ScreenShot
| Created | 2025.05.04 12:44 | Machine | s1_win7_x6401 |
| Filename | 44eed8d4-5207-493c-85f8-25e64148dc0c | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 56 detected (AIDetectMalware, Krypt, Malicious, score, Ghanarava, Suspect, Lazy, Unsafe, Save, confidence, 100%, GenusT, EVVK, Attribute, HighConfidence, high confidence, Kryptik, MalwareX, Cryp, Lumma, GenKryptik, LummaStealer, wtFsuAm2TiB, dculb, AMADEY, YXFDOZ, Detected, GrayWare, Wacapew, Malware@#26lpr2uv81g44, LummaC, ABTrojan, BHBH, R700376, Artemis, TrojanPSW, GdSda, PE04C9Z, Gencirc, 68CqTkGrJSY, susgen, Behavior, Sabsik) | ||
| md5 | 54e012b7bf090c3014cd59aef607d77d | ||
| sha256 | e9b837cd0778399ecd8f4d287c34fbf86fe77e1a1288077c842f6b183576ff11 | ||
| ssdeep | 24576:9JVZ5U/gvMH5AhowOnRqUKkYW10Z0Y3ULgQbE9dMY3ULgQbE9d:9JVZ5U/gvMHqowOnRNYW1+0tJt | ||
| imphash | a898adc0428740dd4fad8431feafaf7a | ||
| impfuzzy | 24:hWsWWDoelQtzOovbOGMUD1uUvgkWDpZW7UlnjBLPxQXRKT07GyiJUc8:hWhQo5y361PMZhJjBbxQrGyJc8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400f06a0 AcquireSRWLockExclusive
0x1400f06a8 CloseHandle
0x1400f06b0 CloseThreadpoolWork
0x1400f06b8 CreateFileA
0x1400f06c0 CreateFileW
0x1400f06c8 CreateThreadpoolWork
0x1400f06d0 DecodePointer
0x1400f06d8 DeleteCriticalSection
0x1400f06e0 EncodePointer
0x1400f06e8 EnterCriticalSection
0x1400f06f0 EnumSystemLocalesW
0x1400f06f8 ExitProcess
0x1400f0700 FindClose
0x1400f0708 FindFirstFileExW
0x1400f0710 FindNextFileW
0x1400f0718 FlsAlloc
0x1400f0720 FlsFree
0x1400f0728 FlsGetValue
0x1400f0730 FlsSetValue
0x1400f0738 FlushFileBuffers
0x1400f0740 FreeEnvironmentStringsW
0x1400f0748 FreeLibrary
0x1400f0750 FreeLibraryWhenCallbackReturns
0x1400f0758 GetACP
0x1400f0760 GetCPInfo
0x1400f0768 GetCommandLineA
0x1400f0770 GetCommandLineW
0x1400f0778 GetConsoleMode
0x1400f0780 GetConsoleOutputCP
0x1400f0788 GetCurrentProcess
0x1400f0790 GetCurrentProcessId
0x1400f0798 GetCurrentThreadId
0x1400f07a0 GetEnvironmentStringsW
0x1400f07a8 GetFileSize
0x1400f07b0 GetFileSizeEx
0x1400f07b8 GetFileType
0x1400f07c0 GetLastError
0x1400f07c8 GetLocaleInfoW
0x1400f07d0 GetModuleFileNameW
0x1400f07d8 GetModuleHandleA
0x1400f07e0 GetModuleHandleExW
0x1400f07e8 GetModuleHandleW
0x1400f07f0 GetOEMCP
0x1400f07f8 GetProcAddress
0x1400f0800 GetProcessHeap
0x1400f0808 GetStartupInfoW
0x1400f0810 GetStdHandle
0x1400f0818 GetStringTypeW
0x1400f0820 GetSystemTimeAsFileTime
0x1400f0828 GetUserDefaultLCID
0x1400f0830 HeapAlloc
0x1400f0838 HeapFree
0x1400f0840 HeapReAlloc
0x1400f0848 HeapSize
0x1400f0850 InitOnceBeginInitialize
0x1400f0858 InitOnceComplete
0x1400f0860 InitializeCriticalSectionAndSpinCount
0x1400f0868 InitializeCriticalSectionEx
0x1400f0870 InitializeSListHead
0x1400f0878 IsDebuggerPresent
0x1400f0880 IsProcessorFeaturePresent
0x1400f0888 IsValidCodePage
0x1400f0890 IsValidLocale
0x1400f0898 LCMapStringEx
0x1400f08a0 LCMapStringW
0x1400f08a8 LeaveCriticalSection
0x1400f08b0 LoadLibraryExW
0x1400f08b8 MultiByteToWideChar
0x1400f08c0 QueryPerformanceCounter
0x1400f08c8 QueryPerformanceFrequency
0x1400f08d0 RaiseException
0x1400f08d8 ReadConsoleW
0x1400f08e0 ReadFile
0x1400f08e8 ReleaseSRWLockExclusive
0x1400f08f0 RtlCaptureContext
0x1400f08f8 RtlLookupFunctionEntry
0x1400f0900 RtlPcToFileHeader
0x1400f0908 RtlUnwind
0x1400f0910 RtlUnwindEx
0x1400f0918 RtlVirtualUnwind
0x1400f0920 SetFilePointerEx
0x1400f0928 SetLastError
0x1400f0930 SetStdHandle
0x1400f0938 SetUnhandledExceptionFilter
0x1400f0940 Sleep
0x1400f0948 SleepConditionVariableSRW
0x1400f0950 SubmitThreadpoolWork
0x1400f0958 TerminateProcess
0x1400f0960 TlsAlloc
0x1400f0968 TlsFree
0x1400f0970 TlsGetValue
0x1400f0978 TlsSetValue
0x1400f0980 TryAcquireSRWLockExclusive
0x1400f0988 UnhandledExceptionFilter
0x1400f0990 WakeAllConditionVariable
0x1400f0998 WideCharToMultiByte
0x1400f09a0 WriteConsoleW
0x1400f09a8 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x1400f06a0 AcquireSRWLockExclusive
0x1400f06a8 CloseHandle
0x1400f06b0 CloseThreadpoolWork
0x1400f06b8 CreateFileA
0x1400f06c0 CreateFileW
0x1400f06c8 CreateThreadpoolWork
0x1400f06d0 DecodePointer
0x1400f06d8 DeleteCriticalSection
0x1400f06e0 EncodePointer
0x1400f06e8 EnterCriticalSection
0x1400f06f0 EnumSystemLocalesW
0x1400f06f8 ExitProcess
0x1400f0700 FindClose
0x1400f0708 FindFirstFileExW
0x1400f0710 FindNextFileW
0x1400f0718 FlsAlloc
0x1400f0720 FlsFree
0x1400f0728 FlsGetValue
0x1400f0730 FlsSetValue
0x1400f0738 FlushFileBuffers
0x1400f0740 FreeEnvironmentStringsW
0x1400f0748 FreeLibrary
0x1400f0750 FreeLibraryWhenCallbackReturns
0x1400f0758 GetACP
0x1400f0760 GetCPInfo
0x1400f0768 GetCommandLineA
0x1400f0770 GetCommandLineW
0x1400f0778 GetConsoleMode
0x1400f0780 GetConsoleOutputCP
0x1400f0788 GetCurrentProcess
0x1400f0790 GetCurrentProcessId
0x1400f0798 GetCurrentThreadId
0x1400f07a0 GetEnvironmentStringsW
0x1400f07a8 GetFileSize
0x1400f07b0 GetFileSizeEx
0x1400f07b8 GetFileType
0x1400f07c0 GetLastError
0x1400f07c8 GetLocaleInfoW
0x1400f07d0 GetModuleFileNameW
0x1400f07d8 GetModuleHandleA
0x1400f07e0 GetModuleHandleExW
0x1400f07e8 GetModuleHandleW
0x1400f07f0 GetOEMCP
0x1400f07f8 GetProcAddress
0x1400f0800 GetProcessHeap
0x1400f0808 GetStartupInfoW
0x1400f0810 GetStdHandle
0x1400f0818 GetStringTypeW
0x1400f0820 GetSystemTimeAsFileTime
0x1400f0828 GetUserDefaultLCID
0x1400f0830 HeapAlloc
0x1400f0838 HeapFree
0x1400f0840 HeapReAlloc
0x1400f0848 HeapSize
0x1400f0850 InitOnceBeginInitialize
0x1400f0858 InitOnceComplete
0x1400f0860 InitializeCriticalSectionAndSpinCount
0x1400f0868 InitializeCriticalSectionEx
0x1400f0870 InitializeSListHead
0x1400f0878 IsDebuggerPresent
0x1400f0880 IsProcessorFeaturePresent
0x1400f0888 IsValidCodePage
0x1400f0890 IsValidLocale
0x1400f0898 LCMapStringEx
0x1400f08a0 LCMapStringW
0x1400f08a8 LeaveCriticalSection
0x1400f08b0 LoadLibraryExW
0x1400f08b8 MultiByteToWideChar
0x1400f08c0 QueryPerformanceCounter
0x1400f08c8 QueryPerformanceFrequency
0x1400f08d0 RaiseException
0x1400f08d8 ReadConsoleW
0x1400f08e0 ReadFile
0x1400f08e8 ReleaseSRWLockExclusive
0x1400f08f0 RtlCaptureContext
0x1400f08f8 RtlLookupFunctionEntry
0x1400f0900 RtlPcToFileHeader
0x1400f0908 RtlUnwind
0x1400f0910 RtlUnwindEx
0x1400f0918 RtlVirtualUnwind
0x1400f0920 SetFilePointerEx
0x1400f0928 SetLastError
0x1400f0930 SetStdHandle
0x1400f0938 SetUnhandledExceptionFilter
0x1400f0940 Sleep
0x1400f0948 SleepConditionVariableSRW
0x1400f0950 SubmitThreadpoolWork
0x1400f0958 TerminateProcess
0x1400f0960 TlsAlloc
0x1400f0968 TlsFree
0x1400f0970 TlsGetValue
0x1400f0978 TlsSetValue
0x1400f0980 TryAcquireSRWLockExclusive
0x1400f0988 UnhandledExceptionFilter
0x1400f0990 WakeAllConditionVariable
0x1400f0998 WideCharToMultiByte
0x1400f09a0 WriteConsoleW
0x1400f09a8 WriteFile
EAT(Export Address Table) is none