ScreenShot
| Created | 2024.09.17 14:15 | Machine | s1_win7_x6401 |
| Filename | hq9.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (AIDetectMalware, Lumma, Malicious, score, Unsafe, Mint, Zard, Lummastealer, V938, confidence, Attribute, HighConfidence, high confidence, PWSX, TrojanPSW, ccmw, LummaC, Q5zRBUU65iV, XPACK, YXEH2Z, Real Protect, high, Detected, CCJO, 1137KHI, ABTrojan, JHBL, R663058, Artemis, BScope, Genetic, Gencirc, liL39zNvDZ4, susgen) | ||
| md5 | 7057f6c2b0efa033b30385d6015c8f4a | ||
| sha256 | a8f85f4dcae1568f857b1fbcf763da645236d6292eeef2b54b73a6641a911fcb | ||
| ssdeep | 6144:0Ljw5gVXpMLECYdehlKeX3F+kTsJ9STLyk:uVXpQTRdzTsJc/B | ||
| imphash | 9fd5b8944ce9c3acaedc650793d4996e | ||
| impfuzzy | 24:jYq17mAlZ4Ftk/TwxzT23MUklYqvEQ4ED:jYq17mAlZ4Ftk/w48AQD | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43954c CopyFileW
0x439550 ExitProcess
0x439554 GetCurrentProcess
0x439558 GetCurrentProcessId
0x43955c GetCurrentThreadId
0x439560 GetLogicalDrives
0x439564 GetSystemDirectoryW
0x439568 GlobalLock
0x43956c GlobalUnlock
USER32.dll
0x439574 CloseClipboard
0x439578 GetClipboardData
0x43957c GetDC
0x439580 GetSystemMetrics
0x439584 GetWindowInfo
0x439588 GetWindowLongW
0x43958c OpenClipboard
0x439590 ReleaseDC
ole32.dll
0x439598 CoCreateInstance
0x43959c CoInitializeEx
0x4395a0 CoInitializeSecurity
0x4395a4 CoSetProxyBlanket
0x4395a8 CoUninitialize
GDI32.dll
0x4395b0 BitBlt
0x4395b4 CreateCompatibleBitmap
0x4395b8 CreateCompatibleDC
0x4395bc DeleteDC
0x4395c0 DeleteObject
0x4395c4 GetCurrentObject
0x4395c8 GetDIBits
0x4395cc GetObjectW
0x4395d0 SelectObject
0x4395d4 StretchBlt
OLEAUT32.dll
0x4395dc SysAllocString
0x4395e0 SysFreeString
0x4395e4 SysStringLen
0x4395e8 VariantClear
0x4395ec VariantInit
EAT(Export Address Table) is none
KERNEL32.dll
0x43954c CopyFileW
0x439550 ExitProcess
0x439554 GetCurrentProcess
0x439558 GetCurrentProcessId
0x43955c GetCurrentThreadId
0x439560 GetLogicalDrives
0x439564 GetSystemDirectoryW
0x439568 GlobalLock
0x43956c GlobalUnlock
USER32.dll
0x439574 CloseClipboard
0x439578 GetClipboardData
0x43957c GetDC
0x439580 GetSystemMetrics
0x439584 GetWindowInfo
0x439588 GetWindowLongW
0x43958c OpenClipboard
0x439590 ReleaseDC
ole32.dll
0x439598 CoCreateInstance
0x43959c CoInitializeEx
0x4395a0 CoInitializeSecurity
0x4395a4 CoSetProxyBlanket
0x4395a8 CoUninitialize
GDI32.dll
0x4395b0 BitBlt
0x4395b4 CreateCompatibleBitmap
0x4395b8 CreateCompatibleDC
0x4395bc DeleteDC
0x4395c0 DeleteObject
0x4395c4 GetCurrentObject
0x4395c8 GetDIBits
0x4395cc GetObjectW
0x4395d0 SelectObject
0x4395d4 StretchBlt
OLEAUT32.dll
0x4395dc SysAllocString
0x4395e0 SysFreeString
0x4395e4 SysStringLen
0x4395e8 VariantClear
0x4395ec VariantInit
EAT(Export Address Table) is none