ScreenShot
| Created | 2024.08.26 09:27 | Machine | s1_win7_x6403 |
| Filename | 9009.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 38 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Mint, Zard, Attribute, HighConfidence, LummaStealer, Lumma, Lazy, ccmw, sn34Jkd5kBP, XPACK, Real Protect, high, Static AI, Suspicious PE, Detected, ai score=82, Wacatac, R661462, BScope, TrojanPSW, susgen) | ||
| md5 | 644a43fda332b29e94af26722ee4a836 | ||
| sha256 | 803fe3b2d32cc2e6bf37a8c2e87d32f2d0974899452c2b9771fa305f8cb79162 | ||
| ssdeep | 6144:MlTGwbV/tXxUx3QP8ietxbs0o+3Xynmthk83IUgtmxDo:mbV/tXeePETO/8fgt | ||
| imphash | 08b1b12afb6e1cdcf5adc795ee884ca6 | ||
| impfuzzy | 12:qBZG5TZtJjqTleH4wxrPTkimzdwdV3EQg3EiA/tHqH3Q4oA7QNt25hDLO1UkH:8Y17l4wxzTCqvEQ4EPlZ4Fk/wh3MUkH | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x439808 CloseHandle
0x43980c CreateMutexW
0x439810 ExitProcess
0x439814 GetCurrentProcessId
0x439818 GetCurrentThreadId
0x43981c GetLogicalDrives
0x439820 GetProcessVersion
0x439824 GetSystemDirectoryW
0x439828 GlobalLock
0x43982c GlobalUnlock
ole32.dll
0x439834 CoCreateInstance
0x439838 CoInitializeEx
0x43983c CoInitializeSecurity
0x439840 CoSetProxyBlanket
0x439844 CoUninitialize
OLEAUT32.dll
0x43984c SysAllocString
0x439850 SysFreeString
0x439854 SysStringLen
0x439858 VariantClear
0x43985c VariantInit
USER32.dll
0x439864 CloseClipboard
0x439868 GetClipboardData
0x43986c GetDC
0x439870 GetSystemMetrics
0x439874 GetWindowLongW
0x439878 OpenClipboard
0x43987c ReleaseDC
GDI32.dll
0x439884 BitBlt
0x439888 CreateCompatibleBitmap
0x43988c CreateCompatibleDC
0x439890 DeleteDC
0x439894 DeleteObject
0x439898 GetCurrentObject
0x43989c GetDIBits
0x4398a0 GetObjectW
0x4398a4 SelectObject
EAT(Export Address Table) is none
KERNEL32.dll
0x439808 CloseHandle
0x43980c CreateMutexW
0x439810 ExitProcess
0x439814 GetCurrentProcessId
0x439818 GetCurrentThreadId
0x43981c GetLogicalDrives
0x439820 GetProcessVersion
0x439824 GetSystemDirectoryW
0x439828 GlobalLock
0x43982c GlobalUnlock
ole32.dll
0x439834 CoCreateInstance
0x439838 CoInitializeEx
0x43983c CoInitializeSecurity
0x439840 CoSetProxyBlanket
0x439844 CoUninitialize
OLEAUT32.dll
0x43984c SysAllocString
0x439850 SysFreeString
0x439854 SysStringLen
0x439858 VariantClear
0x43985c VariantInit
USER32.dll
0x439864 CloseClipboard
0x439868 GetClipboardData
0x43986c GetDC
0x439870 GetSystemMetrics
0x439874 GetWindowLongW
0x439878 OpenClipboard
0x43987c ReleaseDC
GDI32.dll
0x439884 BitBlt
0x439888 CreateCompatibleBitmap
0x43988c CreateCompatibleDC
0x439890 DeleteDC
0x439894 DeleteObject
0x439898 GetCurrentObject
0x43989c GetDIBits
0x4398a0 GetObjectW
0x4398a4 SelectObject
EAT(Export Address Table) is none