ScreenShot
| Created | 2024.08.26 09:49 | Machine | s1_win7_x6401 |
| Filename | r57.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetectMalware, LummaStealer, malicious, high confidence, score, Unsafe, Mint, Zard, V5cq, Attribute, HighConfidence, Artemis, PWSX, Lumma, ccmw, tZshjg37vOV, XPACK, YXEHYZ, Real Protect, high, Detected, ai score=88, GrayWare, Wacapew, Sabsik, ABTrojan, TTKM, Outbreak, QQPass, QQRob, Qqil, susgen) | ||
| md5 | 6b9ea327b920218c777a34b3193826a2 | ||
| sha256 | 7855e104f3ee968791466c83205184fb5c333b826b99c25bdc1555c75bbd51b4 | ||
| ssdeep | 6144:S2egkg/bB5MyZ9bafkIs0ZRNBB+QreeeeeeeZAwgwAwgwAwgwOqVsls21HP06U:3hVbB5ffvOUaqVsl26 | ||
| imphash | ccdb46cbbeea89bfb761ae53e6c8bc32 | ||
| impfuzzy | 12:jw5TZtJjqTleZA/tHqH3Q4oAt7QNt2mwxrPTkTDLO1UkpzmzdwdV3EQg3ED:jC17clZ4Ftk/TwxzT23MUklYqvEQ4ED | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43c530 CopyFileW
0x43c534 GetCurrentProcess
0x43c538 GetCurrentProcessId
0x43c53c GetCurrentThreadId
0x43c540 GetLogicalDrives
0x43c544 GetProcessVersion
0x43c548 GetSystemDirectoryW
0x43c54c GlobalLock
0x43c550 GlobalUnlock
0x43c554 TerminateProcess
USER32.dll
0x43c55c CloseClipboard
0x43c560 GetClipboardData
0x43c564 GetDC
0x43c568 GetSystemMetrics
0x43c56c GetWindowInfo
0x43c570 GetWindowLongW
0x43c574 OpenClipboard
0x43c578 ReleaseDC
ole32.dll
0x43c580 CoCreateInstance
0x43c584 CoInitializeEx
0x43c588 CoInitializeSecurity
0x43c58c CoSetProxyBlanket
0x43c590 CoUninitialize
GDI32.dll
0x43c598 BitBlt
0x43c59c CreateCompatibleBitmap
0x43c5a0 CreateCompatibleDC
0x43c5a4 DeleteDC
0x43c5a8 DeleteObject
0x43c5ac GetCurrentObject
0x43c5b0 GetDIBits
0x43c5b4 GetObjectW
0x43c5b8 SelectObject
0x43c5bc StretchBlt
OLEAUT32.dll
0x43c5c4 SysAllocString
0x43c5c8 SysFreeString
0x43c5cc SysStringLen
0x43c5d0 VariantClear
0x43c5d4 VariantInit
EAT(Export Address Table) is none
KERNEL32.dll
0x43c530 CopyFileW
0x43c534 GetCurrentProcess
0x43c538 GetCurrentProcessId
0x43c53c GetCurrentThreadId
0x43c540 GetLogicalDrives
0x43c544 GetProcessVersion
0x43c548 GetSystemDirectoryW
0x43c54c GlobalLock
0x43c550 GlobalUnlock
0x43c554 TerminateProcess
USER32.dll
0x43c55c CloseClipboard
0x43c560 GetClipboardData
0x43c564 GetDC
0x43c568 GetSystemMetrics
0x43c56c GetWindowInfo
0x43c570 GetWindowLongW
0x43c574 OpenClipboard
0x43c578 ReleaseDC
ole32.dll
0x43c580 CoCreateInstance
0x43c584 CoInitializeEx
0x43c588 CoInitializeSecurity
0x43c58c CoSetProxyBlanket
0x43c590 CoUninitialize
GDI32.dll
0x43c598 BitBlt
0x43c59c CreateCompatibleBitmap
0x43c5a0 CreateCompatibleDC
0x43c5a4 DeleteDC
0x43c5a8 DeleteObject
0x43c5ac GetCurrentObject
0x43c5b0 GetDIBits
0x43c5b4 GetObjectW
0x43c5b8 SelectObject
0x43c5bc StretchBlt
OLEAUT32.dll
0x43c5c4 SysAllocString
0x43c5c8 SysFreeString
0x43c5cc SysStringLen
0x43c5d0 VariantClear
0x43c5d4 VariantInit
EAT(Export Address Table) is none