ScreenShot
| Created | 2024.10.31 18:13 | Machine | s1_win7_x6401 |
| Filename | Luma.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 41 detected (AIDetectMalware, Injuke, Malicious, score, Zusy, Unsafe, confidence, Lazy, Attribute, HighConfidence, high confidence, GenKryptik, HDGW, Stelpak, Kryptik@AI, RDML, o3r0FvhuatNFq71W0HHCVA, moderate, kryptik, Static AI, Suspicious PE, Detected, GrayWare, gpyt, HeurC, KVMH008, Znyonm, ABTrojan, EMBC, Injection, Artemis, Outbreak, Genetic, PossibleThreat, Wacapew, C9nj) | ||
| md5 | 998c59d4bf9c18e798a6db77f7ce10f9 | ||
| sha256 | e0d3da58a38b98b5d9ba1241fb1b30d7251332883b285117e6d2794af0c66394 | ||
| ssdeep | 12288:3KbQTjM37Fhgr4ZNkE1Er41iaNhqqitQ+jHKVkdvXPg9O/1ACWFtIW5NcDU:nTY37wr4ZyprDGqqitSkxPg41XgtR5Wo | ||
| imphash | 6ec4262994a6b10076d58ba7d08c6aff | ||
| impfuzzy | 24:U+2WDoejtWOovbOGMUD1uWvgJWDpZATvylnjBLPOXlEu9PJUsYjh:UDQoKx361ZhZbJjBbO1+sE | ||
Network IP location
Signature (15cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| danger | Executed a process and injected code into it |
| watch | Allocates execute permission to another process indicative of possible code injection |
| watch | Code injection by writing an executable or DLL to the memory of another process |
| watch | Manipulates memory of a non-child process indicative of process injection |
| watch | Potential code injection by writing to the memory of another process |
| watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
| watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | One or more potentially interesting buffers were extracted |
| notice | Terminates another process |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | Yara rule detected in process memory |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (15cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | ScreenShot | Take ScreenShot | memory |
| info | anti_dbg | Checks if being debugged | memory |
| info | DebuggerCheck__GlobalFlags | (no description) | memory |
| info | DebuggerCheck__QueryInfo | (no description) | memory |
| info | DebuggerHiding__Active | (no description) | memory |
| info | DebuggerHiding__Thread | (no description) | memory |
| info | disable_dep | Bypass DEP | memory |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | SEH__vectored | (no description) | memory |
| info | ThreadControl__Context | (no description) | memory |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44c55c CloseHandle
0x44c560 CompareStringW
0x44c564 CreateEventW
0x44c568 CreateFileW
0x44c56c DecodePointer
0x44c570 DeleteCriticalSection
0x44c574 EncodePointer
0x44c578 EnterCriticalSection
0x44c57c EnumSystemLocalesW
0x44c580 ExitProcess
0x44c584 FindClose
0x44c588 FindFirstFileExW
0x44c58c FindNextFileW
0x44c590 FlushFileBuffers
0x44c594 FreeEnvironmentStringsW
0x44c598 FreeLibrary
0x44c59c GetACP
0x44c5a0 GetCPInfo
0x44c5a4 GetCommandLineA
0x44c5a8 GetCommandLineW
0x44c5ac GetConsoleMode
0x44c5b0 GetConsoleOutputCP
0x44c5b4 GetCurrentProcess
0x44c5b8 GetCurrentProcessId
0x44c5bc GetCurrentThreadId
0x44c5c0 GetEnvironmentStringsW
0x44c5c4 GetExitCodeThread
0x44c5c8 GetFileSizeEx
0x44c5cc GetFileType
0x44c5d0 GetLastError
0x44c5d4 GetLocaleInfoW
0x44c5d8 GetModuleFileNameW
0x44c5dc GetModuleHandleExW
0x44c5e0 GetModuleHandleW
0x44c5e4 GetOEMCP
0x44c5e8 GetProcAddress
0x44c5ec GetProcessHeap
0x44c5f0 GetStartupInfoW
0x44c5f4 GetStdHandle
0x44c5f8 GetStringTypeW
0x44c5fc GetSystemTimeAsFileTime
0x44c600 GetUserDefaultLCID
0x44c604 GlobalFindAtomW
0x44c608 HeapAlloc
0x44c60c HeapFree
0x44c610 HeapReAlloc
0x44c614 HeapSize
0x44c618 InitializeCriticalSectionAndSpinCount
0x44c61c InitializeCriticalSectionEx
0x44c620 InitializeSListHead
0x44c624 IsDebuggerPresent
0x44c628 IsProcessorFeaturePresent
0x44c62c IsValidCodePage
0x44c630 IsValidLocale
0x44c634 LCMapStringEx
0x44c638 LCMapStringW
0x44c63c LeaveCriticalSection
0x44c640 LoadLibraryExW
0x44c644 MultiByteToWideChar
0x44c648 QueryPerformanceCounter
0x44c64c RaiseException
0x44c650 ReadConsoleW
0x44c654 ReadFile
0x44c658 ResetEvent
0x44c65c RtlUnwind
0x44c660 SetEndOfFile
0x44c664 SetEnvironmentVariableW
0x44c668 SetEvent
0x44c66c SetFilePointerEx
0x44c670 SetLastError
0x44c674 SetStdHandle
0x44c678 SetUnhandledExceptionFilter
0x44c67c TerminateProcess
0x44c680 TlsAlloc
0x44c684 TlsFree
0x44c688 TlsGetValue
0x44c68c TlsSetValue
0x44c690 UnhandledExceptionFilter
0x44c694 WaitForSingleObjectEx
0x44c698 WideCharToMultiByte
0x44c69c WriteConsoleW
0x44c6a0 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x44c55c CloseHandle
0x44c560 CompareStringW
0x44c564 CreateEventW
0x44c568 CreateFileW
0x44c56c DecodePointer
0x44c570 DeleteCriticalSection
0x44c574 EncodePointer
0x44c578 EnterCriticalSection
0x44c57c EnumSystemLocalesW
0x44c580 ExitProcess
0x44c584 FindClose
0x44c588 FindFirstFileExW
0x44c58c FindNextFileW
0x44c590 FlushFileBuffers
0x44c594 FreeEnvironmentStringsW
0x44c598 FreeLibrary
0x44c59c GetACP
0x44c5a0 GetCPInfo
0x44c5a4 GetCommandLineA
0x44c5a8 GetCommandLineW
0x44c5ac GetConsoleMode
0x44c5b0 GetConsoleOutputCP
0x44c5b4 GetCurrentProcess
0x44c5b8 GetCurrentProcessId
0x44c5bc GetCurrentThreadId
0x44c5c0 GetEnvironmentStringsW
0x44c5c4 GetExitCodeThread
0x44c5c8 GetFileSizeEx
0x44c5cc GetFileType
0x44c5d0 GetLastError
0x44c5d4 GetLocaleInfoW
0x44c5d8 GetModuleFileNameW
0x44c5dc GetModuleHandleExW
0x44c5e0 GetModuleHandleW
0x44c5e4 GetOEMCP
0x44c5e8 GetProcAddress
0x44c5ec GetProcessHeap
0x44c5f0 GetStartupInfoW
0x44c5f4 GetStdHandle
0x44c5f8 GetStringTypeW
0x44c5fc GetSystemTimeAsFileTime
0x44c600 GetUserDefaultLCID
0x44c604 GlobalFindAtomW
0x44c608 HeapAlloc
0x44c60c HeapFree
0x44c610 HeapReAlloc
0x44c614 HeapSize
0x44c618 InitializeCriticalSectionAndSpinCount
0x44c61c InitializeCriticalSectionEx
0x44c620 InitializeSListHead
0x44c624 IsDebuggerPresent
0x44c628 IsProcessorFeaturePresent
0x44c62c IsValidCodePage
0x44c630 IsValidLocale
0x44c634 LCMapStringEx
0x44c638 LCMapStringW
0x44c63c LeaveCriticalSection
0x44c640 LoadLibraryExW
0x44c644 MultiByteToWideChar
0x44c648 QueryPerformanceCounter
0x44c64c RaiseException
0x44c650 ReadConsoleW
0x44c654 ReadFile
0x44c658 ResetEvent
0x44c65c RtlUnwind
0x44c660 SetEndOfFile
0x44c664 SetEnvironmentVariableW
0x44c668 SetEvent
0x44c66c SetFilePointerEx
0x44c670 SetLastError
0x44c674 SetStdHandle
0x44c678 SetUnhandledExceptionFilter
0x44c67c TerminateProcess
0x44c680 TlsAlloc
0x44c684 TlsFree
0x44c688 TlsGetValue
0x44c68c TlsSetValue
0x44c690 UnhandledExceptionFilter
0x44c694 WaitForSingleObjectEx
0x44c698 WideCharToMultiByte
0x44c69c WriteConsoleW
0x44c6a0 WriteFile
EAT(Export Address Table) is none