ScreenShot
| Created | 2025.04.08 09:15 | Machine | s1_win7_x6401 |
| Filename | NlmvJyQ.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (AIDetectMalware, Lumma, Lazy, Ghanarava, Trickbot, Unsafe, Kryptik, Vbv7, malicious, confidence, 100%, Attribute, HighConfidence, high confidence, CrypterX, score, ShellCodeLoader, CLASSIC, Static AI, Suspicious PE, Detected, bucdx, LummaC, ABTrojan, JARF, R699262, Artemis, GdSda, PE04C9V, AT8PHU) | ||
| md5 | c6a119bfd5690fd9740d4b0ceda18c46 | ||
| sha256 | 9d2adad9a2ce99316677b5133953f620720286d5820c0d54adb610ddb71cb8bd | ||
| ssdeep | 12288:SLz2g5eVQ9bgzo0y900DK/OiU0av3OSkWdlK8c3MIpr4NT:gz/5eVP2XiUCRWdw86Mz | ||
| imphash | d7df155ab6f6974888ad50c6d9e3480f | ||
| impfuzzy | 24:hWnkWDCQlQtyOovbOGMUD1ulvg0WDQyl3LPOTRKT07GiJUGYjz:hWkQC3l3612ihbO/GJGC | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140045f48 AcquireSRWLockExclusive
0x140045f50 CloseHandle
0x140045f58 CreateFileA
0x140045f60 CreateFileW
0x140045f68 CreateThread
0x140045f70 DeleteCriticalSection
0x140045f78 EncodePointer
0x140045f80 EnterCriticalSection
0x140045f88 ExitProcess
0x140045f90 ExitThread
0x140045f98 FindClose
0x140045fa0 FindFirstFileExW
0x140045fa8 FindNextFileW
0x140045fb0 FlsAlloc
0x140045fb8 FlsFree
0x140045fc0 FlsGetValue
0x140045fc8 FlsSetValue
0x140045fd0 FlushFileBuffers
0x140045fd8 FreeEnvironmentStringsW
0x140045fe0 FreeLibrary
0x140045fe8 FreeLibraryAndExitThread
0x140045ff0 GetACP
0x140045ff8 GetCPInfo
0x140046000 GetCommandLineA
0x140046008 GetCommandLineW
0x140046010 GetConsoleMode
0x140046018 GetConsoleOutputCP
0x140046020 GetCurrentProcess
0x140046028 GetCurrentProcessId
0x140046030 GetCurrentThreadId
0x140046038 GetEnvironmentStringsW
0x140046040 GetExitCodeThread
0x140046048 GetFileSize
0x140046050 GetFileSizeEx
0x140046058 GetFileType
0x140046060 GetLastError
0x140046068 GetModuleFileNameA
0x140046070 GetModuleFileNameW
0x140046078 GetModuleHandleExW
0x140046080 GetModuleHandleW
0x140046088 GetOEMCP
0x140046090 GetProcAddress
0x140046098 GetProcessHeap
0x1400460a0 GetStartupInfoW
0x1400460a8 GetStdHandle
0x1400460b0 GetStringTypeW
0x1400460b8 GetSystemTimeAsFileTime
0x1400460c0 HeapAlloc
0x1400460c8 HeapFree
0x1400460d0 HeapReAlloc
0x1400460d8 HeapSize
0x1400460e0 InitializeCriticalSectionAndSpinCount
0x1400460e8 InitializeSListHead
0x1400460f0 IsDebuggerPresent
0x1400460f8 IsProcessorFeaturePresent
0x140046100 IsValidCodePage
0x140046108 LCMapStringW
0x140046110 LeaveCriticalSection
0x140046118 LoadLibraryExW
0x140046120 MultiByteToWideChar
0x140046128 QueryPerformanceCounter
0x140046130 RaiseException
0x140046138 ReadFile
0x140046140 ReleaseSRWLockExclusive
0x140046148 RtlCaptureContext
0x140046150 RtlLookupFunctionEntry
0x140046158 RtlPcToFileHeader
0x140046160 RtlUnwindEx
0x140046168 RtlVirtualUnwind
0x140046170 SetFilePointerEx
0x140046178 SetLastError
0x140046180 SetStdHandle
0x140046188 SetUnhandledExceptionFilter
0x140046190 TerminateProcess
0x140046198 TlsAlloc
0x1400461a0 TlsFree
0x1400461a8 TlsGetValue
0x1400461b0 TlsSetValue
0x1400461b8 TryAcquireSRWLockExclusive
0x1400461c0 UnhandledExceptionFilter
0x1400461c8 WaitForSingleObjectEx
0x1400461d0 WakeAllConditionVariable
0x1400461d8 WideCharToMultiByte
0x1400461e0 WriteConsoleW
0x1400461e8 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x140045f48 AcquireSRWLockExclusive
0x140045f50 CloseHandle
0x140045f58 CreateFileA
0x140045f60 CreateFileW
0x140045f68 CreateThread
0x140045f70 DeleteCriticalSection
0x140045f78 EncodePointer
0x140045f80 EnterCriticalSection
0x140045f88 ExitProcess
0x140045f90 ExitThread
0x140045f98 FindClose
0x140045fa0 FindFirstFileExW
0x140045fa8 FindNextFileW
0x140045fb0 FlsAlloc
0x140045fb8 FlsFree
0x140045fc0 FlsGetValue
0x140045fc8 FlsSetValue
0x140045fd0 FlushFileBuffers
0x140045fd8 FreeEnvironmentStringsW
0x140045fe0 FreeLibrary
0x140045fe8 FreeLibraryAndExitThread
0x140045ff0 GetACP
0x140045ff8 GetCPInfo
0x140046000 GetCommandLineA
0x140046008 GetCommandLineW
0x140046010 GetConsoleMode
0x140046018 GetConsoleOutputCP
0x140046020 GetCurrentProcess
0x140046028 GetCurrentProcessId
0x140046030 GetCurrentThreadId
0x140046038 GetEnvironmentStringsW
0x140046040 GetExitCodeThread
0x140046048 GetFileSize
0x140046050 GetFileSizeEx
0x140046058 GetFileType
0x140046060 GetLastError
0x140046068 GetModuleFileNameA
0x140046070 GetModuleFileNameW
0x140046078 GetModuleHandleExW
0x140046080 GetModuleHandleW
0x140046088 GetOEMCP
0x140046090 GetProcAddress
0x140046098 GetProcessHeap
0x1400460a0 GetStartupInfoW
0x1400460a8 GetStdHandle
0x1400460b0 GetStringTypeW
0x1400460b8 GetSystemTimeAsFileTime
0x1400460c0 HeapAlloc
0x1400460c8 HeapFree
0x1400460d0 HeapReAlloc
0x1400460d8 HeapSize
0x1400460e0 InitializeCriticalSectionAndSpinCount
0x1400460e8 InitializeSListHead
0x1400460f0 IsDebuggerPresent
0x1400460f8 IsProcessorFeaturePresent
0x140046100 IsValidCodePage
0x140046108 LCMapStringW
0x140046110 LeaveCriticalSection
0x140046118 LoadLibraryExW
0x140046120 MultiByteToWideChar
0x140046128 QueryPerformanceCounter
0x140046130 RaiseException
0x140046138 ReadFile
0x140046140 ReleaseSRWLockExclusive
0x140046148 RtlCaptureContext
0x140046150 RtlLookupFunctionEntry
0x140046158 RtlPcToFileHeader
0x140046160 RtlUnwindEx
0x140046168 RtlVirtualUnwind
0x140046170 SetFilePointerEx
0x140046178 SetLastError
0x140046180 SetStdHandle
0x140046188 SetUnhandledExceptionFilter
0x140046190 TerminateProcess
0x140046198 TlsAlloc
0x1400461a0 TlsFree
0x1400461a8 TlsGetValue
0x1400461b0 TlsSetValue
0x1400461b8 TryAcquireSRWLockExclusive
0x1400461c0 UnhandledExceptionFilter
0x1400461c8 WaitForSingleObjectEx
0x1400461d0 WakeAllConditionVariable
0x1400461d8 WideCharToMultiByte
0x1400461e0 WriteConsoleW
0x1400461e8 WriteFile
EAT(Export Address Table) is none