ScreenShot
| Created | 2024.09.20 10:29 | Machine | s1_win7_x6403 |
| Filename | jrj6.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 57 detected (AIDetectMalware, LummaStealer, Malicious, score, Unsafe, Mint, Zard, Vlrl, confidence, Genus, Attribute, HighConfidence, high confidence, PWSX, Lumma, TrojanPSW, ccmw, tZshjg37vOV, XPACK, YXEIPZ, Real Protect, high, EncPk, Detected, Malware@#1kw459545lzrw, ABTrojan, VNFA, R663058, Artemis, BScope, Genetic, Gencirc, 52bPq3ObotA, susgen) | ||
| md5 | 1b24fed84d73ccf3575d306b504ebda7 | ||
| sha256 | 913be632895fcac1ee8b00e9da64957664f1808fe25d97ef6f83baacc064bdeb | ||
| ssdeep | 6144:6g60Y60ugd0vFImABIj3UAEV5ZYl1R2RQAcGsUU:T15gqvVkEYYl139GsUU | ||
| imphash | 603d928b42c1cb14e42962c75cfe8165 | ||
| impfuzzy | 12:jw5TZtJFTleZA/tHqH3Q4oAt7QNt2mwxrPTkTDLO1UkpzmzdwdV3EQg3ED:jC17llZ4Ftk/TwxzT23MUklYqvEQ4ED | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x43c52c CopyFileW
0x43c530 GetCurrentProcess
0x43c534 GetCurrentProcessId
0x43c538 GetCurrentThreadId
0x43c53c GetLogicalDrives
0x43c540 GetSystemDirectoryW
0x43c544 GlobalLock
0x43c548 GlobalUnlock
0x43c54c TerminateProcess
USER32.dll
0x43c554 CloseClipboard
0x43c558 GetClipboardData
0x43c55c GetDC
0x43c560 GetSystemMetrics
0x43c564 GetWindowInfo
0x43c568 GetWindowLongW
0x43c56c OpenClipboard
0x43c570 ReleaseDC
ole32.dll
0x43c578 CoCreateInstance
0x43c57c CoInitializeEx
0x43c580 CoInitializeSecurity
0x43c584 CoSetProxyBlanket
0x43c588 CoUninitialize
GDI32.dll
0x43c590 BitBlt
0x43c594 CreateCompatibleBitmap
0x43c598 CreateCompatibleDC
0x43c59c DeleteDC
0x43c5a0 DeleteObject
0x43c5a4 GetCurrentObject
0x43c5a8 GetDIBits
0x43c5ac GetObjectW
0x43c5b0 SelectObject
0x43c5b4 StretchBlt
OLEAUT32.dll
0x43c5bc SysAllocString
0x43c5c0 SysFreeString
0x43c5c4 SysStringLen
0x43c5c8 VariantClear
0x43c5cc VariantInit
EAT(Export Address Table) is none
KERNEL32.dll
0x43c52c CopyFileW
0x43c530 GetCurrentProcess
0x43c534 GetCurrentProcessId
0x43c538 GetCurrentThreadId
0x43c53c GetLogicalDrives
0x43c540 GetSystemDirectoryW
0x43c544 GlobalLock
0x43c548 GlobalUnlock
0x43c54c TerminateProcess
USER32.dll
0x43c554 CloseClipboard
0x43c558 GetClipboardData
0x43c55c GetDC
0x43c560 GetSystemMetrics
0x43c564 GetWindowInfo
0x43c568 GetWindowLongW
0x43c56c OpenClipboard
0x43c570 ReleaseDC
ole32.dll
0x43c578 CoCreateInstance
0x43c57c CoInitializeEx
0x43c580 CoInitializeSecurity
0x43c584 CoSetProxyBlanket
0x43c588 CoUninitialize
GDI32.dll
0x43c590 BitBlt
0x43c594 CreateCompatibleBitmap
0x43c598 CreateCompatibleDC
0x43c59c DeleteDC
0x43c5a0 DeleteObject
0x43c5a4 GetCurrentObject
0x43c5a8 GetDIBits
0x43c5ac GetObjectW
0x43c5b0 SelectObject
0x43c5b4 StretchBlt
OLEAUT32.dll
0x43c5bc SysAllocString
0x43c5c0 SysFreeString
0x43c5c4 SysStringLen
0x43c5c8 VariantClear
0x43c5cc VariantInit
EAT(Export Address Table) is none