lumma.exe

First submission 2024-02-09 08:21:04

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 442.5 KB (453120 bytes)
Compile time: 2022-09-16 17:19:03
MD5: 30862fecf7b6eff6b318feccc621d737
SHA1: 292a0253b61aa8850bbc1eccd480218782d27801
SHA256: 4fd0f59fc43439d5040c5d59f90d40a33a656376d7d0d04327b0d364a726031f
Import Hash : 55e8353f802707422a3462a3bab24fd9
Sections 8 .text .rdata .data .pucuma .tls .loga .wav .rsrc
Directories 3 import resource tls
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://chubb-institute.com/temp/lumma.exe VirusTotal Report chubb-institute.com VirusTotal Report 2024-02-09 08:21:04

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x66502 419328 4dda311f4e37083b2928e46ade9f0d415f73dbaa e01a29c0eef369a4d72bcb542aa2cfde
.rdata 0x68000 0x3198 12800 070b20c8217c958eb8358622b41457a72bc86929 2a414598bb7b126b6bdaaa38862f85ef
.data 0x6c000 0x27a8580 7680 86190e1852d7b3acf559fdff9ba1403014c202cf 9c6e6b051d8412700c1d059c3d5bbbe2
.pucuma 0x2815000 0x7c 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.tls 0x2816000 0x9cd 2560 4358194749214d739152fa635bff9e886e4d692b a371492f16c0940507435909603efe88
.loga 0x2817000 0xc 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.wav 0x2818000 0x400 1024 60cacbf3d72e1e7834203da608037b1bf83b40e8 0f343b0931126a20f133d67c2b018a3b
.rsrc 0x2819000 0x1c30 7680 cc5ef85adb3f05e1221d729f39a1854ecc90215e 10dea5c4e4c11b61dbe13c1e6d64f965

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x28191e0 4264
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_US 0x281a888 932
RT_ACCELERATOR LANG_ENGLISH SUBLANG_ENGLISH_US 0x281a2a0 32
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x281a288 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x281a2c0 496

Meta infos 6

LegalCopyright: Silent news
InternalName: Stupido
FileVersion: 44.41.80.59
CompanyName: Torque
Translation: 0x179c 0x02fd
ProductVersion: 5.99.76.62

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
ADVAPI32.dll
WUSER32.DLL
KERNEL32.dll
mscoree.dll
USER32.dll

Strings analysis - Possible IPs found 2

5.99.76.62
44.41.80.59

Import functions

Name Latest seen MD5
ghost.exe 2024-02-09 06:44:45 b077d33f58db73dd013c079bb435efa3