ScreenShot
Created | 2024.09.22 17:26 | Machine | s1_win7_x6401 |
Filename | ypqhgl.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 50 detected (AIDetectMalware, LummaStealer, Malicious, score, Unsafe, Mint, Zard, V4ew, Attribute, HighConfidence, high confidence, TrojanPSW, Lumma, ccmw, xBA9tH1EnUP, Redcap, zcrqc, YXEIUZ, Real Protect, high, Detected, Phonzy, Sabsik, Wacatac, Artemis, BScope, Genetic, QQPass, QQRob, Wylw, susgen) | ||
md5 | 990ddf57779c6d17b6885dab3f5c3494 | ||
sha256 | c260ed4b2144fa321b1353511d8ed78cb30e5e4856cce42c766fa0fad7e9bc1f | ||
ssdeep | 6144:RP5irYuB5ZuZAGW6fIdnum2vKU7fKrILt4FtDyNe6FVX17fET8ijBBvSzHBi20iA:RRnuB5ZuVCPDy4MA9ErEGXG/zrKwUrO | ||
imphash | 8a08f05f951e29daf72a243fb2aa4e67 | ||
impfuzzy | 24:fZ47kFk/7YLO317u4wxGTCqvEQ4Ei3MUkH:fZ4YFk/7Y6317+ZQ8G |
Network IP location
Signature (2cnts)
Level | Description |
---|---|
danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
watch | Communicates with host for which no DNS query was performed |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
USER32.dll
0x447acc CloseClipboard
0x447ad0 GetClipboardData
0x447ad4 GetDC
0x447ad8 GetInputState
0x447adc GetSystemMetrics
0x447ae0 GetWindowLongW
0x447ae4 OpenClipboard
0x447ae8 ReleaseDC
KERNEL32.dll
0x447af0 CopyFileW
0x447af4 ExitProcess
0x447af8 GetCommandLineW
0x447afc GetCurrentProcessId
0x447b00 GetCurrentThreadId
0x447b04 GetLogicalDrives
0x447b08 GetSystemDirectoryW
0x447b0c GlobalLock
0x447b10 GlobalUnlock
ole32.dll
0x447b18 CoCreateInstance
0x447b1c CoInitialize
0x447b20 CoInitializeSecurity
0x447b24 CoSetProxyBlanket
0x447b28 CoUninitialize
OLEAUT32.dll
0x447b30 SysAllocString
0x447b34 SysFreeString
0x447b38 SysStringLen
0x447b3c VariantClear
0x447b40 VariantInit
GDI32.dll
0x447b48 BitBlt
0x447b4c CreateCompatibleBitmap
0x447b50 CreateCompatibleDC
0x447b54 DeleteDC
0x447b58 DeleteObject
0x447b5c GetCurrentObject
0x447b60 GetDIBits
0x447b64 GetObjectW
0x447b68 SelectObject
0x447b6c StretchBlt
EAT(Export Address Table) is none
USER32.dll
0x447acc CloseClipboard
0x447ad0 GetClipboardData
0x447ad4 GetDC
0x447ad8 GetInputState
0x447adc GetSystemMetrics
0x447ae0 GetWindowLongW
0x447ae4 OpenClipboard
0x447ae8 ReleaseDC
KERNEL32.dll
0x447af0 CopyFileW
0x447af4 ExitProcess
0x447af8 GetCommandLineW
0x447afc GetCurrentProcessId
0x447b00 GetCurrentThreadId
0x447b04 GetLogicalDrives
0x447b08 GetSystemDirectoryW
0x447b0c GlobalLock
0x447b10 GlobalUnlock
ole32.dll
0x447b18 CoCreateInstance
0x447b1c CoInitialize
0x447b20 CoInitializeSecurity
0x447b24 CoSetProxyBlanket
0x447b28 CoUninitialize
OLEAUT32.dll
0x447b30 SysAllocString
0x447b34 SysFreeString
0x447b38 SysStringLen
0x447b3c VariantClear
0x447b40 VariantInit
GDI32.dll
0x447b48 BitBlt
0x447b4c CreateCompatibleBitmap
0x447b50 CreateCompatibleDC
0x447b54 DeleteDC
0x447b58 DeleteObject
0x447b5c GetCurrentObject
0x447b60 GetDIBits
0x447b64 GetObjectW
0x447b68 SelectObject
0x447b6c StretchBlt
EAT(Export Address Table) is none