ScreenShot
| Created | 2024.09.17 13:53 | Machine | s1_win7_x6403 |
| Filename | yqy9.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 60 detected (AIDetectMalware, LummaStealer, Malicious, score, Trojanpws, Lumma, Unsafe, Mint, Zard, V0ba, confidence, Attribute, HighConfidence, high confidence, PWSX, TrojanPSW, ccmw, LummaC, Q5zRBUU65iV, XPACK, YXEILZ, Real Protect, high, Detected, Sabsik, Malware@#3k1g4197i88gn, Multiverze, 13ITPND, ABTrojan, VGOP, R663058, Artemis, BScope, Gencirc, ZnYonjNfU, susgen, Genetic) | ||
| md5 | e2980829e246f82cabeb175d2201ac96 | ||
| sha256 | 8de96ff4820dfb076f36aae94094bba80284d33579a6e689f8b7d8422f0a8fe8 | ||
| ssdeep | 6144:L57ycIxTsJdbj9WtxhNdZo/zPAdW5akIJOa3kuypxoCjdgTq29V9G:yxTQZ6x4bIdW5aUgTR39G | ||
| imphash | 9fd5b8944ce9c3acaedc650793d4996e | ||
| impfuzzy | 24:jYq17mAlZ4Ftk/TwxzT23MUklYqvEQ4ED:jYq17mAlZ4Ftk/w48AQD | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x445594 CopyFileW
0x445598 ExitProcess
0x44559c GetCurrentProcess
0x4455a0 GetCurrentProcessId
0x4455a4 GetCurrentThreadId
0x4455a8 GetLogicalDrives
0x4455ac GetSystemDirectoryW
0x4455b0 GlobalLock
0x4455b4 GlobalUnlock
USER32.dll
0x4455bc CloseClipboard
0x4455c0 GetClipboardData
0x4455c4 GetDC
0x4455c8 GetSystemMetrics
0x4455cc GetWindowInfo
0x4455d0 GetWindowLongW
0x4455d4 OpenClipboard
0x4455d8 ReleaseDC
ole32.dll
0x4455e0 CoCreateInstance
0x4455e4 CoInitializeEx
0x4455e8 CoInitializeSecurity
0x4455ec CoSetProxyBlanket
0x4455f0 CoUninitialize
GDI32.dll
0x4455f8 BitBlt
0x4455fc CreateCompatibleBitmap
0x445600 CreateCompatibleDC
0x445604 DeleteDC
0x445608 DeleteObject
0x44560c GetCurrentObject
0x445610 GetDIBits
0x445614 GetObjectW
0x445618 SelectObject
0x44561c StretchBlt
OLEAUT32.dll
0x445624 SysAllocString
0x445628 SysFreeString
0x44562c SysStringLen
0x445630 VariantClear
0x445634 VariantInit
EAT(Export Address Table) is none
KERNEL32.dll
0x445594 CopyFileW
0x445598 ExitProcess
0x44559c GetCurrentProcess
0x4455a0 GetCurrentProcessId
0x4455a4 GetCurrentThreadId
0x4455a8 GetLogicalDrives
0x4455ac GetSystemDirectoryW
0x4455b0 GlobalLock
0x4455b4 GlobalUnlock
USER32.dll
0x4455bc CloseClipboard
0x4455c0 GetClipboardData
0x4455c4 GetDC
0x4455c8 GetSystemMetrics
0x4455cc GetWindowInfo
0x4455d0 GetWindowLongW
0x4455d4 OpenClipboard
0x4455d8 ReleaseDC
ole32.dll
0x4455e0 CoCreateInstance
0x4455e4 CoInitializeEx
0x4455e8 CoInitializeSecurity
0x4455ec CoSetProxyBlanket
0x4455f0 CoUninitialize
GDI32.dll
0x4455f8 BitBlt
0x4455fc CreateCompatibleBitmap
0x445600 CreateCompatibleDC
0x445604 DeleteDC
0x445608 DeleteObject
0x44560c GetCurrentObject
0x445610 GetDIBits
0x445614 GetObjectW
0x445618 SelectObject
0x44561c StretchBlt
OLEAUT32.dll
0x445624 SysAllocString
0x445628 SysFreeString
0x44562c SysStringLen
0x445630 VariantClear
0x445634 VariantInit
EAT(Export Address Table) is none