ScreenShot
| Created | 2024.09.02 10:34 | Machine | s1_win7_x6401 |
| Filename | 66d1b7f7f3765_Front.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 34 detected (AIDetectMalware, WinGo, malicious, moderate confidence, Unsafe, Vsb4, Attribute, HighConfidence, a variant of WinGo, Artemis, Lumma, CLASSIC, moderate, score, Server, Proxy, Detected, Redcap, digur, Casdet, R55IEH, LummaC2, ZexaF, @F0@aqw, 9bnj, Chgt, LUMMASTEALER, YXEH4Z) | ||
| md5 | ef210f3d8e05ecafd8d41a98b5806218 | ||
| sha256 | afa3196b3c2d0cc7bc921d98d60409d043f7c93cb760c30dbd691a20fa4b1e71 | ||
| ssdeep | 98304:YrVuOrsnJc5nIsvSutn0RejfWlvmSN1BM9lu9vQ1MeLYVqita:NZU0RplJeLet | ||
| imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1115640 WriteFile
0x1115644 WriteConsoleW
0x1115648 WerSetFlags
0x111564c WerGetFlags
0x1115650 WaitForMultipleObjects
0x1115654 WaitForSingleObject
0x1115658 VirtualQuery
0x111565c VirtualFree
0x1115660 VirtualAlloc
0x1115664 TlsAlloc
0x1115668 SwitchToThread
0x111566c SuspendThread
0x1115670 SetWaitableTimer
0x1115674 SetUnhandledExceptionFilter
0x1115678 SetProcessPriorityBoost
0x111567c SetEvent
0x1115680 SetErrorMode
0x1115684 SetConsoleCtrlHandler
0x1115688 ResumeThread
0x111568c RaiseFailFastException
0x1115690 PostQueuedCompletionStatus
0x1115694 LoadLibraryW
0x1115698 LoadLibraryExW
0x111569c SetThreadContext
0x11156a0 GetThreadContext
0x11156a4 GetSystemInfo
0x11156a8 GetSystemDirectoryA
0x11156ac GetStdHandle
0x11156b0 GetQueuedCompletionStatusEx
0x11156b4 GetProcessAffinityMask
0x11156b8 GetProcAddress
0x11156bc GetErrorMode
0x11156c0 GetEnvironmentStringsW
0x11156c4 GetCurrentThreadId
0x11156c8 GetConsoleMode
0x11156cc FreeEnvironmentStringsW
0x11156d0 ExitProcess
0x11156d4 DuplicateHandle
0x11156d8 CreateWaitableTimerExW
0x11156dc CreateThread
0x11156e0 CreateIoCompletionPort
0x11156e4 CreateEventA
0x11156e8 CloseHandle
0x11156ec AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x1115640 WriteFile
0x1115644 WriteConsoleW
0x1115648 WerSetFlags
0x111564c WerGetFlags
0x1115650 WaitForMultipleObjects
0x1115654 WaitForSingleObject
0x1115658 VirtualQuery
0x111565c VirtualFree
0x1115660 VirtualAlloc
0x1115664 TlsAlloc
0x1115668 SwitchToThread
0x111566c SuspendThread
0x1115670 SetWaitableTimer
0x1115674 SetUnhandledExceptionFilter
0x1115678 SetProcessPriorityBoost
0x111567c SetEvent
0x1115680 SetErrorMode
0x1115684 SetConsoleCtrlHandler
0x1115688 ResumeThread
0x111568c RaiseFailFastException
0x1115690 PostQueuedCompletionStatus
0x1115694 LoadLibraryW
0x1115698 LoadLibraryExW
0x111569c SetThreadContext
0x11156a0 GetThreadContext
0x11156a4 GetSystemInfo
0x11156a8 GetSystemDirectoryA
0x11156ac GetStdHandle
0x11156b0 GetQueuedCompletionStatusEx
0x11156b4 GetProcessAffinityMask
0x11156b8 GetProcAddress
0x11156bc GetErrorMode
0x11156c0 GetEnvironmentStringsW
0x11156c4 GetCurrentThreadId
0x11156c8 GetConsoleMode
0x11156cc FreeEnvironmentStringsW
0x11156d0 ExitProcess
0x11156d4 DuplicateHandle
0x11156d8 CreateWaitableTimerExW
0x11156dc CreateThread
0x11156e0 CreateIoCompletionPort
0x11156e4 CreateEventA
0x11156e8 CloseHandle
0x11156ec AddVectoredExceptionHandler
EAT(Export Address Table) is none