ScreenShot
| Created | 2024.09.17 13:24 | Machine | s1_win7_x6403 |
| Filename | b99.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 58 detected (AIDetectMalware, LummaStealer, Malicious, score, Unsafe, Mint, Zard, Vmn2, confidence, Attribute, HighConfidence, high confidence, Lumma, TrojanPSW, ccmw, LummaC, Q5zRBUU65iV, XPACK, YXEIAZ, Real Protect, high, Detected, CCJO, R663058, Artemis, BScope, GdSda, Gencirc, kgzDFq8zM0, susgen) | ||
| md5 | d18738ee43bda16b6a6d309f2baeef4d | ||
| sha256 | 11ba8ee81f38130b690c3c8b279fa4da0b01c87f57b940d7af5dab58b18fc9a7 | ||
| ssdeep | 6144:NogwExxWrPSfzp5jCF6/okvkWaWTA8OPDgr0Op:1zp5jCs7pA8GQRp | ||
| imphash | 9fd5b8944ce9c3acaedc650793d4996e | ||
| impfuzzy | 24:jYq17mAlZ4Ftk/TwxzT23MUklYqvEQ4ED:jYq17mAlZ4Ftk/w48AQD | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 58 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43a52c CopyFileW
0x43a530 ExitProcess
0x43a534 GetCurrentProcess
0x43a538 GetCurrentProcessId
0x43a53c GetCurrentThreadId
0x43a540 GetLogicalDrives
0x43a544 GetSystemDirectoryW
0x43a548 GlobalLock
0x43a54c GlobalUnlock
USER32.dll
0x43a554 CloseClipboard
0x43a558 GetClipboardData
0x43a55c GetDC
0x43a560 GetSystemMetrics
0x43a564 GetWindowInfo
0x43a568 GetWindowLongW
0x43a56c OpenClipboard
0x43a570 ReleaseDC
ole32.dll
0x43a578 CoCreateInstance
0x43a57c CoInitializeEx
0x43a580 CoInitializeSecurity
0x43a584 CoSetProxyBlanket
0x43a588 CoUninitialize
GDI32.dll
0x43a590 BitBlt
0x43a594 CreateCompatibleBitmap
0x43a598 CreateCompatibleDC
0x43a59c DeleteDC
0x43a5a0 DeleteObject
0x43a5a4 GetCurrentObject
0x43a5a8 GetDIBits
0x43a5ac GetObjectW
0x43a5b0 SelectObject
0x43a5b4 StretchBlt
OLEAUT32.dll
0x43a5bc SysAllocString
0x43a5c0 SysFreeString
0x43a5c4 SysStringLen
0x43a5c8 VariantClear
0x43a5cc VariantInit
EAT(Export Address Table) is none
KERNEL32.dll
0x43a52c CopyFileW
0x43a530 ExitProcess
0x43a534 GetCurrentProcess
0x43a538 GetCurrentProcessId
0x43a53c GetCurrentThreadId
0x43a540 GetLogicalDrives
0x43a544 GetSystemDirectoryW
0x43a548 GlobalLock
0x43a54c GlobalUnlock
USER32.dll
0x43a554 CloseClipboard
0x43a558 GetClipboardData
0x43a55c GetDC
0x43a560 GetSystemMetrics
0x43a564 GetWindowInfo
0x43a568 GetWindowLongW
0x43a56c OpenClipboard
0x43a570 ReleaseDC
ole32.dll
0x43a578 CoCreateInstance
0x43a57c CoInitializeEx
0x43a580 CoInitializeSecurity
0x43a584 CoSetProxyBlanket
0x43a588 CoUninitialize
GDI32.dll
0x43a590 BitBlt
0x43a594 CreateCompatibleBitmap
0x43a598 CreateCompatibleDC
0x43a59c DeleteDC
0x43a5a0 DeleteObject
0x43a5a4 GetCurrentObject
0x43a5a8 GetDIBits
0x43a5ac GetObjectW
0x43a5b0 SelectObject
0x43a5b4 StretchBlt
OLEAUT32.dll
0x43a5bc SysAllocString
0x43a5c0 SysFreeString
0x43a5c4 SysStringLen
0x43a5c8 VariantClear
0x43a5cc VariantInit
EAT(Export Address Table) is none