ScreenShot
| Created | 2025.05.04 13:24 | Machine | s1_win7_x6403 |
| Filename | e81057ea-ba75-4cee-aa0f-af30fd57da7c | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 54 detected (AIDetectMalware, Malicious, score, Lazy, Unsafe, Save, confidence, 100%, GenusT, EWAB, Attribute, HighConfidence, high confidence, Kryptik, MalwareX, Cryp, Zusy, Lumma, Convagent, UWvQzODwIgC, tknse, LUMMASTEALER, YXFDZZ, Krypt, Static AI, Suspicious PE, Detected, Caynamer, LummaC, ABTrojan, FPDF, Artemis, Chgt, PE04C9Z, Gencirc, H51JykXZKt8, susgen) | ||
| md5 | 34fe586984baf6bdcd3b10852c816269 | ||
| sha256 | ad5390fadcc85209fe02934458d55464a66354a50588b56d1034bd0ddd87b58a | ||
| ssdeep | 24576:FnCen7vb64RSEvpGFpDltOKb64RSEvpGFpDltO:Fdn7z6pFvOM6pFvO | ||
| imphash | d6937b39d566e5795f3eb7422ac303be | ||
| impfuzzy | 24:aWDCelQtWOovbOGMUD1uUvgDWDQyl3LPxQTw07GiJUHO:aQC5x361PlhbxQNGJHO | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 54 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140047bc0 CloseHandle
0x140047bc8 CreateFileA
0x140047bd0 CreateFileW
0x140047bd8 DeleteCriticalSection
0x140047be0 EncodePointer
0x140047be8 EnterCriticalSection
0x140047bf0 ExitProcess
0x140047bf8 FindClose
0x140047c00 FindFirstFileExW
0x140047c08 FindNextFileW
0x140047c10 FlsAlloc
0x140047c18 FlsFree
0x140047c20 FlsGetValue
0x140047c28 FlsSetValue
0x140047c30 FlushFileBuffers
0x140047c38 FreeEnvironmentStringsW
0x140047c40 FreeLibrary
0x140047c48 GetACP
0x140047c50 GetCPInfo
0x140047c58 GetCommandLineA
0x140047c60 GetCommandLineW
0x140047c68 GetConsoleMode
0x140047c70 GetConsoleOutputCP
0x140047c78 GetCurrentProcess
0x140047c80 GetCurrentProcessId
0x140047c88 GetCurrentThreadId
0x140047c90 GetEnvironmentStringsW
0x140047c98 GetFileSize
0x140047ca0 GetFileSizeEx
0x140047ca8 GetFileType
0x140047cb0 GetLastError
0x140047cb8 GetModuleFileNameW
0x140047cc0 GetModuleHandleA
0x140047cc8 GetModuleHandleExW
0x140047cd0 GetModuleHandleW
0x140047cd8 GetOEMCP
0x140047ce0 GetProcAddress
0x140047ce8 GetProcessHeap
0x140047cf0 GetStartupInfoW
0x140047cf8 GetStdHandle
0x140047d00 GetStringTypeW
0x140047d08 GetSystemTimeAsFileTime
0x140047d10 HeapAlloc
0x140047d18 HeapFree
0x140047d20 HeapReAlloc
0x140047d28 HeapSize
0x140047d30 InitializeCriticalSectionAndSpinCount
0x140047d38 InitializeSListHead
0x140047d40 IsDebuggerPresent
0x140047d48 IsProcessorFeaturePresent
0x140047d50 IsValidCodePage
0x140047d58 LCMapStringW
0x140047d60 LeaveCriticalSection
0x140047d68 LoadLibraryExW
0x140047d70 MultiByteToWideChar
0x140047d78 QueryPerformanceCounter
0x140047d80 QueryPerformanceFrequency
0x140047d88 RaiseException
0x140047d90 ReadFile
0x140047d98 RtlCaptureContext
0x140047da0 RtlLookupFunctionEntry
0x140047da8 RtlPcToFileHeader
0x140047db0 RtlUnwindEx
0x140047db8 RtlVirtualUnwind
0x140047dc0 SetFilePointerEx
0x140047dc8 SetLastError
0x140047dd0 SetStdHandle
0x140047dd8 SetUnhandledExceptionFilter
0x140047de0 Sleep
0x140047de8 TerminateProcess
0x140047df0 TlsAlloc
0x140047df8 TlsFree
0x140047e00 TlsGetValue
0x140047e08 TlsSetValue
0x140047e10 UnhandledExceptionFilter
0x140047e18 WideCharToMultiByte
0x140047e20 WriteConsoleW
0x140047e28 WriteFile
EAT(Export Address Table) is none
KERNEL32.dll
0x140047bc0 CloseHandle
0x140047bc8 CreateFileA
0x140047bd0 CreateFileW
0x140047bd8 DeleteCriticalSection
0x140047be0 EncodePointer
0x140047be8 EnterCriticalSection
0x140047bf0 ExitProcess
0x140047bf8 FindClose
0x140047c00 FindFirstFileExW
0x140047c08 FindNextFileW
0x140047c10 FlsAlloc
0x140047c18 FlsFree
0x140047c20 FlsGetValue
0x140047c28 FlsSetValue
0x140047c30 FlushFileBuffers
0x140047c38 FreeEnvironmentStringsW
0x140047c40 FreeLibrary
0x140047c48 GetACP
0x140047c50 GetCPInfo
0x140047c58 GetCommandLineA
0x140047c60 GetCommandLineW
0x140047c68 GetConsoleMode
0x140047c70 GetConsoleOutputCP
0x140047c78 GetCurrentProcess
0x140047c80 GetCurrentProcessId
0x140047c88 GetCurrentThreadId
0x140047c90 GetEnvironmentStringsW
0x140047c98 GetFileSize
0x140047ca0 GetFileSizeEx
0x140047ca8 GetFileType
0x140047cb0 GetLastError
0x140047cb8 GetModuleFileNameW
0x140047cc0 GetModuleHandleA
0x140047cc8 GetModuleHandleExW
0x140047cd0 GetModuleHandleW
0x140047cd8 GetOEMCP
0x140047ce0 GetProcAddress
0x140047ce8 GetProcessHeap
0x140047cf0 GetStartupInfoW
0x140047cf8 GetStdHandle
0x140047d00 GetStringTypeW
0x140047d08 GetSystemTimeAsFileTime
0x140047d10 HeapAlloc
0x140047d18 HeapFree
0x140047d20 HeapReAlloc
0x140047d28 HeapSize
0x140047d30 InitializeCriticalSectionAndSpinCount
0x140047d38 InitializeSListHead
0x140047d40 IsDebuggerPresent
0x140047d48 IsProcessorFeaturePresent
0x140047d50 IsValidCodePage
0x140047d58 LCMapStringW
0x140047d60 LeaveCriticalSection
0x140047d68 LoadLibraryExW
0x140047d70 MultiByteToWideChar
0x140047d78 QueryPerformanceCounter
0x140047d80 QueryPerformanceFrequency
0x140047d88 RaiseException
0x140047d90 ReadFile
0x140047d98 RtlCaptureContext
0x140047da0 RtlLookupFunctionEntry
0x140047da8 RtlPcToFileHeader
0x140047db0 RtlUnwindEx
0x140047db8 RtlVirtualUnwind
0x140047dc0 SetFilePointerEx
0x140047dc8 SetLastError
0x140047dd0 SetStdHandle
0x140047dd8 SetUnhandledExceptionFilter
0x140047de0 Sleep
0x140047de8 TerminateProcess
0x140047df0 TlsAlloc
0x140047df8 TlsFree
0x140047e00 TlsGetValue
0x140047e08 TlsSetValue
0x140047e10 UnhandledExceptionFilter
0x140047e18 WideCharToMultiByte
0x140047e20 WriteConsoleW
0x140047e28 WriteFile
EAT(Export Address Table) is none