Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

Lumma Mal/Generic-S Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2024-05-26T10:59:55+00:00

c0628d64b48b90236336a7b3b16a8d8f.virus.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

Filters:
File Name Category Type Verdict Actions
C:\Users\OqXZRaykm\Desktop\c0628d64b48b90236336a7b3b16a8d8f.virus.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 188.50 KB
MD5 c0628d64b48b90236336a7b3b16a8d8f Copy to Clipboard
SHA1 7d78af00f9e2470928e34f41fdc5bfc2d18ecc0d Copy to Clipboard
SHA256 5cbc2c99fcefa887db722d33015ac09004c1e9897d00b11ae9869cb909253262 Copy to Clipboard
SSDeep 3072:9UddXt7wF+98JgpHp3kNu1IBUN3h5wF21FZ7+5TZMT3cGbqWN+Pe9at3JqJ02I2E:9UddXt7wF+98JgpHp3kNu1IBUN3h5wFh Copy to Clipboard
ImpHash 36d17c270b8b6c758f960d9022b026c5 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x0040C346
Size Of Code 0x00021E00
Size Of Initialized Data 0x0000DC00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-02-09 17:53 (UTC)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00021C54 0x00021E00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.64
.rdata 0x00423000 0x0000A84E 0x0000AA00 0x00022200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.09
.data 0x0042E000 0x000016A8 0x00000C00 0x0002CC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.56
.rsrc 0x00430000 0x000001E0 0x00000200 0x0002D800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.7
.reloc 0x00431000 0x000017B8 0x00001800 0x0002DA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.61
Imports (4)
»
KERNEL32.dll (72)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
lstrcmpiW - 0x0042303C 0x0002D0A4 0x0002C2A4 0x00000637
WriteConsoleW - 0x00423040 0x0002D0A8 0x0002C2A8 0x00000615
HeapSize - 0x00423044 0x0002D0AC 0x0002C2AC 0x00000351
SetEnvironmentVariableW - 0x00423048 0x0002D0B0 0x0002C2B0 0x00000516
FreeEnvironmentStringsW - 0x0042304C 0x0002D0B4 0x0002C2B4 0x000001AD
GetEnvironmentStringsW - 0x00423050 0x0002D0B8 0x0002C2B8 0x0000023A
GetCommandLineW - 0x00423054 0x0002D0BC 0x0002C2BC 0x000001DA
GetCommandLineA - 0x00423058 0x0002D0C0 0x0002C2C0 0x000001D9
CloseHandle - 0x0042305C 0x0002D0C4 0x0002C2C4 0x00000089
CreateFileW - 0x00423060 0x0002D0C8 0x0002C2C8 0x000000CE
GetCurrentProcess - 0x00423064 0x0002D0CC 0x0002C2CC 0x0000021A
GetProcessHeap - 0x00423068 0x0002D0D0 0x0002C2D0 0x000002B7
HeapAlloc - 0x0042306C 0x0002D0D4 0x0002C2D4 0x00000348
WideCharToMultiByte - 0x00423070 0x0002D0D8 0x0002C2D8 0x00000602
HeapFree - 0x00423074 0x0002D0DC 0x0002C2DC 0x0000034C
MultiByteToWideChar - 0x00423078 0x0002D0E0 0x0002C2E0 0x000003F3
lstrcmpW - 0x0042307C 0x0002D0E4 0x0002C2E4 0x00000634
lstrlenW - 0x00423080 0x0002D0E8 0x0002C2E8 0x00000640
GetStringTypeW - 0x00423084 0x0002D0EC 0x0002C2EC 0x000002DA
lstrcatW - 0x00423088 0x0002D0F0 0x0002C2F0 0x00000631
QueryPerformanceCounter - 0x0042308C 0x0002D0F4 0x0002C2F4 0x0000044F
GetCurrentProcessId - 0x00423090 0x0002D0F8 0x0002C2F8 0x0000021B
GetCurrentThreadId - 0x00423094 0x0002D0FC 0x0002C2FC 0x0000021F
GetSystemTimeAsFileTime - 0x00423098 0x0002D100 0x0002C300 0x000002EC
InitializeSListHead - 0x0042309C 0x0002D104 0x0002C304 0x00000366
IsDebuggerPresent - 0x004230A0 0x0002D108 0x0002C308 0x00000382
UnhandledExceptionFilter - 0x004230A4 0x0002D10C 0x0002C30C 0x000005B1
SetUnhandledExceptionFilter - 0x004230A8 0x0002D110 0x0002C310 0x00000571
GetStartupInfoW - 0x004230AC 0x0002D114 0x0002C314 0x000002D3
IsProcessorFeaturePresent - 0x004230B0 0x0002D118 0x0002C318 0x00000389
GetModuleHandleW - 0x004230B4 0x0002D11C 0x0002C31C 0x0000027B
TerminateProcess - 0x004230B8 0x0002D120 0x0002C320 0x00000590
RtlUnwind - 0x004230BC 0x0002D124 0x0002C324 0x000004D5
GetLastError - 0x004230C0 0x0002D128 0x0002C328 0x00000264
SetLastError - 0x004230C4 0x0002D12C 0x0002C32C 0x00000534
EnterCriticalSection - 0x004230C8 0x0002D130 0x0002C330 0x00000134
LeaveCriticalSection - 0x004230CC 0x0002D134 0x0002C334 0x000003C1
DeleteCriticalSection - 0x004230D0 0x0002D138 0x0002C338 0x00000113
InitializeCriticalSectionAndSpinCount - 0x004230D4 0x0002D13C 0x0002C33C 0x00000362
TlsAlloc - 0x004230D8 0x0002D140 0x0002C340 0x000005A2
TlsGetValue - 0x004230DC 0x0002D144 0x0002C344 0x000005A4
TlsSetValue - 0x004230E0 0x0002D148 0x0002C348 0x000005A5
TlsFree - 0x004230E4 0x0002D14C 0x0002C34C 0x000005A3
FreeLibrary - 0x004230E8 0x0002D150 0x0002C350 0x000001AE
GetProcAddress - 0x004230EC 0x0002D154 0x0002C354 0x000002B1
LoadLibraryExW - 0x004230F0 0x0002D158 0x0002C358 0x000003C7
EncodePointer - 0x004230F4 0x0002D15C 0x0002C35C 0x00000130
RaiseException - 0x004230F8 0x0002D160 0x0002C360 0x00000464
SetEndOfFile - 0x004230FC 0x0002D164 0x0002C364 0x00000512
GetFileType - 0x00423100 0x0002D168 0x0002C368 0x00000251
GetStdHandle - 0x00423104 0x0002D16C 0x0002C36C 0x000002D5
WriteFile - 0x00423108 0x0002D170 0x0002C370 0x00000616
GetModuleFileNameW - 0x0042310C 0x0002D174 0x0002C374 0x00000277
ExitProcess - 0x00423110 0x0002D178 0x0002C378 0x00000161
GetModuleHandleExW - 0x00423114 0x0002D17C 0x0002C37C 0x0000027A
SetFilePointerEx - 0x00423118 0x0002D180 0x0002C380 0x00000525
GetConsoleMode - 0x0042311C 0x0002D184 0x0002C384 0x000001FF
SetStdHandle - 0x00423120 0x0002D188 0x0002C388 0x0000054E
GetConsoleOutputCP - 0x00423124 0x0002D18C 0x0002C38C 0x00000203
CompareStringW - 0x00423128 0x0002D190 0x0002C390 0x0000009E
LCMapStringW - 0x0042312C 0x0002D194 0x0002C394 0x000003B5
GetTimeZoneInformation - 0x00423130 0x0002D198 0x0002C398 0x00000311
FlushFileBuffers - 0x00423134 0x0002D19C 0x0002C39C 0x000001A2
HeapReAlloc - 0x00423138 0x0002D1A0 0x0002C3A0 0x0000034F
FindClose - 0x0042313C 0x0002D1A4 0x0002C3A4 0x00000178
FindFirstFileExW - 0x00423140 0x0002D1A8 0x0002C3A8 0x0000017E
FindNextFileW - 0x00423144 0x0002D1AC 0x0002C3AC 0x0000018F
IsValidCodePage - 0x00423148 0x0002D1B0 0x0002C3B0 0x0000038F
GetACP - 0x0042314C 0x0002D1B4 0x0002C3B4 0x000001B5
GetOEMCP - 0x00423150 0x0002D1B8 0x0002C3B8 0x0000029A
GetCPInfo - 0x00423154 0x0002D1BC 0x0002C3BC 0x000001C4
DecodePointer - 0x00423158 0x0002D1C0 0x0002C3C0 0x0000010C
USER32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSystemMetrics - 0x00423160 0x0002D1C8 0x0002C3C8 0x000001C5
EnumDisplayDevicesA - 0x00423164 0x0002D1CC 0x0002C3CC 0x000000FC
ReleaseDC - 0x00423168 0x0002D1D0 0x0002C3D0 0x000002F8
wsprintfW - 0x0042316C 0x0002D1D4 0x0002C3D4 0x000003E2
GetDC - 0x00423170 0x0002D1D8 0x0002C3D8 0x00000140
GDI32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
BitBlt - 0x00423014 0x0002D07C 0x0002C27C 0x00000013
CreateCompatibleBitmap - 0x00423018 0x0002D080 0x0002C280 0x00000030
SelectObject - 0x0042301C 0x0002D084 0x0002C284 0x00000364
CreateCompatibleDC - 0x00423020 0x0002D088 0x0002C288 0x00000031
CreateDCW - 0x00423024 0x0002D08C 0x0002C28C 0x00000034
GetDIBits - 0x00423028 0x0002D090 0x0002C290 0x0000027A
DeleteDC - 0x0042302C 0x0002D094 0x0002C294 0x00000180
GetObjectW - 0x00423030 0x0002D098 0x0002C298 0x000002AD
DeleteObject - 0x00423034 0x0002D09C 0x0002C29C 0x00000183
ADVAPI32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegEnumKeyExW - 0x00423000 0x0002D068 0x0002C268 0x0000027A
RegOpenKeyExW - 0x00423004 0x0002D06C 0x0002C26C 0x0000028C
RegQueryValueExW - 0x00423008 0x0002D070 0x0002C270 0x00000299
RegCloseKey - 0x0042300C 0x0002D074 0x0002C274 0x0000025B
Memory Dumps (13)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
c0628d64b48b90236336a7b3b16a8d8f.virus.exe 1 0x00BD0000 0x00C02FFF Relevant Image False 32-bit 0x00BDD4AE False
...
buffer 1 0x0019C000 0x0019FFFF First Network Behavior False 32-bit - False
...
buffer 1 0x00699ED0 0x0069A0EF First Network Behavior False 32-bit - False
...
buffer 1 0x0069B1B8 0x0069B51B First Network Behavior False 32-bit - False
...
buffer 1 0x0069C608 0x0069D407 First Network Behavior False 32-bit - False
...
buffer 1 0x0069D410 0x0069E425 First Network Behavior False 32-bit - False
...
buffer 1 0x006A8C70 0x006A8D05 First Network Behavior False 32-bit - False
...
buffer 1 0x006EB838 0x006EBA3F First Network Behavior False 32-bit - False
...
buffer 1 0x006EBB78 0x006EBD7F First Network Behavior False 32-bit - False
...
buffer 1 0x006EBD88 0x006EBF8F First Network Behavior False 32-bit - False
...
buffer 1 0x006EBF98 0x006EC1C7 First Network Behavior False 32-bit - False
...
c0628d64b48b90236336a7b3b16a8d8f.virus.exe 1 0x00BD0000 0x00C02FFF First Network Behavior False 32-bit 0x00BDA0CC False
...
c0628d64b48b90236336a7b3b16a8d8f.virus.exe 1 0x00BD0000 0x00C02FFF Process Termination False 32-bit - False
...
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
Lumma_C2 LummaC2 Stealer Spyware
5/5
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image