ScreenShot
| Created | 2024.07.07 18:53 | Machine | s1_win7_x6403 |
| Filename | UGcLEmRAhjNb.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 48 detected (AIDetectMalware, malicious, high confidence, score, GenericKDZ, Unsafe, V7an, Attribute, HighConfidence, a variant of WinGo, Artemis, qwiuaz, Genric, CLASSIC, zumhs, AMADEY, YXEGEZ, WinGo, Detected, ai score=86, LummaStealer, ABTrojan, CTYM, Jcnw, confidence) | ||
| md5 | f2a5c7e8313862aca9b7a6314ca73f3a | ||
| sha256 | ca66a07c7d3fc179579bc8ffe620503fe7f86abdd1abb0c17fbe5bfef42d7b9f | ||
| ssdeep | 49152:Z6dH/1E4lojlIfw68P9//EctarfVW7c9PqoEv0V8jM5ERIcRjtS7HU4sOThLJG+6:E9tzQIUhZh7cJxEIZJX6 | ||
| imphash | 5929190c8765f5bc37b052ab5c6c53e7 | ||
| impfuzzy | 48:qJrKxMCy9cmwKeFR+2u42xQ2HpdXiX1PJOmSnlTJGfYJ861k1vcqTjz:qJexMCyamCRHu42xQ2HPXiX1PgblTJGh | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14057747c AddAtomA
0x140577484 AddVectoredExceptionHandler
0x14057748c CloseHandle
0x140577494 CreateEventA
0x14057749c CreateFileA
0x1405774a4 CreateIoCompletionPort
0x1405774ac CreateMutexA
0x1405774b4 CreateSemaphoreA
0x1405774bc CreateThread
0x1405774c4 CreateWaitableTimerExW
0x1405774cc DeleteAtom
0x1405774d4 DeleteCriticalSection
0x1405774dc DuplicateHandle
0x1405774e4 EnterCriticalSection
0x1405774ec ExitProcess
0x1405774f4 FindAtomA
0x1405774fc FormatMessageA
0x140577504 FreeEnvironmentStringsW
0x14057750c GetAtomNameA
0x140577514 GetConsoleMode
0x14057751c GetCurrentProcess
0x140577524 GetCurrentProcessId
0x14057752c GetCurrentThread
0x140577534 GetCurrentThreadId
0x14057753c GetEnvironmentStringsW
0x140577544 GetErrorMode
0x14057754c GetHandleInformation
0x140577554 GetLastError
0x14057755c GetProcAddress
0x140577564 GetProcessAffinityMask
0x14057756c GetQueuedCompletionStatusEx
0x140577574 GetStartupInfoA
0x14057757c GetStdHandle
0x140577584 GetSystemDirectoryA
0x14057758c GetSystemInfo
0x140577594 GetSystemTimeAsFileTime
0x14057759c GetThreadContext
0x1405775a4 GetThreadPriority
0x1405775ac GetTickCount
0x1405775b4 InitializeCriticalSection
0x1405775bc IsDBCSLeadByteEx
0x1405775c4 IsDebuggerPresent
0x1405775cc LeaveCriticalSection
0x1405775d4 LoadLibraryExW
0x1405775dc LoadLibraryW
0x1405775e4 LocalFree
0x1405775ec MultiByteToWideChar
0x1405775f4 OpenProcess
0x1405775fc OutputDebugStringA
0x140577604 PostQueuedCompletionStatus
0x14057760c QueryPerformanceCounter
0x140577614 QueryPerformanceFrequency
0x14057761c RaiseException
0x140577624 RaiseFailFastException
0x14057762c ReleaseMutex
0x140577634 ReleaseSemaphore
0x14057763c RemoveVectoredExceptionHandler
0x140577644 ResetEvent
0x14057764c ResumeThread
0x140577654 SetConsoleCtrlHandler
0x14057765c SetErrorMode
0x140577664 SetEvent
0x14057766c SetLastError
0x140577674 SetProcessAffinityMask
0x14057767c SetProcessPriorityBoost
0x140577684 SetThreadContext
0x14057768c SetThreadPriority
0x140577694 SetUnhandledExceptionFilter
0x14057769c SetWaitableTimer
0x1405776a4 Sleep
0x1405776ac SuspendThread
0x1405776b4 SwitchToThread
0x1405776bc TlsAlloc
0x1405776c4 TlsGetValue
0x1405776cc TlsSetValue
0x1405776d4 TryEnterCriticalSection
0x1405776dc VirtualAlloc
0x1405776e4 VirtualFree
0x1405776ec VirtualProtect
0x1405776f4 VirtualQuery
0x1405776fc WaitForMultipleObjects
0x140577704 WaitForSingleObject
0x14057770c WerGetFlags
0x140577714 WerSetFlags
0x14057771c WideCharToMultiByte
0x140577724 WriteConsoleW
0x14057772c WriteFile
0x140577734 __C_specific_handler
msvcrt.dll
0x140577744 ___lc_codepage_func
0x14057774c ___mb_cur_max_func
0x140577754 __getmainargs
0x14057775c __initenv
0x140577764 __iob_func
0x14057776c __lconv_init
0x140577774 __set_app_type
0x14057777c __setusermatherr
0x140577784 _acmdln
0x14057778c _amsg_exit
0x140577794 _beginthread
0x14057779c _beginthreadex
0x1405777a4 _cexit
0x1405777ac _commode
0x1405777b4 _endthreadex
0x1405777bc _errno
0x1405777c4 _fmode
0x1405777cc _initterm
0x1405777d4 _lock
0x1405777dc _memccpy
0x1405777e4 _onexit
0x1405777ec _setjmp
0x1405777f4 _strdup
0x1405777fc _ultoa
0x140577804 _unlock
0x14057780c abort
0x140577814 calloc
0x14057781c exit
0x140577824 fprintf
0x14057782c fputc
0x140577834 free
0x14057783c fwrite
0x140577844 localeconv
0x14057784c longjmp
0x140577854 malloc
0x14057785c memcpy
0x140577864 memmove
0x14057786c memset
0x140577874 printf
0x14057787c realloc
0x140577884 signal
0x14057788c strerror
0x140577894 strlen
0x14057789c strncmp
0x1405778a4 vfprintf
0x1405778ac wcslen
EAT(Export Address Table) Library
0x1405750d0 _cgo_dummy_export
KERNEL32.dll
0x14057747c AddAtomA
0x140577484 AddVectoredExceptionHandler
0x14057748c CloseHandle
0x140577494 CreateEventA
0x14057749c CreateFileA
0x1405774a4 CreateIoCompletionPort
0x1405774ac CreateMutexA
0x1405774b4 CreateSemaphoreA
0x1405774bc CreateThread
0x1405774c4 CreateWaitableTimerExW
0x1405774cc DeleteAtom
0x1405774d4 DeleteCriticalSection
0x1405774dc DuplicateHandle
0x1405774e4 EnterCriticalSection
0x1405774ec ExitProcess
0x1405774f4 FindAtomA
0x1405774fc FormatMessageA
0x140577504 FreeEnvironmentStringsW
0x14057750c GetAtomNameA
0x140577514 GetConsoleMode
0x14057751c GetCurrentProcess
0x140577524 GetCurrentProcessId
0x14057752c GetCurrentThread
0x140577534 GetCurrentThreadId
0x14057753c GetEnvironmentStringsW
0x140577544 GetErrorMode
0x14057754c GetHandleInformation
0x140577554 GetLastError
0x14057755c GetProcAddress
0x140577564 GetProcessAffinityMask
0x14057756c GetQueuedCompletionStatusEx
0x140577574 GetStartupInfoA
0x14057757c GetStdHandle
0x140577584 GetSystemDirectoryA
0x14057758c GetSystemInfo
0x140577594 GetSystemTimeAsFileTime
0x14057759c GetThreadContext
0x1405775a4 GetThreadPriority
0x1405775ac GetTickCount
0x1405775b4 InitializeCriticalSection
0x1405775bc IsDBCSLeadByteEx
0x1405775c4 IsDebuggerPresent
0x1405775cc LeaveCriticalSection
0x1405775d4 LoadLibraryExW
0x1405775dc LoadLibraryW
0x1405775e4 LocalFree
0x1405775ec MultiByteToWideChar
0x1405775f4 OpenProcess
0x1405775fc OutputDebugStringA
0x140577604 PostQueuedCompletionStatus
0x14057760c QueryPerformanceCounter
0x140577614 QueryPerformanceFrequency
0x14057761c RaiseException
0x140577624 RaiseFailFastException
0x14057762c ReleaseMutex
0x140577634 ReleaseSemaphore
0x14057763c RemoveVectoredExceptionHandler
0x140577644 ResetEvent
0x14057764c ResumeThread
0x140577654 SetConsoleCtrlHandler
0x14057765c SetErrorMode
0x140577664 SetEvent
0x14057766c SetLastError
0x140577674 SetProcessAffinityMask
0x14057767c SetProcessPriorityBoost
0x140577684 SetThreadContext
0x14057768c SetThreadPriority
0x140577694 SetUnhandledExceptionFilter
0x14057769c SetWaitableTimer
0x1405776a4 Sleep
0x1405776ac SuspendThread
0x1405776b4 SwitchToThread
0x1405776bc TlsAlloc
0x1405776c4 TlsGetValue
0x1405776cc TlsSetValue
0x1405776d4 TryEnterCriticalSection
0x1405776dc VirtualAlloc
0x1405776e4 VirtualFree
0x1405776ec VirtualProtect
0x1405776f4 VirtualQuery
0x1405776fc WaitForMultipleObjects
0x140577704 WaitForSingleObject
0x14057770c WerGetFlags
0x140577714 WerSetFlags
0x14057771c WideCharToMultiByte
0x140577724 WriteConsoleW
0x14057772c WriteFile
0x140577734 __C_specific_handler
msvcrt.dll
0x140577744 ___lc_codepage_func
0x14057774c ___mb_cur_max_func
0x140577754 __getmainargs
0x14057775c __initenv
0x140577764 __iob_func
0x14057776c __lconv_init
0x140577774 __set_app_type
0x14057777c __setusermatherr
0x140577784 _acmdln
0x14057778c _amsg_exit
0x140577794 _beginthread
0x14057779c _beginthreadex
0x1405777a4 _cexit
0x1405777ac _commode
0x1405777b4 _endthreadex
0x1405777bc _errno
0x1405777c4 _fmode
0x1405777cc _initterm
0x1405777d4 _lock
0x1405777dc _memccpy
0x1405777e4 _onexit
0x1405777ec _setjmp
0x1405777f4 _strdup
0x1405777fc _ultoa
0x140577804 _unlock
0x14057780c abort
0x140577814 calloc
0x14057781c exit
0x140577824 fprintf
0x14057782c fputc
0x140577834 free
0x14057783c fwrite
0x140577844 localeconv
0x14057784c longjmp
0x140577854 malloc
0x14057785c memcpy
0x140577864 memmove
0x14057786c memset
0x140577874 printf
0x14057787c realloc
0x140577884 signal
0x14057788c strerror
0x140577894 strlen
0x14057789c strncmp
0x1405778a4 vfprintf
0x1405778ac wcslen
EAT(Export Address Table) Library
0x1405750d0 _cgo_dummy_export