ScreenShot
| Created | 2025.05.03 16:45 | Machine | s1_win7_x6403 |
| Filename | 08IyOOF.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 46 detected (AIDetectMalware, LummaStealer, Malicious, score, trojanpws, lumma, Expiro, Midie, Unsafe, Save, confidence, 100%, Lazy, Attribute, HighConfidence, high confidence, GenKryptik, HIRY, Kryptik@AI, RDML, f5l2BMZv+i, Y5MZ8EVXRFQ, gzdqq, Krypt, Static AI, Suspicious PE, Detected, Wacatac, ABTrojan, WQMY, Vidar, Artemis, Chgt, PE04C9Z, B9nj) | ||
| md5 | 572c2e19fafe6b1bed570c64589deb87 | ||
| sha256 | 69010ed954490a3e7496b24010bc6f6e8cba388701fc0c5a0fc2211948e59fbe | ||
| ssdeep | 24576:PYuste6M3bVFs2fu6fScXO88UXZKXO88UXZ:PULnUjnU | ||
| imphash | b23510932b3d0f63aae2b8be70a1f033 | ||
| impfuzzy | 24:/kWDCelQtWOovbOGMUD1uUvgDWDQyl3LPxQTw07GiJUHYjk:cQC5x361PlhbxQNGJH5 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 46 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14003ce10 CloseHandle
0x14003ce18 CreateFileA
0x14003ce20 CreateFileW
0x14003ce28 CreateThread
0x14003ce30 DeleteCriticalSection
0x14003ce38 EncodePointer
0x14003ce40 EnterCriticalSection
0x14003ce48 ExitProcess
0x14003ce50 FindClose
0x14003ce58 FindFirstFileExW
0x14003ce60 FindNextFileW
0x14003ce68 FlsAlloc
0x14003ce70 FlsFree
0x14003ce78 FlsGetValue
0x14003ce80 FlsSetValue
0x14003ce88 FlushFileBuffers
0x14003ce90 FreeEnvironmentStringsW
0x14003ce98 FreeLibrary
0x14003cea0 GetACP
0x14003cea8 GetCPInfo
0x14003ceb0 GetCommandLineA
0x14003ceb8 GetCommandLineW
0x14003cec0 GetConsoleMode
0x14003cec8 GetConsoleOutputCP
0x14003ced0 GetCurrentProcess
0x14003ced8 GetCurrentProcessId
0x14003cee0 GetCurrentThreadId
0x14003cee8 GetEnvironmentStringsW
0x14003cef0 GetFileSize
0x14003cef8 GetFileSizeEx
0x14003cf00 GetFileType
0x14003cf08 GetLastError
0x14003cf10 GetModuleFileNameW
0x14003cf18 GetModuleHandleA
0x14003cf20 GetModuleHandleExW
0x14003cf28 GetModuleHandleW
0x14003cf30 GetOEMCP
0x14003cf38 GetProcAddress
0x14003cf40 GetProcessHeap
0x14003cf48 GetStartupInfoW
0x14003cf50 GetStdHandle
0x14003cf58 GetStringTypeW
0x14003cf60 GetSystemTimeAsFileTime
0x14003cf68 HeapAlloc
0x14003cf70 HeapFree
0x14003cf78 HeapReAlloc
0x14003cf80 HeapSize
0x14003cf88 InitializeCriticalSectionAndSpinCount
0x14003cf90 InitializeSListHead
0x14003cf98 IsDebuggerPresent
0x14003cfa0 IsProcessorFeaturePresent
0x14003cfa8 IsValidCodePage
0x14003cfb0 LCMapStringW
0x14003cfb8 LeaveCriticalSection
0x14003cfc0 LoadLibraryExW
0x14003cfc8 MultiByteToWideChar
0x14003cfd0 QueryPerformanceCounter
0x14003cfd8 QueryPerformanceFrequency
0x14003cfe0 RaiseException
0x14003cfe8 ReadFile
0x14003cff0 RtlCaptureContext
0x14003cff8 RtlLookupFunctionEntry
0x14003d000 RtlPcToFileHeader
0x14003d008 RtlUnwindEx
0x14003d010 RtlVirtualUnwind
0x14003d018 SetFilePointerEx
0x14003d020 SetLastError
0x14003d028 SetStdHandle
0x14003d030 SetUnhandledExceptionFilter
0x14003d038 Sleep
0x14003d040 TerminateProcess
0x14003d048 TlsAlloc
0x14003d050 TlsFree
0x14003d058 TlsGetValue
0x14003d060 TlsSetValue
0x14003d068 UnhandledExceptionFilter
0x14003d070 WaitForSingleObject
0x14003d078 WideCharToMultiByte
0x14003d080 WriteConsoleW
0x14003d088 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x14003ce10 CloseHandle
0x14003ce18 CreateFileA
0x14003ce20 CreateFileW
0x14003ce28 CreateThread
0x14003ce30 DeleteCriticalSection
0x14003ce38 EncodePointer
0x14003ce40 EnterCriticalSection
0x14003ce48 ExitProcess
0x14003ce50 FindClose
0x14003ce58 FindFirstFileExW
0x14003ce60 FindNextFileW
0x14003ce68 FlsAlloc
0x14003ce70 FlsFree
0x14003ce78 FlsGetValue
0x14003ce80 FlsSetValue
0x14003ce88 FlushFileBuffers
0x14003ce90 FreeEnvironmentStringsW
0x14003ce98 FreeLibrary
0x14003cea0 GetACP
0x14003cea8 GetCPInfo
0x14003ceb0 GetCommandLineA
0x14003ceb8 GetCommandLineW
0x14003cec0 GetConsoleMode
0x14003cec8 GetConsoleOutputCP
0x14003ced0 GetCurrentProcess
0x14003ced8 GetCurrentProcessId
0x14003cee0 GetCurrentThreadId
0x14003cee8 GetEnvironmentStringsW
0x14003cef0 GetFileSize
0x14003cef8 GetFileSizeEx
0x14003cf00 GetFileType
0x14003cf08 GetLastError
0x14003cf10 GetModuleFileNameW
0x14003cf18 GetModuleHandleA
0x14003cf20 GetModuleHandleExW
0x14003cf28 GetModuleHandleW
0x14003cf30 GetOEMCP
0x14003cf38 GetProcAddress
0x14003cf40 GetProcessHeap
0x14003cf48 GetStartupInfoW
0x14003cf50 GetStdHandle
0x14003cf58 GetStringTypeW
0x14003cf60 GetSystemTimeAsFileTime
0x14003cf68 HeapAlloc
0x14003cf70 HeapFree
0x14003cf78 HeapReAlloc
0x14003cf80 HeapSize
0x14003cf88 InitializeCriticalSectionAndSpinCount
0x14003cf90 InitializeSListHead
0x14003cf98 IsDebuggerPresent
0x14003cfa0 IsProcessorFeaturePresent
0x14003cfa8 IsValidCodePage
0x14003cfb0 LCMapStringW
0x14003cfb8 LeaveCriticalSection
0x14003cfc0 LoadLibraryExW
0x14003cfc8 MultiByteToWideChar
0x14003cfd0 QueryPerformanceCounter
0x14003cfd8 QueryPerformanceFrequency
0x14003cfe0 RaiseException
0x14003cfe8 ReadFile
0x14003cff0 RtlCaptureContext
0x14003cff8 RtlLookupFunctionEntry
0x14003d000 RtlPcToFileHeader
0x14003d008 RtlUnwindEx
0x14003d010 RtlVirtualUnwind
0x14003d018 SetFilePointerEx
0x14003d020 SetLastError
0x14003d028 SetStdHandle
0x14003d030 SetUnhandledExceptionFilter
0x14003d038 Sleep
0x14003d040 TerminateProcess
0x14003d048 TlsAlloc
0x14003d050 TlsFree
0x14003d058 TlsGetValue
0x14003d060 TlsSetValue
0x14003d068 UnhandledExceptionFilter
0x14003d070 WaitForSingleObject
0x14003d078 WideCharToMultiByte
0x14003d080 WriteConsoleW
0x14003d088 WriteFile
EAT(Export Address Table) is none