ScreenShot
| Created | 2024.09.17 13:22 | Machine | s1_win7_x6403 |
| Filename | wywy8.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 58 detected (AIDetectMalware, Lumma, Mint, Zard, Trojanpws, Unsafe, Lummastealer, Ve1q, malicious, confidence, Attribute, HighConfidence, high confidence, score, TrojanPSW, ccmw, LummaC, Q5zRBUU65iV, XPACK, YXEIIZ, Real Protect, high, Detected, Malware@#3k0rb8nd9zeeu, CCJO, 188JZSF, ABTrojan, LVWO, R663058, Artemis, BScope, Genetic, Gencirc, KV64RdZEr) | ||
| md5 | 54d0f9cd7751a2dfa84f1faf3a901a1c | ||
| sha256 | 316d1754ce6a5722988344f0540adf58d0b8270d241c94b02df03a66b5bcda05 | ||
| ssdeep | 6144:MhQYcHKNira9oRdHFBn+weUKoEg/UnK2evakyl2GXUgYYdf:XKNirCtpgpzD | ||
| imphash | 9fd5b8944ce9c3acaedc650793d4996e | ||
| impfuzzy | 24:jYq17mAlZ4Ftk/TwxzT23MUklYqvEQ4ED:jYq17mAlZ4Ftk/w48AQD | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x443594 CopyFileW
0x443598 ExitProcess
0x44359c GetCurrentProcess
0x4435a0 GetCurrentProcessId
0x4435a4 GetCurrentThreadId
0x4435a8 GetLogicalDrives
0x4435ac GetSystemDirectoryW
0x4435b0 GlobalLock
0x4435b4 GlobalUnlock
USER32.dll
0x4435bc CloseClipboard
0x4435c0 GetClipboardData
0x4435c4 GetDC
0x4435c8 GetSystemMetrics
0x4435cc GetWindowInfo
0x4435d0 GetWindowLongW
0x4435d4 OpenClipboard
0x4435d8 ReleaseDC
ole32.dll
0x4435e0 CoCreateInstance
0x4435e4 CoInitializeEx
0x4435e8 CoInitializeSecurity
0x4435ec CoSetProxyBlanket
0x4435f0 CoUninitialize
GDI32.dll
0x4435f8 BitBlt
0x4435fc CreateCompatibleBitmap
0x443600 CreateCompatibleDC
0x443604 DeleteDC
0x443608 DeleteObject
0x44360c GetCurrentObject
0x443610 GetDIBits
0x443614 GetObjectW
0x443618 SelectObject
0x44361c StretchBlt
OLEAUT32.dll
0x443624 SysAllocString
0x443628 SysFreeString
0x44362c SysStringLen
0x443630 VariantClear
0x443634 VariantInit
EAT(Export Address Table) is none
KERNEL32.dll
0x443594 CopyFileW
0x443598 ExitProcess
0x44359c GetCurrentProcess
0x4435a0 GetCurrentProcessId
0x4435a4 GetCurrentThreadId
0x4435a8 GetLogicalDrives
0x4435ac GetSystemDirectoryW
0x4435b0 GlobalLock
0x4435b4 GlobalUnlock
USER32.dll
0x4435bc CloseClipboard
0x4435c0 GetClipboardData
0x4435c4 GetDC
0x4435c8 GetSystemMetrics
0x4435cc GetWindowInfo
0x4435d0 GetWindowLongW
0x4435d4 OpenClipboard
0x4435d8 ReleaseDC
ole32.dll
0x4435e0 CoCreateInstance
0x4435e4 CoInitializeEx
0x4435e8 CoInitializeSecurity
0x4435ec CoSetProxyBlanket
0x4435f0 CoUninitialize
GDI32.dll
0x4435f8 BitBlt
0x4435fc CreateCompatibleBitmap
0x443600 CreateCompatibleDC
0x443604 DeleteDC
0x443608 DeleteObject
0x44360c GetCurrentObject
0x443610 GetDIBits
0x443614 GetObjectW
0x443618 SelectObject
0x44361c StretchBlt
OLEAUT32.dll
0x443624 SysAllocString
0x443628 SysFreeString
0x44362c SysStringLen
0x443630 VariantClear
0x443634 VariantInit
EAT(Export Address Table) is none