ScreenShot
| Created | 2024.07.10 07:36 | Machine | s1_win7_x6403 |
| Filename | 2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 52 detected (AIDetectMalware, LummaStealer, Windows, Lumma, Malicious, score, Unsafe, Lazy, Vwhq, Attribute, HighConfidence, ccmw, K9ydldTp3hR, XPACK, YXEGIZ, Real Protect, high, Detected, ai score=81, ABTrojan, SEIS, Lcnw, susgen, confidence) | ||
| md5 | 536b6b4464f2476d693267bd71d9a1ee | ||
| sha256 | cced1a3811e37720251db4e3d5836ea94da430682863ca61b2ff9940b7d56965 | ||
| ssdeep | 3072:1C8qwqXilndJxQb3id0j0ivCjVoEJX47puEuGcSHs2p3pqKccdlVDOdhslwZ4Y7V:jpldJxQyd0gCCxoYlEuwsscGl+hr3 | ||
| imphash | ff120d96cb39498bfde3c6d322aff8f2 | ||
| impfuzzy | 12:oZG5TZtJjqTleH4wxrPTkimzdwdV3EQg3EiA/tHqH3Q4oA7QNt25hDLO1UkH:YY17l4wxzTCqvEQ4EPlZ4Fk/wh3MUkH | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 52 AntiVirus engines on VirusTotal as malicious |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | lumma_Stealer | Lumma Stealer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43a7d4 ExitProcess
0x43a7d8 GetCurrentProcessId
0x43a7dc GetCurrentThreadId
0x43a7e0 GetLogicalDrives
0x43a7e4 GetProcessVersion
0x43a7e8 GetSystemDirectoryW
0x43a7ec GlobalLock
0x43a7f0 GlobalUnlock
ole32.dll
0x43a7f8 CoCreateInstance
0x43a7fc CoInitializeEx
0x43a800 CoInitializeSecurity
0x43a804 CoSetProxyBlanket
0x43a808 CoUninitialize
OLEAUT32.dll
0x43a810 SysAllocString
0x43a814 SysFreeString
0x43a818 SysStringLen
0x43a81c VariantClear
0x43a820 VariantInit
USER32.dll
0x43a828 CloseClipboard
0x43a82c GetClipboardData
0x43a830 GetDC
0x43a834 GetSystemMetrics
0x43a838 GetWindowLongW
0x43a83c OpenClipboard
0x43a840 ReleaseDC
GDI32.dll
0x43a848 BitBlt
0x43a84c CreateCompatibleBitmap
0x43a850 CreateCompatibleDC
0x43a854 DeleteDC
0x43a858 DeleteObject
0x43a85c GetCurrentObject
0x43a860 GetDIBits
0x43a864 GetObjectW
0x43a868 SelectObject
EAT(Export Address Table) is none
KERNEL32.dll
0x43a7d4 ExitProcess
0x43a7d8 GetCurrentProcessId
0x43a7dc GetCurrentThreadId
0x43a7e0 GetLogicalDrives
0x43a7e4 GetProcessVersion
0x43a7e8 GetSystemDirectoryW
0x43a7ec GlobalLock
0x43a7f0 GlobalUnlock
ole32.dll
0x43a7f8 CoCreateInstance
0x43a7fc CoInitializeEx
0x43a800 CoInitializeSecurity
0x43a804 CoSetProxyBlanket
0x43a808 CoUninitialize
OLEAUT32.dll
0x43a810 SysAllocString
0x43a814 SysFreeString
0x43a818 SysStringLen
0x43a81c VariantClear
0x43a820 VariantInit
USER32.dll
0x43a828 CloseClipboard
0x43a82c GetClipboardData
0x43a830 GetDC
0x43a834 GetSystemMetrics
0x43a838 GetWindowLongW
0x43a83c OpenClipboard
0x43a840 ReleaseDC
GDI32.dll
0x43a848 BitBlt
0x43a84c CreateCompatibleBitmap
0x43a850 CreateCompatibleDC
0x43a854 DeleteDC
0x43a858 DeleteObject
0x43a85c GetCurrentObject
0x43a860 GetDIBits
0x43a864 GetObjectW
0x43a868 SelectObject
EAT(Export Address Table) is none