ScreenShot
| Created | 2023.12.23 18:24 | Machine | s1_win7_x6401 |
| Filename | lumtru.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 64 detected (AIDetectMalware, SmokeLoader, malicious, high confidence, GenericKD, Stop, FWBQ, Kryptik, Save, TrojanPSW, confidence, 100%, ZexaF, Cq0@aWJCaJdG, Genus, HVOX, Stealerc, kfqqip, BootkitX, Obfuscated, GenSHCode, moarb, LUMMASTEALER, YXDLNZ, moderate, score, Krypt, Static AI, Malicious PE, ai score=88, GenKD, Detected, Eldorado, AMBI, Sabsik, R627622, BScope, Convagent, unsafe, Chgt, CLASSIC, uDdvjCG+6v0, Azorult, susgen, GenKryptik, GREB) | ||
| md5 | 700a9938d0fcff91df12cbefe7435c88 | ||
| sha256 | 946583a0803167de24c7c0d768fe49546108e43500a1c2c838e7e0560addc818 | ||
| ssdeep | 6144:btb2kbTOXb1JSqar6LNzVLReCCOQ6j4zu+jf6U5peQRVOm+T:MaTOqq+6LNzjwxPfhCQRVOmW | ||
| imphash | 7894ebd869f40ac69e6712adb71cda3c | ||
| impfuzzy | 24:bP3grkrkRIFf34JFElJcDO3/4j+FvvvvTM6YOo4mdHtKLOovJK0+cfplOFQ8RyvU:bvRf4FWz5QdXdHtK6Hrcfp/bSZgqB | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 64 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44d010 SystemTimeToTzSpecificLocalTime
0x44d014 InterlockedIncrement
0x44d018 GetCurrentProcess
0x44d01c GetSystemWindowsDirectoryW
0x44d020 InterlockedCompareExchange
0x44d024 BackupSeek
0x44d028 GetModuleHandleW
0x44d02c GetTickCount
0x44d030 FindNextVolumeMountPointA
0x44d034 GetConsoleAliasesLengthA
0x44d038 TlsSetValue
0x44d03c GetCurrencyFormatW
0x44d040 GlobalAlloc
0x44d044 LoadLibraryW
0x44d048 Sleep
0x44d04c AssignProcessToJobObject
0x44d050 SizeofResource
0x44d054 GetVersionExW
0x44d058 EnumResourceLanguagesA
0x44d05c ReadFile
0x44d060 CreateFileW
0x44d064 GetVolumePathNameA
0x44d068 CreateJobObjectA
0x44d06c LCMapStringA
0x44d070 GlobalDeleteAtom
0x44d074 GetLastError
0x44d078 SetLastError
0x44d07c GetProcAddress
0x44d080 GetProcessHeaps
0x44d084 VirtualAlloc
0x44d088 BackupWrite
0x44d08c EnumDateFormatsExA
0x44d090 SetComputerNameA
0x44d094 LoadLibraryA
0x44d098 OpenMutexA
0x44d09c CreateFileMappingA
0x44d0a0 CreateFileMappingW
0x44d0a4 FindFirstVolumeMountPointW
0x44d0a8 BeginUpdateResourceA
0x44d0ac GlobalFindAtomW
0x44d0b0 CreateIoCompletionPort
0x44d0b4 FindFirstChangeNotificationA
0x44d0b8 VirtualProtect
0x44d0bc OpenSemaphoreW
0x44d0c0 FindAtomW
0x44d0c4 GlobalAddAtomW
0x44d0c8 GetComputerNameA
0x44d0cc GetDateFormatW
0x44d0d0 InterlockedExchange
0x44d0d4 GetFullPathNameW
0x44d0d8 UnhandledExceptionFilter
0x44d0dc SetUnhandledExceptionFilter
0x44d0e0 ExitProcess
0x44d0e4 GetCommandLineA
0x44d0e8 GetStartupInfoA
0x44d0ec WriteFile
0x44d0f0 GetStdHandle
0x44d0f4 GetModuleFileNameA
0x44d0f8 GetCPInfo
0x44d0fc InterlockedDecrement
0x44d100 GetACP
0x44d104 GetOEMCP
0x44d108 IsValidCodePage
0x44d10c TlsGetValue
0x44d110 TlsAlloc
0x44d114 TlsFree
0x44d118 GetCurrentThreadId
0x44d11c HeapSize
0x44d120 HeapFree
0x44d124 TerminateProcess
0x44d128 IsDebuggerPresent
0x44d12c DeleteCriticalSection
0x44d130 LeaveCriticalSection
0x44d134 EnterCriticalSection
0x44d138 InitializeCriticalSectionAndSpinCount
0x44d13c FreeEnvironmentStringsA
0x44d140 GetEnvironmentStrings
0x44d144 FreeEnvironmentStringsW
0x44d148 WideCharToMultiByte
0x44d14c GetEnvironmentStringsW
0x44d150 SetHandleCount
0x44d154 GetFileType
0x44d158 HeapCreate
0x44d15c VirtualFree
0x44d160 QueryPerformanceCounter
0x44d164 GetCurrentProcessId
0x44d168 GetSystemTimeAsFileTime
0x44d16c MultiByteToWideChar
0x44d170 LCMapStringW
0x44d174 GetStringTypeA
0x44d178 GetStringTypeW
0x44d17c GetLocaleInfoA
0x44d180 HeapAlloc
0x44d184 HeapReAlloc
0x44d188 RtlUnwind
GDI32.dll
0x44d008 SetDeviceGammaRamp
ADVAPI32.dll
0x44d000 RegisterEventSourceW
MSIMG32.dll
0x44d190 AlphaBlend
EAT(Export Address Table) is none
KERNEL32.dll
0x44d010 SystemTimeToTzSpecificLocalTime
0x44d014 InterlockedIncrement
0x44d018 GetCurrentProcess
0x44d01c GetSystemWindowsDirectoryW
0x44d020 InterlockedCompareExchange
0x44d024 BackupSeek
0x44d028 GetModuleHandleW
0x44d02c GetTickCount
0x44d030 FindNextVolumeMountPointA
0x44d034 GetConsoleAliasesLengthA
0x44d038 TlsSetValue
0x44d03c GetCurrencyFormatW
0x44d040 GlobalAlloc
0x44d044 LoadLibraryW
0x44d048 Sleep
0x44d04c AssignProcessToJobObject
0x44d050 SizeofResource
0x44d054 GetVersionExW
0x44d058 EnumResourceLanguagesA
0x44d05c ReadFile
0x44d060 CreateFileW
0x44d064 GetVolumePathNameA
0x44d068 CreateJobObjectA
0x44d06c LCMapStringA
0x44d070 GlobalDeleteAtom
0x44d074 GetLastError
0x44d078 SetLastError
0x44d07c GetProcAddress
0x44d080 GetProcessHeaps
0x44d084 VirtualAlloc
0x44d088 BackupWrite
0x44d08c EnumDateFormatsExA
0x44d090 SetComputerNameA
0x44d094 LoadLibraryA
0x44d098 OpenMutexA
0x44d09c CreateFileMappingA
0x44d0a0 CreateFileMappingW
0x44d0a4 FindFirstVolumeMountPointW
0x44d0a8 BeginUpdateResourceA
0x44d0ac GlobalFindAtomW
0x44d0b0 CreateIoCompletionPort
0x44d0b4 FindFirstChangeNotificationA
0x44d0b8 VirtualProtect
0x44d0bc OpenSemaphoreW
0x44d0c0 FindAtomW
0x44d0c4 GlobalAddAtomW
0x44d0c8 GetComputerNameA
0x44d0cc GetDateFormatW
0x44d0d0 InterlockedExchange
0x44d0d4 GetFullPathNameW
0x44d0d8 UnhandledExceptionFilter
0x44d0dc SetUnhandledExceptionFilter
0x44d0e0 ExitProcess
0x44d0e4 GetCommandLineA
0x44d0e8 GetStartupInfoA
0x44d0ec WriteFile
0x44d0f0 GetStdHandle
0x44d0f4 GetModuleFileNameA
0x44d0f8 GetCPInfo
0x44d0fc InterlockedDecrement
0x44d100 GetACP
0x44d104 GetOEMCP
0x44d108 IsValidCodePage
0x44d10c TlsGetValue
0x44d110 TlsAlloc
0x44d114 TlsFree
0x44d118 GetCurrentThreadId
0x44d11c HeapSize
0x44d120 HeapFree
0x44d124 TerminateProcess
0x44d128 IsDebuggerPresent
0x44d12c DeleteCriticalSection
0x44d130 LeaveCriticalSection
0x44d134 EnterCriticalSection
0x44d138 InitializeCriticalSectionAndSpinCount
0x44d13c FreeEnvironmentStringsA
0x44d140 GetEnvironmentStrings
0x44d144 FreeEnvironmentStringsW
0x44d148 WideCharToMultiByte
0x44d14c GetEnvironmentStringsW
0x44d150 SetHandleCount
0x44d154 GetFileType
0x44d158 HeapCreate
0x44d15c VirtualFree
0x44d160 QueryPerformanceCounter
0x44d164 GetCurrentProcessId
0x44d168 GetSystemTimeAsFileTime
0x44d16c MultiByteToWideChar
0x44d170 LCMapStringW
0x44d174 GetStringTypeA
0x44d178 GetStringTypeW
0x44d17c GetLocaleInfoA
0x44d180 HeapAlloc
0x44d184 HeapReAlloc
0x44d188 RtlUnwind
GDI32.dll
0x44d008 SetDeviceGammaRamp
ADVAPI32.dll
0x44d000 RegisterEventSourceW
MSIMG32.dll
0x44d190 AlphaBlend
EAT(Export Address Table) is none