Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

Lumma App/Generic-LG

Dynamic Analysis Report

Created on 2024-11-30T08:12:27+00:00

mfym.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\mfym.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 306.00 KB
MD5 f352b356aa260f152571ffb99454b8a2 Copy to Clipboard
SHA1 b667447e7184c458b162b4331cc04e0300dba669 Copy to Clipboard
SHA256 a0c6c5da3d3eaf6230ccb5f53f4dc07abe23cae43e19b5a0d8299c8308fa34db Copy to Clipboard
SSDeep 6144:XZnMZ3LQaab9hEZo22cm81VJ+kmxWMmTfzAt20gm18SVfpHy6zhS/R:pMJQaA9hpy1yuT0xBJyx Copy to Clipboard
ImpHash efd5a1321fb3549606827ae52de6c65d Copy to Clipboard
File Reputation Information
»
Verdict
Suspicious
Names App/Generic-LG
Classification PUA
PE Information
»
Image Base 0x00400000
Entry Point 0x00409F80
Size Of Code 0x0003FA00
Size Of Initialized Data 0x0000BE00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2019-10-26 21:56 (UTC+2)
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0003F9CF 0x0003FA00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.67
.rdata 0x00441000 0x000020B7 0x00002200 0x0003FE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.51
.data 0x00444000 0x0000FF98 0x00005A00 0x00042000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.46
.CRT 0x00454000 0x00000004 0x00000200 0x00047A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.06
.reloc 0x00455000 0x00003F38 0x00004000 0x00047C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.47
beu 0x00459000 0x00001000 0x00000C00 0x0004BC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.81
Imports (6)
»
SHELL32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHEmptyRecycleBinW - 0x00442D28 0x00042C6C 0x00041A6C 0x00000131
SHGetFileInfoW - 0x00442D2C 0x00042C70 0x00041A70 0x0000014A
SHGetSpecialFolderPathW - 0x00442D30 0x00042C74 0x00041A74 0x0000016E
KERNEL32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CopyFileW - 0x00442D38 0x00042C7C 0x00041A7C 0x000000B0
ExitProcess - 0x00442D3C 0x00042C80 0x00041A80 0x00000162
GetCommandLineW - 0x00442D40 0x00042C84 0x00041A84 0x000001DB
GetCurrentProcessId - 0x00442D44 0x00042C88 0x00041A88 0x0000021C
GetCurrentThreadId - 0x00442D48 0x00042C8C 0x00041A8C 0x00000220
GetLogicalDrives - 0x00442D4C 0x00042C90 0x00041A90 0x0000026C
GetSystemDirectoryW - 0x00442D50 0x00042C94 0x00041A94 0x000002E8
GlobalLock - 0x00442D54 0x00042C98 0x00041A98 0x00000344
GlobalUnlock - 0x00442D58 0x00042C9C 0x00041A9C 0x0000034B
USER32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CloseClipboard - 0x00442D60 0x00042CA4 0x00041AA4 0x0000004F
GetClipboardData - 0x00442D64 0x00042CA8 0x00041AA8 0x00000134
GetDC - 0x00442D68 0x00042CAC 0x00041AAC 0x00000140
GetForegroundWindow - 0x00442D6C 0x00042CB0 0x00041AB0 0x00000157
GetSystemMetrics - 0x00442D70 0x00042CB4 0x00041AB4 0x000001C6
GetWindowLongW - 0x00442D74 0x00042CB8 0x00041AB8 0x000001E6
OpenClipboard - 0x00442D78 0x00042CBC 0x00041ABC 0x00000298
ReleaseDC - 0x00442D7C 0x00042CC0 0x00041AC0 0x000002F7
GDI32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
BitBlt - 0x00442D84 0x00042CC8 0x00041AC8 0x00000013
CreateCompatibleBitmap - 0x00442D88 0x00042CCC 0x00041ACC 0x00000030
CreateCompatibleDC - 0x00442D8C 0x00042CD0 0x00041AD0 0x00000031
CreateDIBSection - 0x00442D90 0x00042CD4 0x00041AD4 0x00000037
DeleteDC - 0x00442D94 0x00042CD8 0x00041AD8 0x00000183
DeleteObject - 0x00442D98 0x00042CDC 0x00041ADC 0x00000186
GetCurrentObject - 0x00442D9C 0x00042CE0 0x00041AE0 0x00000276
GetDIBits - 0x00442DA0 0x00042CE4 0x00041AE4 0x0000027D
GetObjectW - 0x00442DA4 0x00042CE8 0x00041AE8 0x000002B0
GetPixel - 0x00442DA8 0x00042CEC 0x00041AEC 0x000002B7
SelectObject - 0x00442DAC 0x00042CF0 0x00041AF0 0x00000367
StretchBlt - 0x00442DB0 0x00042CF4 0x00041AF4 0x000003A3
ole32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance - 0x00442DB8 0x00042CFC 0x00041AFC 0x00000028
CoInitializeEx - 0x00442DBC 0x00042D00 0x00041B00 0x0000005E
CoInitializeSecurity - 0x00442DC0 0x00042D04 0x00041B04 0x0000005F
CoSetProxyBlanket - 0x00442DC4 0x00042D08 0x00041B08 0x00000084
CoUninitialize - 0x00442DC8 0x00042D0C 0x00041B0C 0x0000008E
OLEAUT32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocString 0x00000002 0x00442DD0 0x00042D14 0x00041B14 -
SysFreeString 0x00000006 0x00442DD4 0x00042D18 0x00041B18 -
VariantClear 0x00000009 0x00442DD8 0x00042D1C 0x00041B1C -
VariantInit 0x00000008 0x00442DDC 0x00042D20 0x00041B20 -
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
mfym.exe 1 0x00C30000 0x00C89FFF Relevant Image False 32-bit 0x00C6F440 False
...
mfym.exe 1 0x00C30000 0x00C89FFF Process Termination False 32-bit - False
...
cdf82096d2e070285fdcd1bcd2c17110037249ff4aaca4ec223d633c4f136e8a Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 17.13 KB
MD5 2243f39b456178a01d0a077754e8b15f Copy to Clipboard
SHA1 9d071dab105addf5c950823dbd4f0f82da7acd14 Copy to Clipboard
SHA256 cdf82096d2e070285fdcd1bcd2c17110037249ff4aaca4ec223d633c4f136e8a Copy to Clipboard
SSDeep 384:RYkjL2QaXZ2fJcXX3XJHX+3dWOgKezaaaJr0Hh65dFLTa3:RFjL3HhcXH5H6WOgKiGmhadFLTM Copy to Clipboard
ImpHash -
f7808534ebfd336454d6ab3dcbd8709aa361542e521c3c4870ef1abdabd9f4a9 Downloaded File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 1.55 KB
MD5 c4c076e6218825b112b31175ca2318d8 Copy to Clipboard
SHA1 e5a18d4f428cb4044c5fb6b9f00898cd6a27ac7a Copy to Clipboard
SHA256 f7808534ebfd336454d6ab3dcbd8709aa361542e521c3c4870ef1abdabd9f4a9 Copy to Clipboard
SSDeep 24:6RpHjdnN3p+XtTvHA7a4RvIPA3kI5sWYzKCkpxr:6fHj9xiTvHAe4ykUL5Yr Copy to Clipboard
ImpHash -
89fc251944a8d22f52576f4b978b269e7188ba735733a9b07a61d7b9d7e4e447 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 77 Bytes
MD5 d467620cba58666fb6fb950bb8a8ddf5 Copy to Clipboard
SHA1 6b860f51bb89e5da7b9984686ea99fa27b5aa5a3 Copy to Clipboard
SHA256 89fc251944a8d22f52576f4b978b269e7188ba735733a9b07a61d7b9d7e4e447 Copy to Clipboard
SSDeep 3:vRYR69RrJMboV1DGNJlRs/sUzmqOWn:JYR8Rt4CGDKkovOW Copy to Clipboard
ImpHash -
256a8b45742d96b4275fd0b9ad016ff88d452e2e0fce7b6d08d8f80a8368068d Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 48 Bytes
MD5 fe43b0f15622c18cc16b56bba671090c Copy to Clipboard
SHA1 fd822ae5edb0c024cb3490414b7462fcdc408a6a Copy to Clipboard
SHA256 256a8b45742d96b4275fd0b9ad016ff88d452e2e0fce7b6d08d8f80a8368068d Copy to Clipboard
SSDeep 3:KnhmH7Ww3gFNfdV71:8gH7Ww4FVp Copy to Clipboard
ImpHash -
ad356134b1b966d145a640de63e992166bfe33c8aaeb42d8e2fd1732044002a1 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 42 Bytes
MD5 6875286df5f4a3c6b5dcdcaee86ee8eb Copy to Clipboard
SHA1 1c9560f5c5e07a5c6b320d96a2e55eef8506fefb Copy to Clipboard
SHA256 ad356134b1b966d145a640de63e992166bfe33c8aaeb42d8e2fd1732044002a1 Copy to Clipboard
SSDeep 3:vR/M6ECJMboV1Dg:Jk84CU Copy to Clipboard
ImpHash -
04339c5b1cd2339b03ffd50bc302c17f6c3ea7a39abbe96dd4ea5ad6d9796764 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 8 Bytes
MD5 faf57b74d4f3a37d109433c62e0d0fbd Copy to Clipboard
SHA1 b844716b8f45b1069bb05a63c94df160aeb7bfba Copy to Clipboard
SHA256 04339c5b1cd2339b03ffd50bc302c17f6c3ea7a39abbe96dd4ea5ad6d9796764 Copy to Clipboard
SSDeep 3:vRFc:Je Copy to Clipboard
ImpHash -
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Downloaded File Text
Clean
Known to be clean.
...
»
MIME Type text/plain
File Size 2 Bytes
MD5 444bcb3a3fcf8389296c49467f27e1d6 Copy to Clipboard
SHA1 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb Copy to Clipboard
SHA256 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Copy to Clipboard
SSDeep 3:V:V Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image