ScreenShot
| Created | 2025.02.07 14:15 | Machine | s1_win7_x6403 |
| Filename | LinkedinTuVanDat.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (Common, LummaStealer, Malicious, score, Ghanarava, Unsafe, Mint, Zard, Vohw, confidence, Genus, Attribute, HighConfidence, Windows, Lumma, Zload, LummaC, ccmw, LummaC2, CLASSIC, Redcap, swfsh, YXEJ5Z, Real Protect, high, Detected, Eldorado, R673998, GenericRXWP, TrojanPSW, Genetic, Gencirc, XcDIzjAanMs, susgen) | ||
| md5 | e00fac5836ce0e292228254b4f73cfa9 | ||
| sha256 | 0b1da36b598c9a556a96133b625413f10198c763f07345cc8a47c29991dfff68 | ||
| ssdeep | 6144:+tWC7xvtddofKKrybbuMY88Jc/oZ3ipoOvYcOCL7E6tt7tilp4:+RZtddofKKrzHPJ3ii0bL7E6t7q2 | ||
| imphash | f5ad7569262698fb9eae9f54a4af280c | ||
| impfuzzy | 24:jYLO317cl2rZ4izFkjO5L/TwxGTCq1EQ4Ei3MUkH:jY6317cl+Z40FkjAL/w3Q8G | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44819c CopyFileW
0x4481a0 ExitProcess
0x4481a4 GetCommandLineW
0x4481a8 GetCurrentProcessId
0x4481ac GetCurrentThreadId
0x4481b0 GetLogicalDrives
0x4481b4 GetSystemDirectoryW
0x4481b8 GlobalLock
0x4481bc GlobalUnlock
SHELL32.dll
0x4481c4 ShellExecuteW
USER32.dll
0x4481cc CloseClipboard
0x4481d0 FindWindowExW
0x4481d4 GetClipboardData
0x4481d8 GetDC
0x4481dc GetForegroundWindow
0x4481e0 GetSystemMetrics
0x4481e4 GetWindowLongW
0x4481e8 GetWindowThreadProcessId
0x4481ec IsWindowEnabled
0x4481f0 IsWindowVisible
0x4481f4 OpenClipboard
0x4481f8 ReleaseDC
ole32.dll
0x448200 CoCreateInstance
0x448204 CoInitialize
0x448208 CoInitializeSecurity
0x44820c CoSetProxyBlanket
0x448210 CoUninitialize
OLEAUT32.dll
0x448218 SysAllocString
0x44821c SysFreeString
0x448220 VariantClear
0x448224 VariantInit
GDI32.dll
0x44822c BitBlt
0x448230 CreateCompatibleBitmap
0x448234 CreateCompatibleDC
0x448238 DeleteDC
0x44823c DeleteObject
0x448240 GetCurrentObject
0x448244 GetDIBits
0x448248 GetObjectW
0x44824c SelectObject
0x448250 StretchBlt
EAT(Export Address Table) is none
KERNEL32.dll
0x44819c CopyFileW
0x4481a0 ExitProcess
0x4481a4 GetCommandLineW
0x4481a8 GetCurrentProcessId
0x4481ac GetCurrentThreadId
0x4481b0 GetLogicalDrives
0x4481b4 GetSystemDirectoryW
0x4481b8 GlobalLock
0x4481bc GlobalUnlock
SHELL32.dll
0x4481c4 ShellExecuteW
USER32.dll
0x4481cc CloseClipboard
0x4481d0 FindWindowExW
0x4481d4 GetClipboardData
0x4481d8 GetDC
0x4481dc GetForegroundWindow
0x4481e0 GetSystemMetrics
0x4481e4 GetWindowLongW
0x4481e8 GetWindowThreadProcessId
0x4481ec IsWindowEnabled
0x4481f0 IsWindowVisible
0x4481f4 OpenClipboard
0x4481f8 ReleaseDC
ole32.dll
0x448200 CoCreateInstance
0x448204 CoInitialize
0x448208 CoInitializeSecurity
0x44820c CoSetProxyBlanket
0x448210 CoUninitialize
OLEAUT32.dll
0x448218 SysAllocString
0x44821c SysFreeString
0x448220 VariantClear
0x448224 VariantInit
GDI32.dll
0x44822c BitBlt
0x448230 CreateCompatibleBitmap
0x448234 CreateCompatibleDC
0x448238 DeleteDC
0x44823c DeleteObject
0x448240 GetCurrentObject
0x448244 GetDIBits
0x448248 GetObjectW
0x44824c SelectObject
0x448250 StretchBlt
EAT(Export Address Table) is none