ScreenShot
| Created | 2024.08.19 15:06 | Machine | s1_win7_x6401 |
| Filename | 98.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (AIDetectMalware, LummaStealer, Malicious, score, Sdum, Artemis, Unsafe, Mint, Zard, Vc7g, Attribute, HighConfidence, high confidence, Lumma, Lazy, ccmw, sn34Jkd5kBP, XPACK, YXEHQZ, Real Protect, high, Static AI, Suspicious PE, Detected, ai score=89, Multiverze, ABTrojan, KWHS, BScope, TrojanPSW, Cgow, susgen) | ||
| md5 | 0c29f5f793bd9427f43f3e2a3ef38dcc | ||
| sha256 | ff6219b3a95a5d3d1b4611a6dc701dbc5cc0aa2e0a1f31e39bfe4f5f6da0126b | ||
| ssdeep | 6144:BMbI5Qq0REOBNtTBrSl8KiI6hwjbwDo+XqT/GooUL+viUW5tFjGV8:cW0REIN/e08wDo+2zoUL/UW7K8 | ||
| imphash | 08b1b12afb6e1cdcf5adc795ee884ca6 | ||
| impfuzzy | 12:qBZG5TZtJjqTleH4wxrPTkimzdwdV3EQg3EiA/tHqH3Q4oA7QNt25hDLO1UkH:8Y17l4wxzTCqvEQ4EPlZ4Fk/wh3MUkH | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x444874 CloseHandle
0x444878 CreateMutexW
0x44487c ExitProcess
0x444880 GetCurrentProcessId
0x444884 GetCurrentThreadId
0x444888 GetLogicalDrives
0x44488c GetProcessVersion
0x444890 GetSystemDirectoryW
0x444894 GlobalLock
0x444898 GlobalUnlock
ole32.dll
0x4448a0 CoCreateInstance
0x4448a4 CoInitializeEx
0x4448a8 CoInitializeSecurity
0x4448ac CoSetProxyBlanket
0x4448b0 CoUninitialize
OLEAUT32.dll
0x4448b8 SysAllocString
0x4448bc SysFreeString
0x4448c0 SysStringLen
0x4448c4 VariantClear
0x4448c8 VariantInit
USER32.dll
0x4448d0 CloseClipboard
0x4448d4 GetClipboardData
0x4448d8 GetDC
0x4448dc GetSystemMetrics
0x4448e0 GetWindowLongW
0x4448e4 OpenClipboard
0x4448e8 ReleaseDC
GDI32.dll
0x4448f0 BitBlt
0x4448f4 CreateCompatibleBitmap
0x4448f8 CreateCompatibleDC
0x4448fc DeleteDC
0x444900 DeleteObject
0x444904 GetCurrentObject
0x444908 GetDIBits
0x44490c GetObjectW
0x444910 SelectObject
EAT(Export Address Table) is none
KERNEL32.dll
0x444874 CloseHandle
0x444878 CreateMutexW
0x44487c ExitProcess
0x444880 GetCurrentProcessId
0x444884 GetCurrentThreadId
0x444888 GetLogicalDrives
0x44488c GetProcessVersion
0x444890 GetSystemDirectoryW
0x444894 GlobalLock
0x444898 GlobalUnlock
ole32.dll
0x4448a0 CoCreateInstance
0x4448a4 CoInitializeEx
0x4448a8 CoInitializeSecurity
0x4448ac CoSetProxyBlanket
0x4448b0 CoUninitialize
OLEAUT32.dll
0x4448b8 SysAllocString
0x4448bc SysFreeString
0x4448c0 SysStringLen
0x4448c4 VariantClear
0x4448c8 VariantInit
USER32.dll
0x4448d0 CloseClipboard
0x4448d4 GetClipboardData
0x4448d8 GetDC
0x4448dc GetSystemMetrics
0x4448e0 GetWindowLongW
0x4448e4 OpenClipboard
0x4448e8 ReleaseDC
GDI32.dll
0x4448f0 BitBlt
0x4448f4 CreateCompatibleBitmap
0x4448f8 CreateCompatibleDC
0x4448fc DeleteDC
0x444900 DeleteObject
0x444904 GetCurrentObject
0x444908 GetDIBits
0x44490c GetObjectW
0x444910 SelectObject
EAT(Export Address Table) is none