ScreenShot
| Created | 2024.07.31 10:17 | Machine | s1_win7_x6401 |
| Filename | releaseform | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetectMalware, Lumma, malicious, high confidence, score, Artemis, Vchg, Attribute, HighConfidence, a variant of JS, CLOUD, mshgh, LUMMASTEALER, YXEG5Z, Detected, Wacatac, Javascript) | ||
| md5 | db1ae063d1be2bcb6af8f4afb145cdc4 | ||
| sha256 | 1f194878aa557011e83bd5c1c6fab11956322688a35ef0fbd0bb876fa667c5f5 | ||
| ssdeep | 768:S0WfYij5T3By/zDO580WfYij5T3By/zDO5aA9zJ0WfYij5T3By/zDO5+P0WfYijx:S0AC/O580AC/O5aMzJ0AC/O5K0AC/O5 | ||
| imphash | ab106f86dfb187b013004b44c843d3e8 | ||
| impfuzzy | 24:SDvtju8v7evQ/PVlGrRq57qez1/mZ1NEEhvbRh:UVi8vFPbGrA9xp/21NE8vbRh | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40402c CloseHandle
0x404030 SetEvent
0x404034 ResolveDelayLoadedAPI
0x404038 CompareStringOrdinal
0x40403c TerminateProcess
0x404040 GetCurrentProcess
0x404044 UnhandledExceptionFilter
0x404048 GetTickCount
0x40404c GetSystemTimeAsFileTime
0x404050 GetCurrentThreadId
0x404054 GetCurrentProcessId
0x404058 QueryPerformanceCounter
0x40405c GetLastError
0x404060 OpenEventW
0x404064 DelayLoadFailureHook
0x404068 Sleep
0x40406c SetUnhandledExceptionFilter
0x404070 GetModuleHandleW
msvcrt.dll
0x404078 _controlfp
0x40407c ?terminate@@YAXXZ
0x404080 _except_handler4_common
0x404084 _initterm
0x404088 __setusermatherr
0x40408c __p__fmode
0x404090 memset
0x404094 _exit
0x404098 exit
0x40409c __set_app_type
0x4040a0 __wgetmainargs
0x4040a4 _amsg_exit
0x4040a8 __p__commode
0x4040ac _XcptFilter
0x4040b0 _vsnwprintf
0x4040b4 _cexit
ADVAPI32.dll
0x404000 RegQueryValueExW
0x404004 RegCloseKey
DEVOBJ.dll
0x40400c DevObjGetClassDevs
0x404010 DevObjUninstallDevice
0x404014 DevObjOpenDevRegKey
0x404018 DevObjCreateDeviceInfoList
0x40401c DevObjEnumDeviceInfo
0x404020 DevObjGetDeviceInstanceId
0x404024 DevObjDestroyDeviceInfoList
EAT(Export Address Table) is none
KERNEL32.dll
0x40402c CloseHandle
0x404030 SetEvent
0x404034 ResolveDelayLoadedAPI
0x404038 CompareStringOrdinal
0x40403c TerminateProcess
0x404040 GetCurrentProcess
0x404044 UnhandledExceptionFilter
0x404048 GetTickCount
0x40404c GetSystemTimeAsFileTime
0x404050 GetCurrentThreadId
0x404054 GetCurrentProcessId
0x404058 QueryPerformanceCounter
0x40405c GetLastError
0x404060 OpenEventW
0x404064 DelayLoadFailureHook
0x404068 Sleep
0x40406c SetUnhandledExceptionFilter
0x404070 GetModuleHandleW
msvcrt.dll
0x404078 _controlfp
0x40407c ?terminate@@YAXXZ
0x404080 _except_handler4_common
0x404084 _initterm
0x404088 __setusermatherr
0x40408c __p__fmode
0x404090 memset
0x404094 _exit
0x404098 exit
0x40409c __set_app_type
0x4040a0 __wgetmainargs
0x4040a4 _amsg_exit
0x4040a8 __p__commode
0x4040ac _XcptFilter
0x4040b0 _vsnwprintf
0x4040b4 _cexit
ADVAPI32.dll
0x404000 RegQueryValueExW
0x404004 RegCloseKey
DEVOBJ.dll
0x40400c DevObjGetClassDevs
0x404010 DevObjUninstallDevice
0x404014 DevObjOpenDevRegKey
0x404018 DevObjCreateDeviceInfoList
0x40401c DevObjEnumDeviceInfo
0x404020 DevObjGetDeviceInstanceId
0x404024 DevObjDestroyDeviceInfoList
EAT(Export Address Table) is none