ScreenShot
| Created | 2024.09.11 10:48 | Machine | s1_win7_x6401 |
| Filename | 66df5745ca628_SETUP.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 42 detected (AIDetectMalware, Lumma, malicious, high confidence, Vqap, GenericKD, a variant of WinGo, CLASSIC, eluax, LUMMASTEALER, YXEIJZ, moderate, score, Static AI, Suspicious PE, Detected, ai score=84, Convagent, Wacatac, LummaC2, Artemis, BScope, TrojanPSW, WinGo, Chgt, AGen) | ||
| md5 | 41acc938951854469f46ca6856927c22 | ||
| sha256 | e13ee1f8dd928b0ee9cd7a6047e31cd903f8964fe7d3f72921c0c5933c2a5389 | ||
| ssdeep | 98304:4xbvkonG8W4WDHUmWvU4JpEQQxmZcBo2pWN:4xQBf09bE3alN | ||
| imphash | 4f2f006e2ecf7172ad368f8289dc96c1 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6tP:AwO+VUjXOmokx0oP | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 42 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0xb29240 WriteFile
0xb29244 WriteConsoleW
0xb29248 WerSetFlags
0xb2924c WerGetFlags
0xb29250 WaitForMultipleObjects
0xb29254 WaitForSingleObject
0xb29258 VirtualQuery
0xb2925c VirtualFree
0xb29260 VirtualAlloc
0xb29264 TlsAlloc
0xb29268 SwitchToThread
0xb2926c SuspendThread
0xb29270 SetWaitableTimer
0xb29274 SetUnhandledExceptionFilter
0xb29278 SetProcessPriorityBoost
0xb2927c SetEvent
0xb29280 SetErrorMode
0xb29284 SetConsoleCtrlHandler
0xb29288 ResumeThread
0xb2928c RaiseFailFastException
0xb29290 PostQueuedCompletionStatus
0xb29294 LoadLibraryW
0xb29298 LoadLibraryExW
0xb2929c SetThreadContext
0xb292a0 GetThreadContext
0xb292a4 GetSystemInfo
0xb292a8 GetSystemDirectoryA
0xb292ac GetStdHandle
0xb292b0 GetQueuedCompletionStatusEx
0xb292b4 GetProcessAffinityMask
0xb292b8 GetProcAddress
0xb292bc GetErrorMode
0xb292c0 GetEnvironmentStringsW
0xb292c4 GetCurrentThreadId
0xb292c8 GetConsoleMode
0xb292cc FreeEnvironmentStringsW
0xb292d0 ExitProcess
0xb292d4 DuplicateHandle
0xb292d8 CreateWaitableTimerExW
0xb292dc CreateThread
0xb292e0 CreateIoCompletionPort
0xb292e4 CreateFileA
0xb292e8 CreateEventA
0xb292ec CloseHandle
0xb292f0 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0xb29240 WriteFile
0xb29244 WriteConsoleW
0xb29248 WerSetFlags
0xb2924c WerGetFlags
0xb29250 WaitForMultipleObjects
0xb29254 WaitForSingleObject
0xb29258 VirtualQuery
0xb2925c VirtualFree
0xb29260 VirtualAlloc
0xb29264 TlsAlloc
0xb29268 SwitchToThread
0xb2926c SuspendThread
0xb29270 SetWaitableTimer
0xb29274 SetUnhandledExceptionFilter
0xb29278 SetProcessPriorityBoost
0xb2927c SetEvent
0xb29280 SetErrorMode
0xb29284 SetConsoleCtrlHandler
0xb29288 ResumeThread
0xb2928c RaiseFailFastException
0xb29290 PostQueuedCompletionStatus
0xb29294 LoadLibraryW
0xb29298 LoadLibraryExW
0xb2929c SetThreadContext
0xb292a0 GetThreadContext
0xb292a4 GetSystemInfo
0xb292a8 GetSystemDirectoryA
0xb292ac GetStdHandle
0xb292b0 GetQueuedCompletionStatusEx
0xb292b4 GetProcessAffinityMask
0xb292b8 GetProcAddress
0xb292bc GetErrorMode
0xb292c0 GetEnvironmentStringsW
0xb292c4 GetCurrentThreadId
0xb292c8 GetConsoleMode
0xb292cc FreeEnvironmentStringsW
0xb292d0 ExitProcess
0xb292d4 DuplicateHandle
0xb292d8 CreateWaitableTimerExW
0xb292dc CreateThread
0xb292e0 CreateIoCompletionPort
0xb292e4 CreateFileA
0xb292e8 CreateEventA
0xb292ec CloseHandle
0xb292f0 AddVectoredExceptionHandler
EAT(Export Address Table) is none