ScreenShot
| Created | 2024.07.25 15:34 | Machine | s1_win7_x6403 |
| Filename | linkedin.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 40 detected (AIDetectMalware, Windows, Lumma, Malicious, score, VirRansom, Lazy, Unsafe, Attribute, HighConfidence, LummaStealer, Artemis, ccmw, YglkxfxvbwO, XPACK, Real Protect, high, Detected, ai score=82, Wacatac, R657991, Convagent, susgen, confidence) | ||
| md5 | 1a99f8243d4971ae826fc063142c5b0b | ||
| sha256 | 20c2ec15c6c8a4e10701b95e152d5e14cd98a69c4a82eb12252077dde26c7eda | ||
| ssdeep | 6144:VlbxNgDQN3KQ77vqCrbRmPv9wZcCZeDFs3Esj1XZzr8A7QPWHKilooogkSKX:zgcN3KQ77vqCrbHZcHUEskAYWqilooo0 | ||
| imphash | 93d38faa538d34592b2dd571bcadf806 | ||
| impfuzzy | 12:rwxrPTkJZG5TZtJjqTleRzdwdV3EQg3EiA/tHqH3Q4oA7QNt25hDLO1UkH:rwxzTiY173qvEQ4EPlZ4Fk/wh3MUkH | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
ole32.dll
0x441808 CoCreateInstance
0x44180c CoInitializeEx
0x441810 CoInitializeSecurity
0x441814 CoSetProxyBlanket
0x441818 CoUninitialize
KERNEL32.dll
0x441820 ExitProcess
0x441824 GetCurrentProcessId
0x441828 GetCurrentThreadId
0x44182c GetLogicalDrives
0x441830 GetProcessVersion
0x441834 GetSystemDirectoryW
0x441838 GlobalLock
0x44183c GlobalUnlock
OLEAUT32.dll
0x441844 SysAllocString
0x441848 SysFreeString
0x44184c SysStringLen
0x441850 VariantClear
0x441854 VariantInit
USER32.dll
0x44185c CloseClipboard
0x441860 GetClipboardData
0x441864 GetDC
0x441868 GetSystemMetrics
0x44186c GetWindowLongW
0x441870 OpenClipboard
0x441874 ReleaseDC
GDI32.dll
0x44187c BitBlt
0x441880 CreateCompatibleBitmap
0x441884 CreateCompatibleDC
0x441888 DeleteDC
0x44188c DeleteObject
0x441890 GetCurrentObject
0x441894 GetDIBits
0x441898 GetObjectW
0x44189c SelectObject
EAT(Export Address Table) is none
ole32.dll
0x441808 CoCreateInstance
0x44180c CoInitializeEx
0x441810 CoInitializeSecurity
0x441814 CoSetProxyBlanket
0x441818 CoUninitialize
KERNEL32.dll
0x441820 ExitProcess
0x441824 GetCurrentProcessId
0x441828 GetCurrentThreadId
0x44182c GetLogicalDrives
0x441830 GetProcessVersion
0x441834 GetSystemDirectoryW
0x441838 GlobalLock
0x44183c GlobalUnlock
OLEAUT32.dll
0x441844 SysAllocString
0x441848 SysFreeString
0x44184c SysStringLen
0x441850 VariantClear
0x441854 VariantInit
USER32.dll
0x44185c CloseClipboard
0x441860 GetClipboardData
0x441864 GetDC
0x441868 GetSystemMetrics
0x44186c GetWindowLongW
0x441870 OpenClipboard
0x441874 ReleaseDC
GDI32.dll
0x44187c BitBlt
0x441880 CreateCompatibleBitmap
0x441884 CreateCompatibleDC
0x441888 DeleteDC
0x44188c DeleteObject
0x441890 GetCurrentObject
0x441894 GetDIBits
0x441898 GetObjectW
0x44189c SelectObject
EAT(Export Address Table) is none