ScreenShot
| Created | 2024.09.04 10:22 | Machine | s1_win7_x6403 |
| Filename | Co.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (AIDetectMalware, Lumma, malicious, high confidence, score, Unsafe, Mint, Zard, Vwt8, Attribute, HighConfidence, LummaStealer, Artemis, Lazy, TrojanPSW, ccmw, sn34Jkd5kBP, XPACK, YXEICZ, Real Protect, high, Detected, ai score=84, Wacatac, R661462, BScope, Genetic, Convagent) | ||
| md5 | 50968bf1892077705f9182f7028c8ef2 | ||
| sha256 | d65403b37e00e6268b8a0d4e1271f35077d3e3b82573d42eeb7260836edabc24 | ||
| ssdeep | 6144:bbWzo26LyONO9Hf0Syn3U7b3WN5Gm5/whWQ307uJL18f/CuZCqO8u:TLyOQmN5RRd | ||
| imphash | 08b1b12afb6e1cdcf5adc795ee884ca6 | ||
| impfuzzy | 12:qBZG5TZtJjqTleH4wxrPTkimzdwdV3EQg3EiA/tHqH3Q4oA7QNt25hDLO1UkH:8Y17l4wxzTCqvEQ4EPlZ4Fk/wh3MUkH | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43a808 CloseHandle
0x43a80c CreateMutexW
0x43a810 ExitProcess
0x43a814 GetCurrentProcessId
0x43a818 GetCurrentThreadId
0x43a81c GetLogicalDrives
0x43a820 GetProcessVersion
0x43a824 GetSystemDirectoryW
0x43a828 GlobalLock
0x43a82c GlobalUnlock
ole32.dll
0x43a834 CoCreateInstance
0x43a838 CoInitializeEx
0x43a83c CoInitializeSecurity
0x43a840 CoSetProxyBlanket
0x43a844 CoUninitialize
OLEAUT32.dll
0x43a84c SysAllocString
0x43a850 SysFreeString
0x43a854 SysStringLen
0x43a858 VariantClear
0x43a85c VariantInit
USER32.dll
0x43a864 CloseClipboard
0x43a868 GetClipboardData
0x43a86c GetDC
0x43a870 GetSystemMetrics
0x43a874 GetWindowLongW
0x43a878 OpenClipboard
0x43a87c ReleaseDC
GDI32.dll
0x43a884 BitBlt
0x43a888 CreateCompatibleBitmap
0x43a88c CreateCompatibleDC
0x43a890 DeleteDC
0x43a894 DeleteObject
0x43a898 GetCurrentObject
0x43a89c GetDIBits
0x43a8a0 GetObjectW
0x43a8a4 SelectObject
EAT(Export Address Table) is none
KERNEL32.dll
0x43a808 CloseHandle
0x43a80c CreateMutexW
0x43a810 ExitProcess
0x43a814 GetCurrentProcessId
0x43a818 GetCurrentThreadId
0x43a81c GetLogicalDrives
0x43a820 GetProcessVersion
0x43a824 GetSystemDirectoryW
0x43a828 GlobalLock
0x43a82c GlobalUnlock
ole32.dll
0x43a834 CoCreateInstance
0x43a838 CoInitializeEx
0x43a83c CoInitializeSecurity
0x43a840 CoSetProxyBlanket
0x43a844 CoUninitialize
OLEAUT32.dll
0x43a84c SysAllocString
0x43a850 SysFreeString
0x43a854 SysStringLen
0x43a858 VariantClear
0x43a85c VariantInit
USER32.dll
0x43a864 CloseClipboard
0x43a868 GetClipboardData
0x43a86c GetDC
0x43a870 GetSystemMetrics
0x43a874 GetWindowLongW
0x43a878 OpenClipboard
0x43a87c ReleaseDC
GDI32.dll
0x43a884 BitBlt
0x43a888 CreateCompatibleBitmap
0x43a88c CreateCompatibleDC
0x43a890 DeleteDC
0x43a894 DeleteObject
0x43a898 GetCurrentObject
0x43a89c GetDIBits
0x43a8a0 GetObjectW
0x43a8a4 SelectObject
EAT(Export Address Table) is none