ScreenShot
| Created | 2025.05.04 13:01 | Machine | s1_win7_x6403 |
| Filename | 83a1472d-9e7e-47bd-b9d3-89a476993925 | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (AIDetectMalware, Lumma, Malicious, score, Ghanarava, VirusWinExpiro, Lazy, Unsafe, Kryptik, Vntu, confidence, 100%, GenusT, EVCL, Attribute, HighConfidence, high confidence, MalwareX, Misc, kwrzjb, CLOUD, wbxqu, DarkCloud, LUMMASTEALER, YXFDKZ, Krypt, eyhy, Detected, Sonbokli, Malware@#3745u8krq3jrs, LummaC, NGBH, GenKryptik, R699960, Artemis, TrojanPSW, GdSda, PE04C9Z, Gencirc, aE3t1WrIKlw, susgen, GMWD, GSH2XJC) | ||
| md5 | d7f0c89f533b51abdff6ca7eb5702b0c | ||
| sha256 | 1410c8acf33c1e4ff474c51428c2e10a212fb1ec8ae318abfb285ee81695cbd9 | ||
| ssdeep | 24576:DfaicdIfRzYcu6L8erhI3G9AW6Oal7L8erhI3G9AW6Oal:Dyic4IKlrhI29H6LlrhI29H6 | ||
| imphash | 8d36bf26f0c905ea57ae9a0cd9daeb1f | ||
| impfuzzy | 24:hWs5WDCelQtzOovbOGMUD1uUvgDWDQ7UlnULPxQTRKT07GiJUc8:hW0QC5y361PFJUbxQ/GJc8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140077e58 AcquireSRWLockExclusive
0x140077e60 CloseHandle
0x140077e68 CloseThreadpoolWork
0x140077e70 CreateFileA
0x140077e78 CreateFileW
0x140077e80 CreateThreadpoolWork
0x140077e88 DeleteCriticalSection
0x140077e90 EncodePointer
0x140077e98 EnterCriticalSection
0x140077ea0 ExitProcess
0x140077ea8 FindClose
0x140077eb0 FindFirstFileExW
0x140077eb8 FindNextFileW
0x140077ec0 FlsAlloc
0x140077ec8 FlsFree
0x140077ed0 FlsGetValue
0x140077ed8 FlsSetValue
0x140077ee0 FlushFileBuffers
0x140077ee8 FreeEnvironmentStringsW
0x140077ef0 FreeLibrary
0x140077ef8 FreeLibraryWhenCallbackReturns
0x140077f00 GetACP
0x140077f08 GetCPInfo
0x140077f10 GetCommandLineA
0x140077f18 GetCommandLineW
0x140077f20 GetConsoleMode
0x140077f28 GetConsoleOutputCP
0x140077f30 GetCurrentProcess
0x140077f38 GetCurrentProcessId
0x140077f40 GetCurrentThreadId
0x140077f48 GetEnvironmentStringsW
0x140077f50 GetFileSize
0x140077f58 GetFileSizeEx
0x140077f60 GetFileType
0x140077f68 GetLastError
0x140077f70 GetModuleFileNameW
0x140077f78 GetModuleHandleA
0x140077f80 GetModuleHandleExW
0x140077f88 GetModuleHandleW
0x140077f90 GetOEMCP
0x140077f98 GetProcAddress
0x140077fa0 GetProcessHeap
0x140077fa8 GetStartupInfoW
0x140077fb0 GetStdHandle
0x140077fb8 GetStringTypeW
0x140077fc0 GetSystemTimeAsFileTime
0x140077fc8 HeapAlloc
0x140077fd0 HeapFree
0x140077fd8 HeapReAlloc
0x140077fe0 HeapSize
0x140077fe8 InitOnceBeginInitialize
0x140077ff0 InitOnceComplete
0x140077ff8 InitializeCriticalSectionAndSpinCount
0x140078000 InitializeCriticalSectionEx
0x140078008 InitializeSListHead
0x140078010 IsDebuggerPresent
0x140078018 IsProcessorFeaturePresent
0x140078020 IsValidCodePage
0x140078028 LCMapStringW
0x140078030 LeaveCriticalSection
0x140078038 LoadLibraryExW
0x140078040 MultiByteToWideChar
0x140078048 QueryPerformanceCounter
0x140078050 QueryPerformanceFrequency
0x140078058 RaiseException
0x140078060 ReadFile
0x140078068 ReleaseSRWLockExclusive
0x140078070 RtlCaptureContext
0x140078078 RtlLookupFunctionEntry
0x140078080 RtlPcToFileHeader
0x140078088 RtlUnwindEx
0x140078090 RtlVirtualUnwind
0x140078098 SetFilePointerEx
0x1400780a0 SetLastError
0x1400780a8 SetStdHandle
0x1400780b0 SetUnhandledExceptionFilter
0x1400780b8 Sleep
0x1400780c0 SleepConditionVariableSRW
0x1400780c8 SubmitThreadpoolWork
0x1400780d0 TerminateProcess
0x1400780d8 TlsAlloc
0x1400780e0 TlsFree
0x1400780e8 TlsGetValue
0x1400780f0 TlsSetValue
0x1400780f8 TryAcquireSRWLockExclusive
0x140078100 UnhandledExceptionFilter
0x140078108 WakeAllConditionVariable
0x140078110 WideCharToMultiByte
0x140078118 WriteConsoleW
0x140078120 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x140077e58 AcquireSRWLockExclusive
0x140077e60 CloseHandle
0x140077e68 CloseThreadpoolWork
0x140077e70 CreateFileA
0x140077e78 CreateFileW
0x140077e80 CreateThreadpoolWork
0x140077e88 DeleteCriticalSection
0x140077e90 EncodePointer
0x140077e98 EnterCriticalSection
0x140077ea0 ExitProcess
0x140077ea8 FindClose
0x140077eb0 FindFirstFileExW
0x140077eb8 FindNextFileW
0x140077ec0 FlsAlloc
0x140077ec8 FlsFree
0x140077ed0 FlsGetValue
0x140077ed8 FlsSetValue
0x140077ee0 FlushFileBuffers
0x140077ee8 FreeEnvironmentStringsW
0x140077ef0 FreeLibrary
0x140077ef8 FreeLibraryWhenCallbackReturns
0x140077f00 GetACP
0x140077f08 GetCPInfo
0x140077f10 GetCommandLineA
0x140077f18 GetCommandLineW
0x140077f20 GetConsoleMode
0x140077f28 GetConsoleOutputCP
0x140077f30 GetCurrentProcess
0x140077f38 GetCurrentProcessId
0x140077f40 GetCurrentThreadId
0x140077f48 GetEnvironmentStringsW
0x140077f50 GetFileSize
0x140077f58 GetFileSizeEx
0x140077f60 GetFileType
0x140077f68 GetLastError
0x140077f70 GetModuleFileNameW
0x140077f78 GetModuleHandleA
0x140077f80 GetModuleHandleExW
0x140077f88 GetModuleHandleW
0x140077f90 GetOEMCP
0x140077f98 GetProcAddress
0x140077fa0 GetProcessHeap
0x140077fa8 GetStartupInfoW
0x140077fb0 GetStdHandle
0x140077fb8 GetStringTypeW
0x140077fc0 GetSystemTimeAsFileTime
0x140077fc8 HeapAlloc
0x140077fd0 HeapFree
0x140077fd8 HeapReAlloc
0x140077fe0 HeapSize
0x140077fe8 InitOnceBeginInitialize
0x140077ff0 InitOnceComplete
0x140077ff8 InitializeCriticalSectionAndSpinCount
0x140078000 InitializeCriticalSectionEx
0x140078008 InitializeSListHead
0x140078010 IsDebuggerPresent
0x140078018 IsProcessorFeaturePresent
0x140078020 IsValidCodePage
0x140078028 LCMapStringW
0x140078030 LeaveCriticalSection
0x140078038 LoadLibraryExW
0x140078040 MultiByteToWideChar
0x140078048 QueryPerformanceCounter
0x140078050 QueryPerformanceFrequency
0x140078058 RaiseException
0x140078060 ReadFile
0x140078068 ReleaseSRWLockExclusive
0x140078070 RtlCaptureContext
0x140078078 RtlLookupFunctionEntry
0x140078080 RtlPcToFileHeader
0x140078088 RtlUnwindEx
0x140078090 RtlVirtualUnwind
0x140078098 SetFilePointerEx
0x1400780a0 SetLastError
0x1400780a8 SetStdHandle
0x1400780b0 SetUnhandledExceptionFilter
0x1400780b8 Sleep
0x1400780c0 SleepConditionVariableSRW
0x1400780c8 SubmitThreadpoolWork
0x1400780d0 TerminateProcess
0x1400780d8 TlsAlloc
0x1400780e0 TlsFree
0x1400780e8 TlsGetValue
0x1400780f0 TlsSetValue
0x1400780f8 TryAcquireSRWLockExclusive
0x140078100 UnhandledExceptionFilter
0x140078108 WakeAllConditionVariable
0x140078110 WideCharToMultiByte
0x140078118 WriteConsoleW
0x140078120 WriteFile
EAT(Export Address Table) is none