popup

Report - ypqhgl.exe

UPX PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.09.22 17:26 Machine s1_win7_x6401
Filename ypqhgl.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
12
 Behavior Score
1.8
ZERO API file : malware
VT API (file) 50 detected (AIDetectMalware, LummaStealer, Malicious, score, Unsafe, Mint, Zard, V4ew, Attribute, HighConfidence, high confidence, TrojanPSW, Lumma, ccmw, xBA9tH1EnUP, Redcap, zcrqc, YXEIUZ, Real Protect, high, Detected, Phonzy, Sabsik, Wacatac, Artemis, BScope, Genetic, QQPass, QQRob, Wylw, susgen)
md5 990ddf57779c6d17b6885dab3f5c3494
sha256 c260ed4b2144fa321b1353511d8ed78cb30e5e4856cce42c766fa0fad7e9bc1f
ssdeep 6144:RP5irYuB5ZuZAGW6fIdnum2vKU7fKrILt4FtDyNe6FVX17fET8ijBBvSzHBi20iA:RRnuB5ZuVCPDy4MA9ErEGXG/zrKwUrO
imphash 8a08f05f951e29daf72a243fb2aa4e67
impfuzzy 24:fZ47kFk/7YLO317u4wxGTCqvEQ4Ei3MUkH:fZ4YFk/7Y6317+ZQ8G
  Network IP location

Signature (2cnts)

Level Description
danger File has been identified by 50 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed

Rules (3cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
45.33.6.223
whois
US Linode, LLC 45.33.6.223 clean

Suricata ids

PE API

IAT(Import Address Table) Library

USER32.dll
 0x447acc CloseClipboard
 0x447ad0 GetClipboardData
 0x447ad4 GetDC
 0x447ad8 GetInputState
 0x447adc GetSystemMetrics
 0x447ae0 GetWindowLongW
 0x447ae4 OpenClipboard
 0x447ae8 ReleaseDC
KERNEL32.dll
 0x447af0 CopyFileW
 0x447af4 ExitProcess
 0x447af8 GetCommandLineW
 0x447afc GetCurrentProcessId
 0x447b00 GetCurrentThreadId
 0x447b04 GetLogicalDrives
 0x447b08 GetSystemDirectoryW
 0x447b0c GlobalLock
 0x447b10 GlobalUnlock
ole32.dll
 0x447b18 CoCreateInstance
 0x447b1c CoInitialize
 0x447b20 CoInitializeSecurity
 0x447b24 CoSetProxyBlanket
 0x447b28 CoUninitialize
OLEAUT32.dll
 0x447b30 SysAllocString
 0x447b34 SysFreeString
 0x447b38 SysStringLen
 0x447b3c VariantClear
 0x447b40 VariantInit
GDI32.dll
 0x447b48 BitBlt
 0x447b4c CreateCompatibleBitmap
 0x447b50 CreateCompatibleDC
 0x447b54 DeleteDC
 0x447b58 DeleteObject
 0x447b5c GetCurrentObject
 0x447b60 GetDIBits
 0x447b64 GetObjectW
 0x447b68 SelectObject
 0x447b6c StretchBlt

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure