ScreenShot
| Created | 2024.08.10 12:48 | Machine | s1_win7_x6403 |
| Filename | L.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetectMalware, LummaStealer, Windows, Lumma, Malicious, score, Unsafe, Mint, Zard, V4hf, Attribute, HighConfidence, Artemis, Lazy, ccmw, Kryptik@AI, RDML, XJ3u9UE0P9tDBmsPr6kh3Q, XPACK, YXEHJZ, Real Protect, high, Detected, ai score=87, Convagent, Wacatac, ZexaF, tqW@aeKWPVi, BScope, TrojanPSW, Gencirc, susgen, confidence) | ||
| md5 | 4ff433f0799c034ab1a01866254ce759 | ||
| sha256 | d93598bff6add4d98e07a7d8f33b4d4f87a32a647d6496c3155bbe814697cf2e | ||
| ssdeep | 6144:lcV90MuHQGFdBQ9u5VscmmKGfIWu4FmHZmpaJXnI:OV3uHQGFv7v/1/1mHYkJXn | ||
| imphash | 08b1b12afb6e1cdcf5adc795ee884ca6 | ||
| impfuzzy | 12:qBZG5TZtJjqTleH4wxrPTkimzdwdV3EQg3EiA/tHqH3Q4oA7QNt25hDLO1UkH:8Y17l4wxzTCqvEQ4EPlZ4Fk/wh3MUkH | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x444810 CloseHandle
0x444814 CreateMutexW
0x444818 ExitProcess
0x44481c GetCurrentProcessId
0x444820 GetCurrentThreadId
0x444824 GetLogicalDrives
0x444828 GetProcessVersion
0x44482c GetSystemDirectoryW
0x444830 GlobalLock
0x444834 GlobalUnlock
ole32.dll
0x44483c CoCreateInstance
0x444840 CoInitializeEx
0x444844 CoInitializeSecurity
0x444848 CoSetProxyBlanket
0x44484c CoUninitialize
OLEAUT32.dll
0x444854 SysAllocString
0x444858 SysFreeString
0x44485c SysStringLen
0x444860 VariantClear
0x444864 VariantInit
USER32.dll
0x44486c CloseClipboard
0x444870 GetClipboardData
0x444874 GetDC
0x444878 GetSystemMetrics
0x44487c GetWindowLongW
0x444880 OpenClipboard
0x444884 ReleaseDC
GDI32.dll
0x44488c BitBlt
0x444890 CreateCompatibleBitmap
0x444894 CreateCompatibleDC
0x444898 DeleteDC
0x44489c DeleteObject
0x4448a0 GetCurrentObject
0x4448a4 GetDIBits
0x4448a8 GetObjectW
0x4448ac SelectObject
EAT(Export Address Table) is none
KERNEL32.dll
0x444810 CloseHandle
0x444814 CreateMutexW
0x444818 ExitProcess
0x44481c GetCurrentProcessId
0x444820 GetCurrentThreadId
0x444824 GetLogicalDrives
0x444828 GetProcessVersion
0x44482c GetSystemDirectoryW
0x444830 GlobalLock
0x444834 GlobalUnlock
ole32.dll
0x44483c CoCreateInstance
0x444840 CoInitializeEx
0x444844 CoInitializeSecurity
0x444848 CoSetProxyBlanket
0x44484c CoUninitialize
OLEAUT32.dll
0x444854 SysAllocString
0x444858 SysFreeString
0x44485c SysStringLen
0x444860 VariantClear
0x444864 VariantInit
USER32.dll
0x44486c CloseClipboard
0x444870 GetClipboardData
0x444874 GetDC
0x444878 GetSystemMetrics
0x44487c GetWindowLongW
0x444880 OpenClipboard
0x444884 ReleaseDC
GDI32.dll
0x44488c BitBlt
0x444890 CreateCompatibleBitmap
0x444894 CreateCompatibleDC
0x444898 DeleteDC
0x44489c DeleteObject
0x4448a0 GetCurrentObject
0x4448a4 GetDIBits
0x4448a8 GetObjectW
0x4448ac SelectObject
EAT(Export Address Table) is none