ScreenShot
| Created | 2024.09.17 13:43 | Machine | s1_win7_x6401 |
| Filename | JLumma.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 46 detected (AIDetectMalware, Lumma, Artemis, Unsafe, V174, Genus, Attribute, HighConfidence, a variant of WinGo, TrojanPSW, CLASSIC, Redcap, avwsk, AMADEY, YXEIKZ, malicious, moderate, score, Detected, Sabsik, Malware@#2hgjw8ntqabkj, Phonzy, 6NOJCO, ABTrojan, WMJS, LummaC2, WinGo, Chgt, QQPass, QQRob, Jqil) | ||
| md5 | 8094be340c539b9ac0d2af7ea4c3120c | ||
| sha256 | 71b814a0a6c6d9cd59504a14918e29f59d2b77d981dca01d22a97f098c89c782 | ||
| ssdeep | 196608:H1nMXE60CkFiBhh2NUVNNXtW4HfuaSCL3b4kOVgNffMqf4dU:uT32SD6CL3PEgNb | ||
| imphash | 1aae8bf580c846f39c71c05898e57e88 | ||
| impfuzzy | 24:ibVjh9wO+VuT7boVaXOr6kwmDgUPMztxdEr6UP:AwO+VUjXOmokx0nP | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Schwerer_IN | Schwerer | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x18f26e0 WriteFile
0x18f26e4 WriteConsoleW
0x18f26e8 WerSetFlags
0x18f26ec WerGetFlags
0x18f26f0 WaitForMultipleObjects
0x18f26f4 WaitForSingleObject
0x18f26f8 VirtualQuery
0x18f26fc VirtualFree
0x18f2700 VirtualAlloc
0x18f2704 TlsAlloc
0x18f2708 SwitchToThread
0x18f270c SuspendThread
0x18f2710 SetWaitableTimer
0x18f2714 SetUnhandledExceptionFilter
0x18f2718 SetProcessPriorityBoost
0x18f271c SetEvent
0x18f2720 SetErrorMode
0x18f2724 SetConsoleCtrlHandler
0x18f2728 ResumeThread
0x18f272c RaiseFailFastException
0x18f2730 PostQueuedCompletionStatus
0x18f2734 LoadLibraryW
0x18f2738 LoadLibraryExW
0x18f273c SetThreadContext
0x18f2740 GetThreadContext
0x18f2744 GetSystemInfo
0x18f2748 GetSystemDirectoryA
0x18f274c GetStdHandle
0x18f2750 GetQueuedCompletionStatusEx
0x18f2754 GetProcessAffinityMask
0x18f2758 GetProcAddress
0x18f275c GetErrorMode
0x18f2760 GetEnvironmentStringsW
0x18f2764 GetCurrentThreadId
0x18f2768 GetConsoleMode
0x18f276c FreeEnvironmentStringsW
0x18f2770 ExitProcess
0x18f2774 DuplicateHandle
0x18f2778 CreateWaitableTimerExW
0x18f277c CreateThread
0x18f2780 CreateIoCompletionPort
0x18f2784 CreateEventA
0x18f2788 CloseHandle
0x18f278c AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x18f26e0 WriteFile
0x18f26e4 WriteConsoleW
0x18f26e8 WerSetFlags
0x18f26ec WerGetFlags
0x18f26f0 WaitForMultipleObjects
0x18f26f4 WaitForSingleObject
0x18f26f8 VirtualQuery
0x18f26fc VirtualFree
0x18f2700 VirtualAlloc
0x18f2704 TlsAlloc
0x18f2708 SwitchToThread
0x18f270c SuspendThread
0x18f2710 SetWaitableTimer
0x18f2714 SetUnhandledExceptionFilter
0x18f2718 SetProcessPriorityBoost
0x18f271c SetEvent
0x18f2720 SetErrorMode
0x18f2724 SetConsoleCtrlHandler
0x18f2728 ResumeThread
0x18f272c RaiseFailFastException
0x18f2730 PostQueuedCompletionStatus
0x18f2734 LoadLibraryW
0x18f2738 LoadLibraryExW
0x18f273c SetThreadContext
0x18f2740 GetThreadContext
0x18f2744 GetSystemInfo
0x18f2748 GetSystemDirectoryA
0x18f274c GetStdHandle
0x18f2750 GetQueuedCompletionStatusEx
0x18f2754 GetProcessAffinityMask
0x18f2758 GetProcAddress
0x18f275c GetErrorMode
0x18f2760 GetEnvironmentStringsW
0x18f2764 GetCurrentThreadId
0x18f2768 GetConsoleMode
0x18f276c FreeEnvironmentStringsW
0x18f2770 ExitProcess
0x18f2774 DuplicateHandle
0x18f2778 CreateWaitableTimerExW
0x18f277c CreateThread
0x18f2780 CreateIoCompletionPort
0x18f2784 CreateEventA
0x18f2788 CloseHandle
0x18f278c AddVectoredExceptionHandler
EAT(Export Address Table) is none