ScreenShot
| Created | 2024.09.02 09:57 | Machine | s1_win7_x6403 |
| Filename | yr68.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 55 detected (AIDetectMalware, LummaStealer, malicious, high confidence, score, Unsafe, Mint, Zard, Vspz, Attribute, HighConfidence, Artemis, PWSX, Lumma, TrojanPSW, ccmw, Undefined, Q5zRBUU65iV, XPACK, YXEH4Z, Real Protect, high, Static AI, Suspicious PE, Detected, ai score=83, Multiverze, R663058, ZexaF, sqW@aCvT@on, BScope, Genetic, Gencirc, confidence) | ||
| md5 | ea321922de9babb9a9b8e25bed931ff6 | ||
| sha256 | 41c10f2112dee130dd0de405469135181310c36b76673c431eb79dd8cc3b8d1a | ||
| ssdeep | 6144:UCIqLzvXgnluQGdqQbo4pqSfpKwpA03zSUMJgGI5KmiPh3RS:pf/gnB3co4p9wY3p | ||
| imphash | 9fd5b8944ce9c3acaedc650793d4996e | ||
| impfuzzy | 24:jYq17mAlZ4Ftk/TwxzT23MUklYqvEQ4ED:jYq17mAlZ4Ftk/w48AQD | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 55 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44254c CopyFileW
0x442550 ExitProcess
0x442554 GetCurrentProcess
0x442558 GetCurrentProcessId
0x44255c GetCurrentThreadId
0x442560 GetLogicalDrives
0x442564 GetSystemDirectoryW
0x442568 GlobalLock
0x44256c GlobalUnlock
USER32.dll
0x442574 CloseClipboard
0x442578 GetClipboardData
0x44257c GetDC
0x442580 GetSystemMetrics
0x442584 GetWindowInfo
0x442588 GetWindowLongW
0x44258c OpenClipboard
0x442590 ReleaseDC
ole32.dll
0x442598 CoCreateInstance
0x44259c CoInitializeEx
0x4425a0 CoInitializeSecurity
0x4425a4 CoSetProxyBlanket
0x4425a8 CoUninitialize
GDI32.dll
0x4425b0 BitBlt
0x4425b4 CreateCompatibleBitmap
0x4425b8 CreateCompatibleDC
0x4425bc DeleteDC
0x4425c0 DeleteObject
0x4425c4 GetCurrentObject
0x4425c8 GetDIBits
0x4425cc GetObjectW
0x4425d0 SelectObject
0x4425d4 StretchBlt
OLEAUT32.dll
0x4425dc SysAllocString
0x4425e0 SysFreeString
0x4425e4 SysStringLen
0x4425e8 VariantClear
0x4425ec VariantInit
EAT(Export Address Table) is none
KERNEL32.dll
0x44254c CopyFileW
0x442550 ExitProcess
0x442554 GetCurrentProcess
0x442558 GetCurrentProcessId
0x44255c GetCurrentThreadId
0x442560 GetLogicalDrives
0x442564 GetSystemDirectoryW
0x442568 GlobalLock
0x44256c GlobalUnlock
USER32.dll
0x442574 CloseClipboard
0x442578 GetClipboardData
0x44257c GetDC
0x442580 GetSystemMetrics
0x442584 GetWindowInfo
0x442588 GetWindowLongW
0x44258c OpenClipboard
0x442590 ReleaseDC
ole32.dll
0x442598 CoCreateInstance
0x44259c CoInitializeEx
0x4425a0 CoInitializeSecurity
0x4425a4 CoSetProxyBlanket
0x4425a8 CoUninitialize
GDI32.dll
0x4425b0 BitBlt
0x4425b4 CreateCompatibleBitmap
0x4425b8 CreateCompatibleDC
0x4425bc DeleteDC
0x4425c0 DeleteObject
0x4425c4 GetCurrentObject
0x4425c8 GetDIBits
0x4425cc GetObjectW
0x4425d0 SelectObject
0x4425d4 StretchBlt
OLEAUT32.dll
0x4425dc SysAllocString
0x4425e0 SysFreeString
0x4425e4 SysStringLen
0x4425e8 VariantClear
0x4425ec VariantInit
EAT(Export Address Table) is none