ScreenShot
| Created | 2024.09.04 10:16 | Machine | s1_win7_x6403 |
| Filename | tqh64.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 57 detected (AIDetectMalware, LummaStealer, malicious, high confidence, score, Unsafe, Mint, Zard, Lumma, Vw2m, Attribute, HighConfidence, Artemis, ccmw, LummaC, Q5zRBUU65iV, XPACK, YXEICZ, Real Protect, high, Detected, ai score=86, Wacatac, ABTrojan, KDYR, R663058, BScope, TrojanPSW, Outbreak, Genetic, Wimw, susgen) | ||
| md5 | 2d8bfa12ffd53e578028edae844e7611 | ||
| sha256 | d61d2772dc9bd808c17c2862d4be8aa61ccc6851012967e82b2f514f94ab6f97 | ||
| ssdeep | 6144:Kbhom3cQPHj2cdTL+8yd5qmnNzY1FuFxqvE:GomMcHj2SWFZhKqxD | ||
| imphash | 9fd5b8944ce9c3acaedc650793d4996e | ||
| impfuzzy | 24:jYq17mAlZ4Ftk/TwxzT23MUklYqvEQ4ED:jYq17mAlZ4Ftk/w48AQD | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43b54c CopyFileW
0x43b550 ExitProcess
0x43b554 GetCurrentProcess
0x43b558 GetCurrentProcessId
0x43b55c GetCurrentThreadId
0x43b560 GetLogicalDrives
0x43b564 GetSystemDirectoryW
0x43b568 GlobalLock
0x43b56c GlobalUnlock
USER32.dll
0x43b574 CloseClipboard
0x43b578 GetClipboardData
0x43b57c GetDC
0x43b580 GetSystemMetrics
0x43b584 GetWindowInfo
0x43b588 GetWindowLongW
0x43b58c OpenClipboard
0x43b590 ReleaseDC
ole32.dll
0x43b598 CoCreateInstance
0x43b59c CoInitializeEx
0x43b5a0 CoInitializeSecurity
0x43b5a4 CoSetProxyBlanket
0x43b5a8 CoUninitialize
GDI32.dll
0x43b5b0 BitBlt
0x43b5b4 CreateCompatibleBitmap
0x43b5b8 CreateCompatibleDC
0x43b5bc DeleteDC
0x43b5c0 DeleteObject
0x43b5c4 GetCurrentObject
0x43b5c8 GetDIBits
0x43b5cc GetObjectW
0x43b5d0 SelectObject
0x43b5d4 StretchBlt
OLEAUT32.dll
0x43b5dc SysAllocString
0x43b5e0 SysFreeString
0x43b5e4 SysStringLen
0x43b5e8 VariantClear
0x43b5ec VariantInit
EAT(Export Address Table) is none
KERNEL32.dll
0x43b54c CopyFileW
0x43b550 ExitProcess
0x43b554 GetCurrentProcess
0x43b558 GetCurrentProcessId
0x43b55c GetCurrentThreadId
0x43b560 GetLogicalDrives
0x43b564 GetSystemDirectoryW
0x43b568 GlobalLock
0x43b56c GlobalUnlock
USER32.dll
0x43b574 CloseClipboard
0x43b578 GetClipboardData
0x43b57c GetDC
0x43b580 GetSystemMetrics
0x43b584 GetWindowInfo
0x43b588 GetWindowLongW
0x43b58c OpenClipboard
0x43b590 ReleaseDC
ole32.dll
0x43b598 CoCreateInstance
0x43b59c CoInitializeEx
0x43b5a0 CoInitializeSecurity
0x43b5a4 CoSetProxyBlanket
0x43b5a8 CoUninitialize
GDI32.dll
0x43b5b0 BitBlt
0x43b5b4 CreateCompatibleBitmap
0x43b5b8 CreateCompatibleDC
0x43b5bc DeleteDC
0x43b5c0 DeleteObject
0x43b5c4 GetCurrentObject
0x43b5c8 GetDIBits
0x43b5cc GetObjectW
0x43b5d0 SelectObject
0x43b5d4 StretchBlt
OLEAUT32.dll
0x43b5dc SysAllocString
0x43b5e0 SysFreeString
0x43b5e4 SysStringLen
0x43b5e8 VariantClear
0x43b5ec VariantInit
EAT(Export Address Table) is none