ScreenShot
| Created | 2025.05.04 12:48 | Machine | s1_win7_x6403 |
| Filename | bbb93408-47df-4f4a-804c-3eaf3ace1ba7 | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (Common, Lumma, Malicious, score, Ghanarava, VirusWinExpiro, Lazy, Unsafe, Save, confidence, 100%, GenusT, EVLI, Attribute, HighConfidence, high confidence, Kryptik, MalwareX, Misc, TrojanPSW, ShellCodeLoader, CLASSIC, rztue, DarkCloud, GenKryptik, AMADEY, YXFDNZ, Krypt, Detected, Malware@#1d9lk7ct9mfaz, LummaC, R700157, Artemis, GdSda, PE04C9Z, Lummastealer, Wm69qn7NSv0, susgen, HIDQ, GYH2XJC) | ||
| md5 | 1b5112e140ac0198d1b372c364c40eea | ||
| sha256 | 5bca93120244ae288480d720109bdb58928cfb4737d8a1c76c1d6f0428372ded | ||
| ssdeep | 24576:rFtBhmrPJpYSHCLuc/NQXzwX6pYPq50IIyXzwX6pYPq50II:xfo6NfXMYPqEXMYPq | ||
| imphash | a898adc0428740dd4fad8431feafaf7a | ||
| impfuzzy | 24:hWsWWDoelQtzOovbOGMUD1uUvgkWDpZW7UlnjBLPxQXRKT07GyiJUc8:hWhQo5y361PMZhJjBbxQrGyJc8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400c6090 AcquireSRWLockExclusive
0x1400c6098 CloseHandle
0x1400c60a0 CloseThreadpoolWork
0x1400c60a8 CreateFileA
0x1400c60b0 CreateFileW
0x1400c60b8 CreateThreadpoolWork
0x1400c60c0 DecodePointer
0x1400c60c8 DeleteCriticalSection
0x1400c60d0 EncodePointer
0x1400c60d8 EnterCriticalSection
0x1400c60e0 EnumSystemLocalesW
0x1400c60e8 ExitProcess
0x1400c60f0 FindClose
0x1400c60f8 FindFirstFileExW
0x1400c6100 FindNextFileW
0x1400c6108 FlsAlloc
0x1400c6110 FlsFree
0x1400c6118 FlsGetValue
0x1400c6120 FlsSetValue
0x1400c6128 FlushFileBuffers
0x1400c6130 FreeEnvironmentStringsW
0x1400c6138 FreeLibrary
0x1400c6140 FreeLibraryWhenCallbackReturns
0x1400c6148 GetACP
0x1400c6150 GetCPInfo
0x1400c6158 GetCommandLineA
0x1400c6160 GetCommandLineW
0x1400c6168 GetConsoleMode
0x1400c6170 GetConsoleOutputCP
0x1400c6178 GetCurrentProcess
0x1400c6180 GetCurrentProcessId
0x1400c6188 GetCurrentThreadId
0x1400c6190 GetEnvironmentStringsW
0x1400c6198 GetFileSize
0x1400c61a0 GetFileSizeEx
0x1400c61a8 GetFileType
0x1400c61b0 GetLastError
0x1400c61b8 GetLocaleInfoW
0x1400c61c0 GetModuleFileNameW
0x1400c61c8 GetModuleHandleA
0x1400c61d0 GetModuleHandleExW
0x1400c61d8 GetModuleHandleW
0x1400c61e0 GetOEMCP
0x1400c61e8 GetProcAddress
0x1400c61f0 GetProcessHeap
0x1400c61f8 GetStartupInfoW
0x1400c6200 GetStdHandle
0x1400c6208 GetStringTypeW
0x1400c6210 GetSystemTimeAsFileTime
0x1400c6218 GetUserDefaultLCID
0x1400c6220 HeapAlloc
0x1400c6228 HeapFree
0x1400c6230 HeapReAlloc
0x1400c6238 HeapSize
0x1400c6240 InitOnceBeginInitialize
0x1400c6248 InitOnceComplete
0x1400c6250 InitializeCriticalSectionAndSpinCount
0x1400c6258 InitializeCriticalSectionEx
0x1400c6260 InitializeSListHead
0x1400c6268 IsDebuggerPresent
0x1400c6270 IsProcessorFeaturePresent
0x1400c6278 IsValidCodePage
0x1400c6280 IsValidLocale
0x1400c6288 LCMapStringEx
0x1400c6290 LCMapStringW
0x1400c6298 LeaveCriticalSection
0x1400c62a0 LoadLibraryExW
0x1400c62a8 MultiByteToWideChar
0x1400c62b0 QueryPerformanceCounter
0x1400c62b8 QueryPerformanceFrequency
0x1400c62c0 RaiseException
0x1400c62c8 ReadConsoleW
0x1400c62d0 ReadFile
0x1400c62d8 ReleaseSRWLockExclusive
0x1400c62e0 RtlCaptureContext
0x1400c62e8 RtlLookupFunctionEntry
0x1400c62f0 RtlPcToFileHeader
0x1400c62f8 RtlUnwind
0x1400c6300 RtlUnwindEx
0x1400c6308 RtlVirtualUnwind
0x1400c6310 SetFilePointerEx
0x1400c6318 SetLastError
0x1400c6320 SetStdHandle
0x1400c6328 SetUnhandledExceptionFilter
0x1400c6330 Sleep
0x1400c6338 SleepConditionVariableSRW
0x1400c6340 SubmitThreadpoolWork
0x1400c6348 TerminateProcess
0x1400c6350 TlsAlloc
0x1400c6358 TlsFree
0x1400c6360 TlsGetValue
0x1400c6368 TlsSetValue
0x1400c6370 TryAcquireSRWLockExclusive
0x1400c6378 UnhandledExceptionFilter
0x1400c6380 WakeAllConditionVariable
0x1400c6388 WideCharToMultiByte
0x1400c6390 WriteConsoleW
0x1400c6398 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x1400c6090 AcquireSRWLockExclusive
0x1400c6098 CloseHandle
0x1400c60a0 CloseThreadpoolWork
0x1400c60a8 CreateFileA
0x1400c60b0 CreateFileW
0x1400c60b8 CreateThreadpoolWork
0x1400c60c0 DecodePointer
0x1400c60c8 DeleteCriticalSection
0x1400c60d0 EncodePointer
0x1400c60d8 EnterCriticalSection
0x1400c60e0 EnumSystemLocalesW
0x1400c60e8 ExitProcess
0x1400c60f0 FindClose
0x1400c60f8 FindFirstFileExW
0x1400c6100 FindNextFileW
0x1400c6108 FlsAlloc
0x1400c6110 FlsFree
0x1400c6118 FlsGetValue
0x1400c6120 FlsSetValue
0x1400c6128 FlushFileBuffers
0x1400c6130 FreeEnvironmentStringsW
0x1400c6138 FreeLibrary
0x1400c6140 FreeLibraryWhenCallbackReturns
0x1400c6148 GetACP
0x1400c6150 GetCPInfo
0x1400c6158 GetCommandLineA
0x1400c6160 GetCommandLineW
0x1400c6168 GetConsoleMode
0x1400c6170 GetConsoleOutputCP
0x1400c6178 GetCurrentProcess
0x1400c6180 GetCurrentProcessId
0x1400c6188 GetCurrentThreadId
0x1400c6190 GetEnvironmentStringsW
0x1400c6198 GetFileSize
0x1400c61a0 GetFileSizeEx
0x1400c61a8 GetFileType
0x1400c61b0 GetLastError
0x1400c61b8 GetLocaleInfoW
0x1400c61c0 GetModuleFileNameW
0x1400c61c8 GetModuleHandleA
0x1400c61d0 GetModuleHandleExW
0x1400c61d8 GetModuleHandleW
0x1400c61e0 GetOEMCP
0x1400c61e8 GetProcAddress
0x1400c61f0 GetProcessHeap
0x1400c61f8 GetStartupInfoW
0x1400c6200 GetStdHandle
0x1400c6208 GetStringTypeW
0x1400c6210 GetSystemTimeAsFileTime
0x1400c6218 GetUserDefaultLCID
0x1400c6220 HeapAlloc
0x1400c6228 HeapFree
0x1400c6230 HeapReAlloc
0x1400c6238 HeapSize
0x1400c6240 InitOnceBeginInitialize
0x1400c6248 InitOnceComplete
0x1400c6250 InitializeCriticalSectionAndSpinCount
0x1400c6258 InitializeCriticalSectionEx
0x1400c6260 InitializeSListHead
0x1400c6268 IsDebuggerPresent
0x1400c6270 IsProcessorFeaturePresent
0x1400c6278 IsValidCodePage
0x1400c6280 IsValidLocale
0x1400c6288 LCMapStringEx
0x1400c6290 LCMapStringW
0x1400c6298 LeaveCriticalSection
0x1400c62a0 LoadLibraryExW
0x1400c62a8 MultiByteToWideChar
0x1400c62b0 QueryPerformanceCounter
0x1400c62b8 QueryPerformanceFrequency
0x1400c62c0 RaiseException
0x1400c62c8 ReadConsoleW
0x1400c62d0 ReadFile
0x1400c62d8 ReleaseSRWLockExclusive
0x1400c62e0 RtlCaptureContext
0x1400c62e8 RtlLookupFunctionEntry
0x1400c62f0 RtlPcToFileHeader
0x1400c62f8 RtlUnwind
0x1400c6300 RtlUnwindEx
0x1400c6308 RtlVirtualUnwind
0x1400c6310 SetFilePointerEx
0x1400c6318 SetLastError
0x1400c6320 SetStdHandle
0x1400c6328 SetUnhandledExceptionFilter
0x1400c6330 Sleep
0x1400c6338 SleepConditionVariableSRW
0x1400c6340 SubmitThreadpoolWork
0x1400c6348 TerminateProcess
0x1400c6350 TlsAlloc
0x1400c6358 TlsFree
0x1400c6360 TlsGetValue
0x1400c6368 TlsSetValue
0x1400c6370 TryAcquireSRWLockExclusive
0x1400c6378 UnhandledExceptionFilter
0x1400c6380 WakeAllConditionVariable
0x1400c6388 WideCharToMultiByte
0x1400c6390 WriteConsoleW
0x1400c6398 WriteFile
EAT(Export Address Table) is none