ScreenShot
| Created | 2024.07.03 18:38 | Machine | s1_win7_x6403 |
| Filename | lumma0207.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 26 detected (AIDetectMalware, Lazy, Jaik, Unsafe, malicious, Attribute, HighConfidence, high confidence, score, Generic@AI, RDMK, cmRtazrvgeobD4fMKaqUBoKDLz2p, high, LummaStealer, ai score=84, Injuke, Detected, Locky, BScope, TrojanPSW, Convagent, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | 168c5908924803d268d26965c32a5620 | ||
| sha256 | 2fd72d0d0fbc053a53adee5d9ec6cffde3fb5a3c6ba0c0490e24552b264d5449 | ||
| ssdeep | 24576:YlrD4dQCg30l8cwMKAWgXkALsi3XoiHbL1/2E47kRh2gPilPfy:6RE6cwMKAHO6XoGR/Slhi | ||
| imphash | a2b3c9bb8bf21aa189ddce7cb05111e0 | ||
| impfuzzy | 48:E4y5K9hIcpVlzWs9xLzXtXqroGtoGzPpm63euFZGM7:lzIcpVlzW2x/XtXQoGtoGTpm8h | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 26 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x488000 SetPixel
USER32.dll
0x4881f8 GetDC
0x4881fc OffsetRect
0x488200 ReleaseDC
0x488204 GetUpdateRgn
KERNEL32.dll
0x488008 CreateFileW
0x48800c HeapSize
0x488010 GetProcessHeap
0x488014 SetStdHandle
0x488018 SetEnvironmentVariableW
0x48801c VirtualAlloc
0x488020 WaitForSingleObject
0x488024 CreateThread
0x488028 FormatMessageA
0x48802c WideCharToMultiByte
0x488030 GetCurrentThreadId
0x488034 CloseHandle
0x488038 WaitForSingleObjectEx
0x48803c Sleep
0x488040 SwitchToThread
0x488044 GetExitCodeThread
0x488048 GetNativeSystemInfo
0x48804c EnterCriticalSection
0x488050 LeaveCriticalSection
0x488054 InitializeCriticalSectionEx
0x488058 DeleteCriticalSection
0x48805c EncodePointer
0x488060 DecodePointer
0x488064 LocalFree
0x488068 GetLocaleInfoEx
0x48806c MultiByteToWideChar
0x488070 LCMapStringEx
0x488074 ReleaseSRWLockExclusive
0x488078 AcquireSRWLockExclusive
0x48807c TryAcquireSRWLockExclusive
0x488080 WakeConditionVariable
0x488084 WakeAllConditionVariable
0x488088 SleepConditionVariableSRW
0x48808c QueryPerformanceCounter
0x488090 QueryPerformanceFrequency
0x488094 SetFileInformationByHandle
0x488098 GetTempPathW
0x48809c InitOnceExecuteOnce
0x4880a0 CreateEventExW
0x4880a4 CreateSemaphoreExW
0x4880a8 FlushProcessWriteBuffers
0x4880ac GetCurrentProcessorNumber
0x4880b0 GetSystemTimeAsFileTime
0x4880b4 GetTickCount64
0x4880b8 FreeLibraryWhenCallbackReturns
0x4880bc CreateThreadpoolTimer
0x4880c0 SetThreadpoolTimer
0x4880c4 WaitForThreadpoolTimerCallbacks
0x4880c8 CloseThreadpoolTimer
0x4880cc CreateThreadpoolWait
0x4880d0 SetThreadpoolWait
0x4880d4 CloseThreadpoolWait
0x4880d8 GetModuleHandleW
0x4880dc GetProcAddress
0x4880e0 GetFileInformationByHandleEx
0x4880e4 CreateSymbolicLinkW
0x4880e8 GetStringTypeW
0x4880ec CompareStringEx
0x4880f0 GetCPInfo
0x4880f4 IsProcessorFeaturePresent
0x4880f8 GetCurrentProcessId
0x4880fc InitializeSListHead
0x488100 IsDebuggerPresent
0x488104 UnhandledExceptionFilter
0x488108 SetUnhandledExceptionFilter
0x48810c GetStartupInfoW
0x488110 GetCurrentProcess
0x488114 TerminateProcess
0x488118 FreeEnvironmentStringsW
0x48811c RaiseException
0x488120 RtlUnwind
0x488124 InterlockedPushEntrySList
0x488128 InterlockedFlushSList
0x48812c GetLastError
0x488130 SetLastError
0x488134 InitializeCriticalSectionAndSpinCount
0x488138 TlsAlloc
0x48813c TlsGetValue
0x488140 TlsSetValue
0x488144 TlsFree
0x488148 FreeLibrary
0x48814c LoadLibraryExW
0x488150 ExitThread
0x488154 ResumeThread
0x488158 FreeLibraryAndExitThread
0x48815c GetModuleHandleExW
0x488160 GetStdHandle
0x488164 WriteFile
0x488168 GetModuleFileNameW
0x48816c ExitProcess
0x488170 GetCommandLineA
0x488174 GetCommandLineW
0x488178 HeapAlloc
0x48817c HeapFree
0x488180 GetDateFormatW
0x488184 GetTimeFormatW
0x488188 CompareStringW
0x48818c LCMapStringW
0x488190 GetLocaleInfoW
0x488194 IsValidLocale
0x488198 GetUserDefaultLCID
0x48819c EnumSystemLocalesW
0x4881a0 GetFileType
0x4881a4 GetCurrentThread
0x4881a8 SetConsoleCtrlHandler
0x4881ac FlushFileBuffers
0x4881b0 GetConsoleOutputCP
0x4881b4 GetConsoleMode
0x4881b8 ReadFile
0x4881bc GetFileSizeEx
0x4881c0 SetFilePointerEx
0x4881c4 ReadConsoleW
0x4881c8 HeapReAlloc
0x4881cc GetTimeZoneInformation
0x4881d0 OutputDebugStringW
0x4881d4 FindClose
0x4881d8 FindFirstFileExW
0x4881dc FindNextFileW
0x4881e0 IsValidCodePage
0x4881e4 GetACP
0x4881e8 GetOEMCP
0x4881ec GetEnvironmentStringsW
0x4881f0 WriteConsoleW
EAT(Export Address Table) Library
0x487d60 AwakeSound
GDI32.dll
0x488000 SetPixel
USER32.dll
0x4881f8 GetDC
0x4881fc OffsetRect
0x488200 ReleaseDC
0x488204 GetUpdateRgn
KERNEL32.dll
0x488008 CreateFileW
0x48800c HeapSize
0x488010 GetProcessHeap
0x488014 SetStdHandle
0x488018 SetEnvironmentVariableW
0x48801c VirtualAlloc
0x488020 WaitForSingleObject
0x488024 CreateThread
0x488028 FormatMessageA
0x48802c WideCharToMultiByte
0x488030 GetCurrentThreadId
0x488034 CloseHandle
0x488038 WaitForSingleObjectEx
0x48803c Sleep
0x488040 SwitchToThread
0x488044 GetExitCodeThread
0x488048 GetNativeSystemInfo
0x48804c EnterCriticalSection
0x488050 LeaveCriticalSection
0x488054 InitializeCriticalSectionEx
0x488058 DeleteCriticalSection
0x48805c EncodePointer
0x488060 DecodePointer
0x488064 LocalFree
0x488068 GetLocaleInfoEx
0x48806c MultiByteToWideChar
0x488070 LCMapStringEx
0x488074 ReleaseSRWLockExclusive
0x488078 AcquireSRWLockExclusive
0x48807c TryAcquireSRWLockExclusive
0x488080 WakeConditionVariable
0x488084 WakeAllConditionVariable
0x488088 SleepConditionVariableSRW
0x48808c QueryPerformanceCounter
0x488090 QueryPerformanceFrequency
0x488094 SetFileInformationByHandle
0x488098 GetTempPathW
0x48809c InitOnceExecuteOnce
0x4880a0 CreateEventExW
0x4880a4 CreateSemaphoreExW
0x4880a8 FlushProcessWriteBuffers
0x4880ac GetCurrentProcessorNumber
0x4880b0 GetSystemTimeAsFileTime
0x4880b4 GetTickCount64
0x4880b8 FreeLibraryWhenCallbackReturns
0x4880bc CreateThreadpoolTimer
0x4880c0 SetThreadpoolTimer
0x4880c4 WaitForThreadpoolTimerCallbacks
0x4880c8 CloseThreadpoolTimer
0x4880cc CreateThreadpoolWait
0x4880d0 SetThreadpoolWait
0x4880d4 CloseThreadpoolWait
0x4880d8 GetModuleHandleW
0x4880dc GetProcAddress
0x4880e0 GetFileInformationByHandleEx
0x4880e4 CreateSymbolicLinkW
0x4880e8 GetStringTypeW
0x4880ec CompareStringEx
0x4880f0 GetCPInfo
0x4880f4 IsProcessorFeaturePresent
0x4880f8 GetCurrentProcessId
0x4880fc InitializeSListHead
0x488100 IsDebuggerPresent
0x488104 UnhandledExceptionFilter
0x488108 SetUnhandledExceptionFilter
0x48810c GetStartupInfoW
0x488110 GetCurrentProcess
0x488114 TerminateProcess
0x488118 FreeEnvironmentStringsW
0x48811c RaiseException
0x488120 RtlUnwind
0x488124 InterlockedPushEntrySList
0x488128 InterlockedFlushSList
0x48812c GetLastError
0x488130 SetLastError
0x488134 InitializeCriticalSectionAndSpinCount
0x488138 TlsAlloc
0x48813c TlsGetValue
0x488140 TlsSetValue
0x488144 TlsFree
0x488148 FreeLibrary
0x48814c LoadLibraryExW
0x488150 ExitThread
0x488154 ResumeThread
0x488158 FreeLibraryAndExitThread
0x48815c GetModuleHandleExW
0x488160 GetStdHandle
0x488164 WriteFile
0x488168 GetModuleFileNameW
0x48816c ExitProcess
0x488170 GetCommandLineA
0x488174 GetCommandLineW
0x488178 HeapAlloc
0x48817c HeapFree
0x488180 GetDateFormatW
0x488184 GetTimeFormatW
0x488188 CompareStringW
0x48818c LCMapStringW
0x488190 GetLocaleInfoW
0x488194 IsValidLocale
0x488198 GetUserDefaultLCID
0x48819c EnumSystemLocalesW
0x4881a0 GetFileType
0x4881a4 GetCurrentThread
0x4881a8 SetConsoleCtrlHandler
0x4881ac FlushFileBuffers
0x4881b0 GetConsoleOutputCP
0x4881b4 GetConsoleMode
0x4881b8 ReadFile
0x4881bc GetFileSizeEx
0x4881c0 SetFilePointerEx
0x4881c4 ReadConsoleW
0x4881c8 HeapReAlloc
0x4881cc GetTimeZoneInformation
0x4881d0 OutputDebugStringW
0x4881d4 FindClose
0x4881d8 FindFirstFileExW
0x4881dc FindNextFileW
0x4881e0 IsValidCodePage
0x4881e4 GetACP
0x4881e8 GetOEMCP
0x4881ec GetEnvironmentStringsW
0x4881f0 WriteConsoleW
EAT(Export Address Table) Library
0x487d60 AwakeSound