ScreenShot
| Created | 2025.02.11 11:15 | Machine | s1_win7_x6401 |
| Filename | jonbDes.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 57 detected (AIDetectMalware, Lumma, Malicious, score, Ghanarava, Unsafe, Mint, Zard, Abym, confidence, 100%, GenusT, EOIG, Windows, LummaStealer, SpywareX, TrojanPSW, ccmw, 4GhwlW5QpOO, XPACK, Real Protect, high, Static AI, Suspicious PE, Detected, Phonzy, Znyonm, 15BKZS7, ABTrojan, VLFI, Artemis, BScope, Genetic, Gencirc, lwgJVFqbLw4, susgen) | ||
| md5 | f071beebff0bcff843395dc61a8d53c8 | ||
| sha256 | 0d89d83e0840155d3a4ceca1d514e92d9af14074be53abc541f80b6af3b0ceec | ||
| ssdeep | 6144:FWcsLT13/q0k/P5y6RJO6UtRtmh9e1O6B2kv4imqGG88W6:FWceB/qzP51XO6UtTa4kqkQ | ||
| imphash | 91337f60852c26b115ac76038a4d79fd | ||
| impfuzzy | 24:tAY1utlZ4izFk/wh39Uk9wxzT7B1EQ4ED:WY14lZ40Fk/h5oQD | ||
Network IP location
Signature (1cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 57 AntiVirus engines on VirusTotal as malicious |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | lumma_Stealer | Lumma Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x449d1c CreateThread
0x449d20 ExitProcess
0x449d24 GetCurrentProcessId
0x449d28 GetCurrentThreadId
0x449d2c GetExitCodeProcess
0x449d30 GlobalLock
0x449d34 GlobalUnlock
SHELL32.dll
0x449d3c SHGetFileInfoW
0x449d40 SHGetSpecialFolderPathW
USER32.dll
0x449d48 CloseClipboard
0x449d4c GetClipboardData
0x449d50 GetDC
0x449d54 GetForegroundWindow
0x449d58 GetSystemMetrics
0x449d5c GetWindowLongW
0x449d60 OpenClipboard
0x449d64 ReleaseDC
GDI32.dll
0x449d6c BitBlt
0x449d70 CreateCompatibleBitmap
0x449d74 CreateCompatibleDC
0x449d78 CreateDIBSection
0x449d7c DeleteDC
0x449d80 DeleteObject
0x449d84 GetCurrentObject
0x449d88 GetDIBits
0x449d8c GetObjectW
0x449d90 SelectObject
ole32.dll
0x449d98 CoCreateInstance
0x449d9c CoInitializeEx
0x449da0 CoInitializeSecurity
0x449da4 CoSetProxyBlanket
0x449da8 CoTaskMemAlloc
0x449dac CoTaskMemFree
0x449db0 CoUninitialize
OLEAUT32.dll
0x449db8 SysAllocString
0x449dbc SysAllocStringLen
0x449dc0 SysFreeString
0x449dc4 VariantClear
0x449dc8 VariantInit
EAT(Export Address Table) is none
KERNEL32.dll
0x449d1c CreateThread
0x449d20 ExitProcess
0x449d24 GetCurrentProcessId
0x449d28 GetCurrentThreadId
0x449d2c GetExitCodeProcess
0x449d30 GlobalLock
0x449d34 GlobalUnlock
SHELL32.dll
0x449d3c SHGetFileInfoW
0x449d40 SHGetSpecialFolderPathW
USER32.dll
0x449d48 CloseClipboard
0x449d4c GetClipboardData
0x449d50 GetDC
0x449d54 GetForegroundWindow
0x449d58 GetSystemMetrics
0x449d5c GetWindowLongW
0x449d60 OpenClipboard
0x449d64 ReleaseDC
GDI32.dll
0x449d6c BitBlt
0x449d70 CreateCompatibleBitmap
0x449d74 CreateCompatibleDC
0x449d78 CreateDIBSection
0x449d7c DeleteDC
0x449d80 DeleteObject
0x449d84 GetCurrentObject
0x449d88 GetDIBits
0x449d8c GetObjectW
0x449d90 SelectObject
ole32.dll
0x449d98 CoCreateInstance
0x449d9c CoInitializeEx
0x449da0 CoInitializeSecurity
0x449da4 CoSetProxyBlanket
0x449da8 CoTaskMemAlloc
0x449dac CoTaskMemFree
0x449db0 CoUninitialize
OLEAUT32.dll
0x449db8 SysAllocString
0x449dbc SysAllocStringLen
0x449dc0 SysFreeString
0x449dc4 VariantClear
0x449dc8 VariantInit
EAT(Export Address Table) is none