ScreenShot
| Created | 2025.02.19 12:09 | Machine | s1_win7_x6403 |
| Filename | DTQCxXZ.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | |||
| md5 | 5cd741616410effcd71b9c0286292ab9 | ||
| sha256 | 4411bda3e930ffbe7fb100c2cba4c2a2833f6066e5f1a36b347fa26a82279505 | ||
| ssdeep | 6144:Q786X0fUr1YTHCgMS1IcNx4FsnN+1qC2BwSl1GWvwvgEpqXJLJDe2h:Q78OrWTESmcNxYsN+YppvMgECx | ||
| imphash | 35db7f4cbd35dcde15ade987b4775371 | ||
| impfuzzy | 24:tAY1utlZ4izFL/wh39Uk9wxGT7B1EQ4ED:WY14lZ40FL/h5zQD | ||
Network IP location
Signature (0cnts)
| Level | Description |
|---|
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | lumma_Stealer | Lumma Stealer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44ad9c CreateThread
0x44ada0 ExitProcess
0x44ada4 GetCurrentProcessId
0x44ada8 GetCurrentThreadId
0x44adac GetExitCodeProcess
0x44adb0 GlobalLock
0x44adb4 GlobalUnlock
SHELL32.dll
0x44adbc SHGetFileInfoW
0x44adc0 SHGetSpecialFolderPathW
USER32.dll
0x44adc8 CloseClipboard
0x44adcc GetClipboardData
0x44add0 GetDC
0x44add4 GetForegroundWindow
0x44add8 GetSystemMetrics
0x44addc GetWindowRect
0x44ade0 OpenClipboard
0x44ade4 ReleaseDC
GDI32.dll
0x44adec BitBlt
0x44adf0 CreateCompatibleBitmap
0x44adf4 CreateCompatibleDC
0x44adf8 CreateDIBSection
0x44adfc DeleteDC
0x44ae00 DeleteObject
0x44ae04 GetCurrentObject
0x44ae08 GetDIBits
0x44ae0c GetObjectW
0x44ae10 SelectObject
ole32.dll
0x44ae18 CoCreateInstance
0x44ae1c CoInitialize
0x44ae20 CoInitializeSecurity
0x44ae24 CoSetProxyBlanket
0x44ae28 CoTaskMemAlloc
0x44ae2c CoTaskMemFree
0x44ae30 CoUninitialize
OLEAUT32.dll
0x44ae38 SysAllocString
0x44ae3c SysAllocStringLen
0x44ae40 SysFreeString
0x44ae44 VariantClear
0x44ae48 VariantInit
EAT(Export Address Table) is none
KERNEL32.dll
0x44ad9c CreateThread
0x44ada0 ExitProcess
0x44ada4 GetCurrentProcessId
0x44ada8 GetCurrentThreadId
0x44adac GetExitCodeProcess
0x44adb0 GlobalLock
0x44adb4 GlobalUnlock
SHELL32.dll
0x44adbc SHGetFileInfoW
0x44adc0 SHGetSpecialFolderPathW
USER32.dll
0x44adc8 CloseClipboard
0x44adcc GetClipboardData
0x44add0 GetDC
0x44add4 GetForegroundWindow
0x44add8 GetSystemMetrics
0x44addc GetWindowRect
0x44ade0 OpenClipboard
0x44ade4 ReleaseDC
GDI32.dll
0x44adec BitBlt
0x44adf0 CreateCompatibleBitmap
0x44adf4 CreateCompatibleDC
0x44adf8 CreateDIBSection
0x44adfc DeleteDC
0x44ae00 DeleteObject
0x44ae04 GetCurrentObject
0x44ae08 GetDIBits
0x44ae0c GetObjectW
0x44ae10 SelectObject
ole32.dll
0x44ae18 CoCreateInstance
0x44ae1c CoInitialize
0x44ae20 CoInitializeSecurity
0x44ae24 CoSetProxyBlanket
0x44ae28 CoTaskMemAlloc
0x44ae2c CoTaskMemFree
0x44ae30 CoUninitialize
OLEAUT32.dll
0x44ae38 SysAllocString
0x44ae3c SysAllocStringLen
0x44ae40 SysFreeString
0x44ae44 VariantClear
0x44ae48 VariantInit
EAT(Export Address Table) is none