ScreenShot
| Created | 2025.05.04 12:55 | Machine | s1_win7_x6403 |
| Filename | 4c52e55f-198a-4fb0-aa95-07f706c534e5 | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 59 detected (AIDetectMalware, Lumma, Malicious, score, Ghanarava, VirusWinExpiro, Lazy, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, MalwareX, Cryp, ShellCodeLoader, CLASSIC, embsl, AMADEY, YXFDKZ, Krypt, Detected, Malware@#30z6g4o7axark, LummaStealer, SJOP, NGBE, R699990, Artemis, TrojanPSW, GdSda, PE04C9Z, Gencirc, h03qVaa8ivs, susgen, GYZ2XJC) | ||
| md5 | 17ddbfa8a1a8867d6806426ebb55de88 | ||
| sha256 | 7e1020a778f66263ac7db020a088001dd52105c58af178af050b58c516cf6aef | ||
| ssdeep | 24576:/QBrDZNBpy9p/uGnNVJWA6E1KzfHRkqL8erhI3G9AW6OaX:oBPURuGNVJWA62Kz+6lrhI29H6 | ||
| imphash | b2c200f5e4fd63f73dca30ad3ac2c240 | ||
| impfuzzy | 24:hWs5WDCelQtzOovbOGMUD1uUvg0WDQ7UlnULPxQTRKT07GiJUc8:hW0QC5y361PoJUbxQ/GJc8 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x1400cbea8 AcquireSRWLockExclusive
0x1400cbeb0 CloseHandle
0x1400cbeb8 CloseThreadpoolWork
0x1400cbec0 CreateFileA
0x1400cbec8 CreateFileW
0x1400cbed0 CreateThreadpoolWork
0x1400cbed8 DeleteCriticalSection
0x1400cbee0 EncodePointer
0x1400cbee8 EnterCriticalSection
0x1400cbef0 ExitProcess
0x1400cbef8 FindClose
0x1400cbf00 FindFirstFileExW
0x1400cbf08 FindNextFileW
0x1400cbf10 FlsAlloc
0x1400cbf18 FlsFree
0x1400cbf20 FlsGetValue
0x1400cbf28 FlsSetValue
0x1400cbf30 FlushFileBuffers
0x1400cbf38 FreeEnvironmentStringsW
0x1400cbf40 FreeLibrary
0x1400cbf48 FreeLibraryWhenCallbackReturns
0x1400cbf50 GetACP
0x1400cbf58 GetCPInfo
0x1400cbf60 GetCommandLineA
0x1400cbf68 GetCommandLineW
0x1400cbf70 GetConsoleMode
0x1400cbf78 GetConsoleOutputCP
0x1400cbf80 GetCurrentProcess
0x1400cbf88 GetCurrentProcessId
0x1400cbf90 GetCurrentThreadId
0x1400cbf98 GetEnvironmentStringsW
0x1400cbfa0 GetFileSize
0x1400cbfa8 GetFileSizeEx
0x1400cbfb0 GetFileType
0x1400cbfb8 GetLastError
0x1400cbfc0 GetModuleFileNameA
0x1400cbfc8 GetModuleFileNameW
0x1400cbfd0 GetModuleHandleExW
0x1400cbfd8 GetModuleHandleW
0x1400cbfe0 GetOEMCP
0x1400cbfe8 GetProcAddress
0x1400cbff0 GetProcessHeap
0x1400cbff8 GetStartupInfoW
0x1400cc000 GetStdHandle
0x1400cc008 GetStringTypeW
0x1400cc010 GetSystemTimeAsFileTime
0x1400cc018 HeapAlloc
0x1400cc020 HeapFree
0x1400cc028 HeapReAlloc
0x1400cc030 HeapSize
0x1400cc038 InitOnceBeginInitialize
0x1400cc040 InitOnceComplete
0x1400cc048 InitializeCriticalSectionAndSpinCount
0x1400cc050 InitializeCriticalSectionEx
0x1400cc058 InitializeSListHead
0x1400cc060 IsDebuggerPresent
0x1400cc068 IsProcessorFeaturePresent
0x1400cc070 IsValidCodePage
0x1400cc078 LCMapStringW
0x1400cc080 LeaveCriticalSection
0x1400cc088 LoadLibraryExW
0x1400cc090 MultiByteToWideChar
0x1400cc098 QueryPerformanceCounter
0x1400cc0a0 QueryPerformanceFrequency
0x1400cc0a8 RaiseException
0x1400cc0b0 ReadFile
0x1400cc0b8 ReleaseSRWLockExclusive
0x1400cc0c0 RtlCaptureContext
0x1400cc0c8 RtlLookupFunctionEntry
0x1400cc0d0 RtlPcToFileHeader
0x1400cc0d8 RtlUnwindEx
0x1400cc0e0 RtlVirtualUnwind
0x1400cc0e8 SetFilePointerEx
0x1400cc0f0 SetLastError
0x1400cc0f8 SetStdHandle
0x1400cc100 SetUnhandledExceptionFilter
0x1400cc108 Sleep
0x1400cc110 SleepConditionVariableSRW
0x1400cc118 SubmitThreadpoolWork
0x1400cc120 TerminateProcess
0x1400cc128 TlsAlloc
0x1400cc130 TlsFree
0x1400cc138 TlsGetValue
0x1400cc140 TlsSetValue
0x1400cc148 TryAcquireSRWLockExclusive
0x1400cc150 UnhandledExceptionFilter
0x1400cc158 WakeAllConditionVariable
0x1400cc160 WideCharToMultiByte
0x1400cc168 WriteConsoleW
0x1400cc170 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x1400cbea8 AcquireSRWLockExclusive
0x1400cbeb0 CloseHandle
0x1400cbeb8 CloseThreadpoolWork
0x1400cbec0 CreateFileA
0x1400cbec8 CreateFileW
0x1400cbed0 CreateThreadpoolWork
0x1400cbed8 DeleteCriticalSection
0x1400cbee0 EncodePointer
0x1400cbee8 EnterCriticalSection
0x1400cbef0 ExitProcess
0x1400cbef8 FindClose
0x1400cbf00 FindFirstFileExW
0x1400cbf08 FindNextFileW
0x1400cbf10 FlsAlloc
0x1400cbf18 FlsFree
0x1400cbf20 FlsGetValue
0x1400cbf28 FlsSetValue
0x1400cbf30 FlushFileBuffers
0x1400cbf38 FreeEnvironmentStringsW
0x1400cbf40 FreeLibrary
0x1400cbf48 FreeLibraryWhenCallbackReturns
0x1400cbf50 GetACP
0x1400cbf58 GetCPInfo
0x1400cbf60 GetCommandLineA
0x1400cbf68 GetCommandLineW
0x1400cbf70 GetConsoleMode
0x1400cbf78 GetConsoleOutputCP
0x1400cbf80 GetCurrentProcess
0x1400cbf88 GetCurrentProcessId
0x1400cbf90 GetCurrentThreadId
0x1400cbf98 GetEnvironmentStringsW
0x1400cbfa0 GetFileSize
0x1400cbfa8 GetFileSizeEx
0x1400cbfb0 GetFileType
0x1400cbfb8 GetLastError
0x1400cbfc0 GetModuleFileNameA
0x1400cbfc8 GetModuleFileNameW
0x1400cbfd0 GetModuleHandleExW
0x1400cbfd8 GetModuleHandleW
0x1400cbfe0 GetOEMCP
0x1400cbfe8 GetProcAddress
0x1400cbff0 GetProcessHeap
0x1400cbff8 GetStartupInfoW
0x1400cc000 GetStdHandle
0x1400cc008 GetStringTypeW
0x1400cc010 GetSystemTimeAsFileTime
0x1400cc018 HeapAlloc
0x1400cc020 HeapFree
0x1400cc028 HeapReAlloc
0x1400cc030 HeapSize
0x1400cc038 InitOnceBeginInitialize
0x1400cc040 InitOnceComplete
0x1400cc048 InitializeCriticalSectionAndSpinCount
0x1400cc050 InitializeCriticalSectionEx
0x1400cc058 InitializeSListHead
0x1400cc060 IsDebuggerPresent
0x1400cc068 IsProcessorFeaturePresent
0x1400cc070 IsValidCodePage
0x1400cc078 LCMapStringW
0x1400cc080 LeaveCriticalSection
0x1400cc088 LoadLibraryExW
0x1400cc090 MultiByteToWideChar
0x1400cc098 QueryPerformanceCounter
0x1400cc0a0 QueryPerformanceFrequency
0x1400cc0a8 RaiseException
0x1400cc0b0 ReadFile
0x1400cc0b8 ReleaseSRWLockExclusive
0x1400cc0c0 RtlCaptureContext
0x1400cc0c8 RtlLookupFunctionEntry
0x1400cc0d0 RtlPcToFileHeader
0x1400cc0d8 RtlUnwindEx
0x1400cc0e0 RtlVirtualUnwind
0x1400cc0e8 SetFilePointerEx
0x1400cc0f0 SetLastError
0x1400cc0f8 SetStdHandle
0x1400cc100 SetUnhandledExceptionFilter
0x1400cc108 Sleep
0x1400cc110 SleepConditionVariableSRW
0x1400cc118 SubmitThreadpoolWork
0x1400cc120 TerminateProcess
0x1400cc128 TlsAlloc
0x1400cc130 TlsFree
0x1400cc138 TlsGetValue
0x1400cc140 TlsSetValue
0x1400cc148 TryAcquireSRWLockExclusive
0x1400cc150 UnhandledExceptionFilter
0x1400cc158 WakeAllConditionVariable
0x1400cc160 WideCharToMultiByte
0x1400cc168 WriteConsoleW
0x1400cc170 WriteFile
EAT(Export Address Table) is none