4727e4 CloseHandle
0x4727e8 CompareStringW
0x4727ec CreateDirectoryW
0x4727f0 CreateFileA
0x4727f4 CreateFileW
0x4727f8 CreateProcessW
0x4727fc DecodePointer
0x472800 DeleteCriticalSection
0x472804 EncodePointer
0x472808 EnterCriticalSection
0x47280c ExitProcess
0x472810 ExpandEnvironmentStringsW
0x472814 FileTimeToSystemTime
0x472818 FindClose
0x47281c FindFirstFileExW
0x472820 FindNextFileW
0x472824 FlushFileBuffers
0x472828 FreeEnvironmentStringsW
0x47282c FreeLibrary
0x472830 GetACP
0x472834 GetCPInfo
0x472838 GetCommandLineA
0x47283c GetCommandLineW
0x472840 GetComputerNameExA
0x472844 GetComputerNameW
0x472848 GetConsoleMode
0x47284c GetConsoleOutputCP
0x472850 GetCurrentDirectoryW
0x472854 GetCurrentProcess
0x472858 GetCurrentProcessId
0x47285c GetCurrentThreadId
0x472860 GetDriveTypeW
0x472864 GetEnvironmentStringsW
0x472868 GetFileInformationByHandle
0x47286c GetFileSizeEx
0x472870 GetFileType
0x472874 GetFullPathNameW
0x472878 GetLastError
0x47287c GetModuleFileNameA
0x472880 GetModuleFileNameW
0x472884 GetModuleHandleExW
0x472888 GetModuleHandleW
0x47288c GetOEMCP
0x472890 GetProcAddress
0x472894 GetProcessHeap
0x472898 GetStartupInfoW
0x47289c GetStdHandle
0x4728a0 GetStringTypeW
0x4728a4 GetSystemTimeAsFileTime
0x4728a8 GetTimeZoneInformation
0x4728ac GetVolumeInformationW
0x4728b0 HeapAlloc
0x4728b4 HeapFree
0x4728b8 HeapReAlloc
0x4728bc HeapSize
0x4728c0 InitializeCriticalSectionAndSpinCount
0x4728c4 InitializeSListHead
0x4728c8 IsDebuggerPresent
0x4728cc IsProcessorFeaturePresent
0x4728d0 IsValidCodePage
0x4728d4 K32EnumProcesses
0x4728d8 LCMapStringW
0x4728dc LeaveCriticalSection
0x4728e0 LoadLibraryA
0x4728e4 LoadLibraryExW
0x4728e8 LoadLibraryW
0x4728ec MultiByteToWideChar
0x4728f0 PeekNamedPipe
0x4728f4 QueryPerformanceCounter
0x4728f8 RaiseException
0x4728fc ReadConsoleW
0x472900 ReadFile
0x472904 RtlUnwind
0x472908 SetEndOfFile
0x47290c SetEnvironmentVariableW
0x472910 SetFilePointerEx
0x472914 SetFileTime
0x472918 SetLastError
0x47291c SetStdHandle
0x472920 SetUnhandledExceptionFilter
0x472924 Sleep
0x472928 SystemTimeToFileTime
0x47292c SystemTimeToTzSpecificLocalTime
0x472930 TerminateProcess
0x472934 TlsAlloc
0x472938 TlsFree
0x47293c TlsGetValue
0x472940 TlsSetValue
0x472944 TzSpecificLocalTimeToSystemTime
0x472948 UnhandledExceptionFilter
0x47294c WideCharToMultiByte
0x472950 WinExec
0x472954 WriteConsoleW
0x472958 WriteFile
0x47295c lstrcatW
0x472960 lstrcmpW
0x472964 lstrcmpiW
0x472968 lstrlenW
USER32.dll
0x472970 EnumDisplayDevicesA
0x472974 GetCursorPos
0x472978 GetDC
0x47297c GetDesktopWindow
0x472980 GetSystemMetrics
0x472984 ReleaseDC
0x472988 SystemParametersInfoW
0x47298c wsprintfW
ADVAPI32.dll
0x472994 GetCurrentHwProfileW
0x472998 RegCloseKey
0x47299c RegEnumKeyExW
0x4729a0 RegOpenKeyExW
0x4729a4 RegQueryValueExW
GDI32.dll
0x4729ac BitBlt
0x4729b0 CreateCompatibleBitmap
0x4729b4 CreateCompatibleDC
0x4729b8 CreateDCW
0x4729bc DeleteDC
0x4729c0 DeleteObject
0x4729c4 GetDIBits
0x4729c8 GetObjectW
0x4729cc SelectObject
SHLWAPI.dll
0x4729d4 PathFileExistsW
WINHTTP.dll
0x4729dc WinHttpCloseHandle
0x4729e0 WinHttpConnect
0x4729e4 WinHttpCrackUrl
0x4729e8 WinHttpOpen
0x4729ec WinHttpOpenRequest
0x4729f0 WinHttpQueryDataAvailable
0x4729f4 WinHttpReadData
0x4729f8 WinHttpReceiveResponse
0x4729fc WinHttpSendRequest
IPHLPAPI.DLL
0x472a04 GetAdaptersInfo
WININET.dll
0x472a0c InternetQueryDataAvailable
0x472a10 InternetReadFile
CRYPT32.dll
0x472a18 CryptStringToBinaryA
EAT(Export Address Table) is none