ScreenShot
Created | 2024.09.22 18:18 | Machine | s1_win7_x6403 |
Filename | otqp9.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 50 detected (AIDetectMalware, LummaStealer, Malicious, score, Unsafe, Mint, Zard, Vy09, Lumma, high confidence, AGen, ccmw, xBA9tH1EnUP, Redcap, sevtl, YXEISZ, Real Protect, high, Generic Reputation PUA, Detected, GrayWare, Wacapew, Wacatac, Artemis, BScope, TrojanPSW, Fajl, susgen, Genetic) | ||
md5 | e6cd9d13873fe412d65b9e6aba45d220 | ||
sha256 | 5a43cbf8cf2636662187db7fd18d214c2f0468c0305b08920d82371f0a530f65 | ||
ssdeep | 6144:T2xlV673rp8I+xY01VAuwV4g/LVnW2e4yZkNiRudnV1/UzH:qxlm3rud/wOKW74yZUiR2JUzH | ||
imphash | 8a08f05f951e29daf72a243fb2aa4e67 | ||
impfuzzy | 24:fZ47kFk/7YLO317u4wxGTCqvEQ4Ei3MUkH:fZ4YFk/7Y6317+ZQ8G |
Network IP location
Signature (1cnts)
Level | Description |
---|---|
danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x449acc CloseClipboard
0x449ad0 GetClipboardData
0x449ad4 GetDC
0x449ad8 GetInputState
0x449adc GetSystemMetrics
0x449ae0 GetWindowLongW
0x449ae4 OpenClipboard
0x449ae8 ReleaseDC
KERNEL32.dll
0x449af0 CopyFileW
0x449af4 ExitProcess
0x449af8 GetCommandLineW
0x449afc GetCurrentProcessId
0x449b00 GetCurrentThreadId
0x449b04 GetLogicalDrives
0x449b08 GetSystemDirectoryW
0x449b0c GlobalLock
0x449b10 GlobalUnlock
ole32.dll
0x449b18 CoCreateInstance
0x449b1c CoInitialize
0x449b20 CoInitializeSecurity
0x449b24 CoSetProxyBlanket
0x449b28 CoUninitialize
OLEAUT32.dll
0x449b30 SysAllocString
0x449b34 SysFreeString
0x449b38 SysStringLen
0x449b3c VariantClear
0x449b40 VariantInit
GDI32.dll
0x449b48 BitBlt
0x449b4c CreateCompatibleBitmap
0x449b50 CreateCompatibleDC
0x449b54 DeleteDC
0x449b58 DeleteObject
0x449b5c GetCurrentObject
0x449b60 GetDIBits
0x449b64 GetObjectW
0x449b68 SelectObject
0x449b6c StretchBlt
EAT(Export Address Table) is none
USER32.dll
0x449acc CloseClipboard
0x449ad0 GetClipboardData
0x449ad4 GetDC
0x449ad8 GetInputState
0x449adc GetSystemMetrics
0x449ae0 GetWindowLongW
0x449ae4 OpenClipboard
0x449ae8 ReleaseDC
KERNEL32.dll
0x449af0 CopyFileW
0x449af4 ExitProcess
0x449af8 GetCommandLineW
0x449afc GetCurrentProcessId
0x449b00 GetCurrentThreadId
0x449b04 GetLogicalDrives
0x449b08 GetSystemDirectoryW
0x449b0c GlobalLock
0x449b10 GlobalUnlock
ole32.dll
0x449b18 CoCreateInstance
0x449b1c CoInitialize
0x449b20 CoInitializeSecurity
0x449b24 CoSetProxyBlanket
0x449b28 CoUninitialize
OLEAUT32.dll
0x449b30 SysAllocString
0x449b34 SysFreeString
0x449b38 SysStringLen
0x449b3c VariantClear
0x449b40 VariantInit
GDI32.dll
0x449b48 BitBlt
0x449b4c CreateCompatibleBitmap
0x449b50 CreateCompatibleDC
0x449b54 DeleteDC
0x449b58 DeleteObject
0x449b5c GetCurrentObject
0x449b60 GetDIBits
0x449b64 GetObjectW
0x449b68 SelectObject
0x449b6c StretchBlt
EAT(Export Address Table) is none