Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

Lumma

Dynamic Analysis Report

Created on 2024-05-25T20:05:27+00:00

e83553067167ec03f4f2e2dd798ee61d.virus.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\e83553067167ec03f4f2e2dd798ee61d.virus.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 162.00 KB
MD5 e83553067167ec03f4f2e2dd798ee61d Copy to Clipboard
SHA1 6a204db62d25f653058006fa33720b2bd5e74dd8 Copy to Clipboard
SHA256 cea0a58bd50de03421056c4d71f95b2e63f670c2e0692ee10426eaa662d4e37e Copy to Clipboard
SSDeep 3072:mer4zoJMAYd+5VdYSyCft3JBUcknyNim0gOCJgTTovOgfD40WBvzj8cFSZ:58AYQH7gENndg3ovRf+FSZ Copy to Clipboard
ImpHash 6267ae8615795a0e822c6b0f2fdc6338 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x00409179
Size Of Code 0x0001C000
Size Of Initialized Data 0x0000D000
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-01-09 02:22 (UTC)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0001BEA4 0x0001C000 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.67
.rdata 0x0041D000 0x00009E80 0x0000A000 0x0001C400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.17
.data 0x00427000 0x00001698 0x00000C00 0x00026400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.31
.rsrc 0x00429000 0x000001E0 0x00000200 0x00027000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.72
.reloc 0x0042A000 0x00001440 0x00001600 0x00027200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.39
Imports (1)
»
KERNEL32.dll (77)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
lstrcatW - 0x0041D000 0x000267A4 0x00025BA4 0x00000631
lstrlenW - 0x0041D004 0x000267A8 0x00025BA8 0x00000640
lstrcmpW - 0x0041D008 0x000267AC 0x00025BAC 0x00000634
MultiByteToWideChar - 0x0041D00C 0x000267B0 0x00025BB0 0x000003F3
WideCharToMultiByte - 0x0041D010 0x000267B4 0x00025BB4 0x00000602
ReadFile - 0x0041D014 0x000267B8 0x00025BB8 0x00000475
HeapFree - 0x0041D018 0x000267BC 0x00025BBC 0x0000034C
GetCurrentProcess - 0x0041D01C 0x000267C0 0x00025BC0 0x0000021A
Wow64DisableWow64FsRedirection - 0x0041D020 0x000267C4 0x00025BC4 0x00000604
CreateFileW - 0x0041D024 0x000267C8 0x00025BC8 0x000000CE
Wow64RevertWow64FsRedirection - 0x0041D028 0x000267CC 0x00025BCC 0x00000608
CloseHandle - 0x0041D02C 0x000267D0 0x00025BD0 0x00000089
GetNativeSystemInfo - 0x0041D030 0x000267D4 0x00025BD4 0x00000288
HeapAlloc - 0x0041D034 0x000267D8 0x00025BD8 0x00000348
GetFileSize - 0x0041D038 0x000267DC 0x00025BDC 0x0000024E
GetProcessHeap - 0x0041D03C 0x000267E0 0x00025BE0 0x000002B7
lstrcmpiW - 0x0041D040 0x000267E4 0x00025BE4 0x00000637
WriteConsoleW - 0x0041D044 0x000267E8 0x00025BE8 0x00000615
UnhandledExceptionFilter - 0x0041D048 0x000267EC 0x00025BEC 0x000005B1
SetUnhandledExceptionFilter - 0x0041D04C 0x000267F0 0x00025BF0 0x00000571
TerminateProcess - 0x0041D050 0x000267F4 0x00025BF4 0x00000590
IsProcessorFeaturePresent - 0x0041D054 0x000267F8 0x00025BF8 0x00000389
QueryPerformanceCounter - 0x0041D058 0x000267FC 0x00025BFC 0x0000044F
GetCurrentProcessId - 0x0041D05C 0x00026800 0x00025C00 0x0000021B
GetCurrentThreadId - 0x0041D060 0x00026804 0x00025C04 0x0000021F
GetSystemTimeAsFileTime - 0x0041D064 0x00026808 0x00025C08 0x000002EC
InitializeSListHead - 0x0041D068 0x0002680C 0x00025C0C 0x00000366
IsDebuggerPresent - 0x0041D06C 0x00026810 0x00025C10 0x00000382
GetStartupInfoW - 0x0041D070 0x00026814 0x00025C14 0x000002D3
GetModuleHandleW - 0x0041D074 0x00026818 0x00025C18 0x0000027B
RtlUnwind - 0x0041D078 0x0002681C 0x00025C1C 0x000004D5
GetLastError - 0x0041D07C 0x00026820 0x00025C20 0x00000264
SetLastError - 0x0041D080 0x00026824 0x00025C24 0x00000534
EnterCriticalSection - 0x0041D084 0x00026828 0x00025C28 0x00000134
LeaveCriticalSection - 0x0041D088 0x0002682C 0x00025C2C 0x000003C1
DeleteCriticalSection - 0x0041D08C 0x00026830 0x00025C30 0x00000113
InitializeCriticalSectionAndSpinCount - 0x0041D090 0x00026834 0x00025C34 0x00000362
TlsAlloc - 0x0041D094 0x00026838 0x00025C38 0x000005A2
TlsGetValue - 0x0041D098 0x0002683C 0x00025C3C 0x000005A4
TlsSetValue - 0x0041D09C 0x00026840 0x00025C40 0x000005A5
TlsFree - 0x0041D0A0 0x00026844 0x00025C44 0x000005A3
FreeLibrary - 0x0041D0A4 0x00026848 0x00025C48 0x000001AE
GetProcAddress - 0x0041D0A8 0x0002684C 0x00025C4C 0x000002B1
LoadLibraryExW - 0x0041D0AC 0x00026850 0x00025C50 0x000003C7
EncodePointer - 0x0041D0B0 0x00026854 0x00025C54 0x00000130
RaiseException - 0x0041D0B4 0x00026858 0x00025C58 0x00000464
SetEndOfFile - 0x0041D0B8 0x0002685C 0x00025C5C 0x00000512
GetFileType - 0x0041D0BC 0x00026860 0x00025C60 0x00000251
GetStdHandle - 0x0041D0C0 0x00026864 0x00025C64 0x000002D5
WriteFile - 0x0041D0C4 0x00026868 0x00025C68 0x00000616
GetModuleFileNameW - 0x0041D0C8 0x0002686C 0x00025C6C 0x00000277
ExitProcess - 0x0041D0CC 0x00026870 0x00025C70 0x00000161
GetModuleHandleExW - 0x0041D0D0 0x00026874 0x00025C74 0x0000027A
SetFilePointerEx - 0x0041D0D4 0x00026878 0x00025C78 0x00000525
GetConsoleMode - 0x0041D0D8 0x0002687C 0x00025C7C 0x000001FF
SetStdHandle - 0x0041D0DC 0x00026880 0x00025C80 0x0000054E
GetConsoleOutputCP - 0x0041D0E0 0x00026884 0x00025C84 0x00000203
CompareStringW - 0x0041D0E4 0x00026888 0x00025C88 0x0000009E
LCMapStringW - 0x0041D0E8 0x0002688C 0x00025C8C 0x000003B5
GetTimeZoneInformation - 0x0041D0EC 0x00026890 0x00025C90 0x00000311
FlushFileBuffers - 0x0041D0F0 0x00026894 0x00025C94 0x000001A2
HeapReAlloc - 0x0041D0F4 0x00026898 0x00025C98 0x0000034F
FindClose - 0x0041D0F8 0x0002689C 0x00025C9C 0x00000178
FindFirstFileExW - 0x0041D0FC 0x000268A0 0x00025CA0 0x0000017E
FindNextFileW - 0x0041D100 0x000268A4 0x00025CA4 0x0000018F
IsValidCodePage - 0x0041D104 0x000268A8 0x00025CA8 0x0000038F
GetACP - 0x0041D108 0x000268AC 0x00025CAC 0x000001B5
GetOEMCP - 0x0041D10C 0x000268B0 0x00025CB0 0x0000029A
GetCPInfo - 0x0041D110 0x000268B4 0x00025CB4 0x000001C4
GetCommandLineA - 0x0041D114 0x000268B8 0x00025CB8 0x000001D9
GetCommandLineW - 0x0041D118 0x000268BC 0x00025CBC 0x000001DA
GetEnvironmentStringsW - 0x0041D11C 0x000268C0 0x00025CC0 0x0000023A
FreeEnvironmentStringsW - 0x0041D120 0x000268C4 0x00025CC4 0x000001AD
SetEnvironmentVariableW - 0x0041D124 0x000268C8 0x00025CC8 0x00000516
GetStringTypeW - 0x0041D128 0x000268CC 0x00025CCC 0x000002DA
HeapSize - 0x0041D12C 0x000268D0 0x00025CD0 0x00000351
DecodePointer - 0x0041D130 0x000268D4 0x00025CD4 0x0000010C
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
e83553067167ec03f4f2e2dd798ee61d.virus.exe 1 0x00C30000 0x00C5BFFF Relevant Image False 32-bit 0x00C3A1AE False
...
e83553067167ec03f4f2e2dd798ee61d.virus.exe 1 0x00C30000 0x00C5BFFF Process Termination False 32-bit - False
...
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
Lumma_C2 LummaC2 Stealer Spyware
5/5
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image