lumma.exe

First submission 2024-02-08 11:24:05

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 442.0 KB (452608 bytes)
Compile time: 2022-10-16 07:26:54
MD5: 9d6a64c7aa2458129071d1165d98ab2e
SHA1: 3796d26a35039a2f72825aa7c7d80231c9db99eb
SHA256: 65ec2dbfaa62387cfcf6d7eebb48388466ec9912b3b46088101f7853f734adba
Import Hash : e6a462c35d266e63944cf9874893788d
Sections 7 .text .rdata .data .yabatay .tls .soxi .rsrc
Directories 3 import resource tls
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://chubb-institute.com/temp/lumma.exe VirusTotal Report chubb-institute.com VirusTotal Report 2024-02-08 11:24:05

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x667e2 419840 0d3b44b5febe547292ae5977d5f35635bdcb5a25 7429d079afb9eb202407d3546b988dfe
.rdata 0x68000 0x31e0 12800 309de4cb5780ae6c284ba76c91a3e60c8f2fa062 055c8cc3d438340f91881a47a8825512
.data 0x6c000 0x6d60 7680 3567efd2c24a0a39a49234ce052720c9950f3cf4 5696c2592665eaf60ecdaa83178fa483
.yabatay 0x73000 0x7c 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.tls 0x74000 0x9cd 2560 4358194749214d739152fa635bff9e886e4d692b a371492f16c0940507435909603efe88
.soxi 0x75000 0x400 1024 60cacbf3d72e1e7834203da608037b1bf83b40e8 0f343b0931126a20f133d67c2b018a3b
.rsrc 0x76000 0x1bd0 7168 2bdc8962989c81a7540d891b490c51da840433dd 445e64792527198a811e4c7c55c901da

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x761e0 4264
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_US 0x777c0 1034
RT_ACCELERATOR LANG_ENGLISH SUBLANG_ENGLISH_US 0x772a0 32
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x77288 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x772c0 496

Meta infos 6

LegalCopyright: Silent news
InternalName: Stupido
FileVersion: 67.29.5.53
CompanyName: Torque
Translation: 0x179c 0x02fc
ProductVersion: 61.55.12.25

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
ADVAPI32.dll
WUSER32.DLL
KERNEL32.dll
mscoree.dll
USER32.dll

Strings analysis - Possible IPs found 2

61.55.12.25
67.29.5.53

Import functions

Name Latest seen MD5
up.exe 2024-02-09 17:25:01 de838062cd23d4e6330bd8f0320102f5