ScreenShot
| Created | 2025.02.26 09:55 | Machine | s1_win7_x6401 |
| Filename | RHPLumH.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 32 detected (AIDetectMalware, InjectorNetT, Ghanarava, Artemis, Unsafe, Save, malicious, confidence, Attribute, HighConfidence, high confidence, AdwareX, Kryptik@AI, RDML, EZsdWXqbrWE0Qq0, rROR2A, AMADEY, YXFBYZ, Real Protect, Detected, Conteban, XWorm, Caynamer, 2PQSRR, ABTrojan, YFNA, LummaStealer, PossibleThreat) | ||
| md5 | 8d0868398de40e6e16a7c541f07e5e09 | ||
| sha256 | d3477c131aada6b4af6ac738bc3d2d08785d5b8c981e92e621013b4653c651bb | ||
| ssdeep | 49152:H2LAgJxIJTN03QaiX1OOM2b9Ndt9NdtvcA:fAIpN039q1OOM24 | ||
| imphash | 7f5d02e6abebd0d8fd2c86baaf35ed61 | ||
| impfuzzy | 24:hD8uPBcpVWcfS1jtdhlJBlmroehvuZ6GMAkpOovbOPZ+AFw1:CwBcpV5fS1jtdnE9uZb3oAFE | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x70e00c LocalFree
0x70e010 GetProcAddress
0x70e014 HeapSize
0x70e018 GetProcessHeap
0x70e01c SetStdHandle
0x70e020 FreeLibrary
0x70e024 CreateFileW
0x70e028 LoadLibraryA
0x70e02c WideCharToMultiByte
0x70e030 RaiseException
0x70e034 EnterCriticalSection
0x70e038 LeaveCriticalSection
0x70e03c InitializeCriticalSectionEx
0x70e040 DeleteCriticalSection
0x70e044 EncodePointer
0x70e048 DecodePointer
0x70e04c MultiByteToWideChar
0x70e050 LCMapStringEx
0x70e054 GetStringTypeW
0x70e058 GetCPInfo
0x70e05c IsProcessorFeaturePresent
0x70e060 QueryPerformanceCounter
0x70e064 GetCurrentProcessId
0x70e068 GetCurrentThreadId
0x70e06c GetSystemTimeAsFileTime
0x70e070 InitializeSListHead
0x70e074 IsDebuggerPresent
0x70e078 UnhandledExceptionFilter
0x70e07c SetUnhandledExceptionFilter
0x70e080 GetStartupInfoW
0x70e084 GetModuleHandleW
0x70e088 GetCurrentProcess
0x70e08c TerminateProcess
0x70e090 RtlUnwind
0x70e094 GetLastError
0x70e098 SetLastError
0x70e09c InitializeCriticalSectionAndSpinCount
0x70e0a0 TlsAlloc
0x70e0a4 TlsGetValue
0x70e0a8 TlsSetValue
0x70e0ac TlsFree
0x70e0b0 LoadLibraryExW
0x70e0b4 ExitProcess
0x70e0b8 GetModuleHandleExW
0x70e0bc GetStdHandle
0x70e0c0 WriteFile
0x70e0c4 GetModuleFileNameW
0x70e0c8 HeapFree
0x70e0cc HeapAlloc
0x70e0d0 GetFileType
0x70e0d4 LCMapStringW
0x70e0d8 GetLocaleInfoW
0x70e0dc IsValidLocale
0x70e0e0 GetUserDefaultLCID
0x70e0e4 EnumSystemLocalesW
0x70e0e8 CloseHandle
0x70e0ec FlushFileBuffers
0x70e0f0 GetConsoleOutputCP
0x70e0f4 GetConsoleMode
0x70e0f8 ReadFile
0x70e0fc GetFileSizeEx
0x70e100 SetFilePointerEx
0x70e104 ReadConsoleW
0x70e108 HeapReAlloc
0x70e10c FindClose
0x70e110 FindFirstFileExW
0x70e114 FindNextFileW
0x70e118 IsValidCodePage
0x70e11c GetACP
0x70e120 GetOEMCP
0x70e124 GetCommandLineA
0x70e128 GetCommandLineW
0x70e12c GetEnvironmentStringsW
0x70e130 FreeEnvironmentStringsW
0x70e134 WriteConsoleW
USER32.dll
0x70e13c GetSystemMetrics
0x70e140 MessageBoxA
ADVAPI32.dll
0x70e000 AllocateAndInitializeSid
0x70e004 FreeSid
EAT(Export Address Table) is none
KERNEL32.dll
0x70e00c LocalFree
0x70e010 GetProcAddress
0x70e014 HeapSize
0x70e018 GetProcessHeap
0x70e01c SetStdHandle
0x70e020 FreeLibrary
0x70e024 CreateFileW
0x70e028 LoadLibraryA
0x70e02c WideCharToMultiByte
0x70e030 RaiseException
0x70e034 EnterCriticalSection
0x70e038 LeaveCriticalSection
0x70e03c InitializeCriticalSectionEx
0x70e040 DeleteCriticalSection
0x70e044 EncodePointer
0x70e048 DecodePointer
0x70e04c MultiByteToWideChar
0x70e050 LCMapStringEx
0x70e054 GetStringTypeW
0x70e058 GetCPInfo
0x70e05c IsProcessorFeaturePresent
0x70e060 QueryPerformanceCounter
0x70e064 GetCurrentProcessId
0x70e068 GetCurrentThreadId
0x70e06c GetSystemTimeAsFileTime
0x70e070 InitializeSListHead
0x70e074 IsDebuggerPresent
0x70e078 UnhandledExceptionFilter
0x70e07c SetUnhandledExceptionFilter
0x70e080 GetStartupInfoW
0x70e084 GetModuleHandleW
0x70e088 GetCurrentProcess
0x70e08c TerminateProcess
0x70e090 RtlUnwind
0x70e094 GetLastError
0x70e098 SetLastError
0x70e09c InitializeCriticalSectionAndSpinCount
0x70e0a0 TlsAlloc
0x70e0a4 TlsGetValue
0x70e0a8 TlsSetValue
0x70e0ac TlsFree
0x70e0b0 LoadLibraryExW
0x70e0b4 ExitProcess
0x70e0b8 GetModuleHandleExW
0x70e0bc GetStdHandle
0x70e0c0 WriteFile
0x70e0c4 GetModuleFileNameW
0x70e0c8 HeapFree
0x70e0cc HeapAlloc
0x70e0d0 GetFileType
0x70e0d4 LCMapStringW
0x70e0d8 GetLocaleInfoW
0x70e0dc IsValidLocale
0x70e0e0 GetUserDefaultLCID
0x70e0e4 EnumSystemLocalesW
0x70e0e8 CloseHandle
0x70e0ec FlushFileBuffers
0x70e0f0 GetConsoleOutputCP
0x70e0f4 GetConsoleMode
0x70e0f8 ReadFile
0x70e0fc GetFileSizeEx
0x70e100 SetFilePointerEx
0x70e104 ReadConsoleW
0x70e108 HeapReAlloc
0x70e10c FindClose
0x70e110 FindFirstFileExW
0x70e114 FindNextFileW
0x70e118 IsValidCodePage
0x70e11c GetACP
0x70e120 GetOEMCP
0x70e124 GetCommandLineA
0x70e128 GetCommandLineW
0x70e12c GetEnvironmentStringsW
0x70e130 FreeEnvironmentStringsW
0x70e134 WriteConsoleW
USER32.dll
0x70e13c GetSystemMetrics
0x70e140 MessageBoxA
ADVAPI32.dll
0x70e000 AllocateAndInitializeSid
0x70e004 FreeSid
EAT(Export Address Table) is none