ScreenShot
| Created | 2024.06.20 17:33 | Machine | s1_win7_x6401 |
| Filename | lumma1906.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 43 detected (AIDetectMalware, Reline, malicious, high confidence, score, Unsafe, Save, None, Attribute, HighConfidence, GenKryptik, GYWE, Lazy, GenericKD, cc1urRePFHP, AGEN, Real Protect, high, Krypt, Stealerc, Detected, Sabsik, Kryptik, USJAHJ, Eldorado, R654391, ZexaF, GqW@ailLxNh, LUMMASTEALER, YXEFSZ, ai score=82, Chgt, confidence, 100%) | ||
| md5 | 555259d9ac1f9da27667485bfc3ab9af | ||
| sha256 | fa4491dbe5eb3d35c9f5884d746235769999d536d30033f4cf38633ce2343ede | ||
| ssdeep | 12288:4MLTuJtddskY7k1dyXbRQESs/mFKXuiPK0Lv:4zJth1IxQShPK0L | ||
| imphash | 99046e3afc60e2ca10c62342349ab573 | ||
| impfuzzy | 24:RPjlLLcpVJ+ZQD2teEGhlJBl39RPiDZMv1GMAkpOovbOPZ1:DLcpVJ2pteEGnp3EZGA33 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ADVAPI32.dll
0x42c000 GetNumberOfEventLogRecords
KERNEL32.dll
0x42c008 CreateFileW
0x42c00c HeapSize
0x42c010 WriteConsoleW
0x42c014 CloseHandle
0x42c018 WaitForSingleObject
0x42c01c CreateThread
0x42c020 VirtualAlloc
0x42c024 GetCurrentThreadId
0x42c028 WideCharToMultiByte
0x42c02c MultiByteToWideChar
0x42c030 GetStringTypeW
0x42c034 EnterCriticalSection
0x42c038 LeaveCriticalSection
0x42c03c InitializeCriticalSectionEx
0x42c040 DeleteCriticalSection
0x42c044 QueryPerformanceCounter
0x42c048 EncodePointer
0x42c04c DecodePointer
0x42c050 LCMapStringEx
0x42c054 GetSystemTimeAsFileTime
0x42c058 GetModuleHandleW
0x42c05c GetProcAddress
0x42c060 GetCPInfo
0x42c064 IsProcessorFeaturePresent
0x42c068 UnhandledExceptionFilter
0x42c06c SetUnhandledExceptionFilter
0x42c070 GetCurrentProcess
0x42c074 TerminateProcess
0x42c078 GetCurrentProcessId
0x42c07c InitializeSListHead
0x42c080 IsDebuggerPresent
0x42c084 GetStartupInfoW
0x42c088 GetProcessHeap
0x42c08c RaiseException
0x42c090 RtlUnwind
0x42c094 GetLastError
0x42c098 SetLastError
0x42c09c InitializeCriticalSectionAndSpinCount
0x42c0a0 TlsAlloc
0x42c0a4 TlsGetValue
0x42c0a8 TlsSetValue
0x42c0ac TlsFree
0x42c0b0 FreeLibrary
0x42c0b4 LoadLibraryExW
0x42c0b8 GetModuleHandleExW
0x42c0bc GetStdHandle
0x42c0c0 WriteFile
0x42c0c4 GetModuleFileNameW
0x42c0c8 ExitProcess
0x42c0cc HeapAlloc
0x42c0d0 HeapFree
0x42c0d4 LCMapStringW
0x42c0d8 GetLocaleInfoW
0x42c0dc IsValidLocale
0x42c0e0 GetUserDefaultLCID
0x42c0e4 EnumSystemLocalesW
0x42c0e8 GetFileType
0x42c0ec FlushFileBuffers
0x42c0f0 GetConsoleOutputCP
0x42c0f4 GetConsoleMode
0x42c0f8 ReadFile
0x42c0fc GetFileSizeEx
0x42c100 SetFilePointerEx
0x42c104 ReadConsoleW
0x42c108 HeapReAlloc
0x42c10c FindClose
0x42c110 FindFirstFileExW
0x42c114 FindNextFileW
0x42c118 IsValidCodePage
0x42c11c GetACP
0x42c120 GetOEMCP
0x42c124 GetCommandLineA
0x42c128 GetCommandLineW
0x42c12c GetEnvironmentStringsW
0x42c130 FreeEnvironmentStringsW
0x42c134 SetStdHandle
0x42c138 SetEndOfFile
EAT(Export Address Table) is none
ADVAPI32.dll
0x42c000 GetNumberOfEventLogRecords
KERNEL32.dll
0x42c008 CreateFileW
0x42c00c HeapSize
0x42c010 WriteConsoleW
0x42c014 CloseHandle
0x42c018 WaitForSingleObject
0x42c01c CreateThread
0x42c020 VirtualAlloc
0x42c024 GetCurrentThreadId
0x42c028 WideCharToMultiByte
0x42c02c MultiByteToWideChar
0x42c030 GetStringTypeW
0x42c034 EnterCriticalSection
0x42c038 LeaveCriticalSection
0x42c03c InitializeCriticalSectionEx
0x42c040 DeleteCriticalSection
0x42c044 QueryPerformanceCounter
0x42c048 EncodePointer
0x42c04c DecodePointer
0x42c050 LCMapStringEx
0x42c054 GetSystemTimeAsFileTime
0x42c058 GetModuleHandleW
0x42c05c GetProcAddress
0x42c060 GetCPInfo
0x42c064 IsProcessorFeaturePresent
0x42c068 UnhandledExceptionFilter
0x42c06c SetUnhandledExceptionFilter
0x42c070 GetCurrentProcess
0x42c074 TerminateProcess
0x42c078 GetCurrentProcessId
0x42c07c InitializeSListHead
0x42c080 IsDebuggerPresent
0x42c084 GetStartupInfoW
0x42c088 GetProcessHeap
0x42c08c RaiseException
0x42c090 RtlUnwind
0x42c094 GetLastError
0x42c098 SetLastError
0x42c09c InitializeCriticalSectionAndSpinCount
0x42c0a0 TlsAlloc
0x42c0a4 TlsGetValue
0x42c0a8 TlsSetValue
0x42c0ac TlsFree
0x42c0b0 FreeLibrary
0x42c0b4 LoadLibraryExW
0x42c0b8 GetModuleHandleExW
0x42c0bc GetStdHandle
0x42c0c0 WriteFile
0x42c0c4 GetModuleFileNameW
0x42c0c8 ExitProcess
0x42c0cc HeapAlloc
0x42c0d0 HeapFree
0x42c0d4 LCMapStringW
0x42c0d8 GetLocaleInfoW
0x42c0dc IsValidLocale
0x42c0e0 GetUserDefaultLCID
0x42c0e4 EnumSystemLocalesW
0x42c0e8 GetFileType
0x42c0ec FlushFileBuffers
0x42c0f0 GetConsoleOutputCP
0x42c0f4 GetConsoleMode
0x42c0f8 ReadFile
0x42c0fc GetFileSizeEx
0x42c100 SetFilePointerEx
0x42c104 ReadConsoleW
0x42c108 HeapReAlloc
0x42c10c FindClose
0x42c110 FindFirstFileExW
0x42c114 FindNextFileW
0x42c118 IsValidCodePage
0x42c11c GetACP
0x42c120 GetOEMCP
0x42c124 GetCommandLineA
0x42c128 GetCommandLineW
0x42c12c GetEnvironmentStringsW
0x42c130 FreeEnvironmentStringsW
0x42c134 SetStdHandle
0x42c138 SetEndOfFile
EAT(Export Address Table) is none