lumma | 0871857a59b9d6059df9048b4710f7c2

Sharing

Copy URL

Twitter E-mail

General

Target

0871857a59b9d6059df9048b4710f7c2
Size

1.7MB
MD5

0871857a59b9d6059df9048b4710f7c2
SHA1

854516f658d6dd078870f5ff9bebd2b87fc6e67c
SHA256

be6cfb8efa4e4af664abf16d173f56af47fe7786bdce315edfd84f664700ce32
SHA512

4fca86dd1c0e8cfa5907d4edafdd9553057949014087fa998d28082326ab9146eac57e7465d831b3ae2e185a42c933b3193dc361f75dc6d71fea00647e3af285
SSDEEP

49152:FrnLzF9PkESnchmZCUaZF++uhvzN/xTYNO:F/frScm8UiEBvzN/FYNO

Score

10^/10

lumma

Malware Config

Signatures

Detect Lumma Stealer payload V4 1 IoCs

resource	yara_rule
static1/unpack001/Game.exe	family_lumma_v4

Lumma family
lumma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Game.exe

Files

0871857a59b9d6059df9048b4710f7c2
.zip
Game.exe
.exe windows:6 windows x86 arch:x86

7a2bba46af1df3fbab712f8c97c4eb5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

ord1

kernel32

CreateFileA
FindFirstFileA
ReadFile
GetFileSize
GetSystemDirectoryA
ExitProcess
FindClose
FindNextFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateDirectoryA
WriteFile
GetLocalTime
OutputDebugStringA
GetCurrentDirectoryA
CreateProcessA
WritePrivateProfileStringA
SetFilePointer
VirtualProtect
VirtualQuery
GlobalAlloc
GetComputerNameA
SuspendThread
DeleteFileA
ResumeThread
CopyFileA
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
SetThreadPriority
TerminateThread
GetExitCodeThread
_lopen
_lcreat
_lread
_lwrite
_lclose
CompareFileTime
GlobalUnlock
GlobalLock
GlobalHandle
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByte
LocalAlloc
LocalFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
TerminateProcess
OpenProcess
GetVersionExA
K32EnumProcesses
K32EnumProcessModules
K32GetModuleBaseNameA
SetEndOfFile
CreateFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
lstrcmpiA
SetConsoleCtrlHandler
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileType
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
SetLastError
EncodePointer
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
FreeLibraryAndExitThread
GetTickCount
OpenThread
GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcmpA
DuplicateHandle
CloseHandle
IsDebuggerPresent
DeleteCriticalSection
InitializeCriticalSectionEx
FormatMessageW
lstrcatA
ExitThread
WriteConsoleW
GetCurrentThread
Sleep
Module32Next
Module32First
Thread32Next
Thread32First
CreateToolhelp32Snapshot
lstrlenA
lstrcpyA
FindFirstFileExW
lstrcpynA
DecodePointer
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap

user32

ClientToScreen
GetClientRect
SetWindowTextA
ReleaseDC
GetDC
GetClassNameA
EnumWindows
CharLowerA
OffsetRect
SendMessageA
GetKeyState
MessageBoxA
LoadKeyboardLayoutA
GetKeyboardLayoutNameA
TranslateMessage
DispatchMessageA
wsprintfA
PeekMessageA
DefWindowProcA
RegisterClassA
CreateWindowExA
DestroyWindow
ShowWindow
GetWindow
GetDlgItem
UpdateWindow
LoadCursorA
WaitMessage
PostQuitMessage
SetTimer
GetSystemMetrics
LoadMenuA
GetMenu
SetMenu
CreateMenu
CheckMenuItem
EnableMenuItem
SetForegroundWindow
LoadIconA
DestroyIcon
SetWindowPos
GetAsyncKeyState
AdjustWindowRect
SetWindowLongA
CharToOemA
OemToCharA
CharUpperA
PostMessageA
CallWindowProcA
SetFocus
GetForegroundWindow
AdjustWindowRectEx
ShowCursor
GetWindowLongA
UnregisterClassA
FindWindowA
GetWindowTextA
CreateDialogParamA

gdi32

CreateSolidBrush
GetTextColor
GetStockObject
SetBkMode
GetObjectA
SelectObject
GetDIBits
DeleteDC
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
CreateFontA

advapi32

RegCloseKey
RegDeleteValueA
RegOpenKeyA
RegCreateKeyExA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateFontA
D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx

winmm

mixerOpen
mixerClose
mixerGetLineInfoA
mixerGetControlDetailsA
mixerSetControlDetails
mmioGetInfo
mmioSeek
mixerGetDevCapsA
mmioRead
mmioClose
mmioOpenA
timeEndPeriod
timeBeginPeriod
timeKillEvent
timeSetEvent
timeGetTime
mmioCreateChunk
mmioAscend
mmioDescend
mixerGetLineControlsA
mmioAdvance
mmioWrite
mmioSetInfo

shlwapi

PathFileExistsA

msvfw32

ICSendMessage
ICDecompress
ICLocate
ICClose

avifil32

AVIStreamOpenFromFileA
AVIStreamInfoA
AVIStreamRelease
AVIFileExit
AVIFileInit
AVIStreamRead
AVIStreamLength
AVIStreamReadFormat

iphlpapi

GetAdaptersInfo

wininet

InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
HttpQueryInfoA

wsock32

ioctlsocket
WSACleanup
accept
connect
inet_ntoa
htons
inet_addr
listen
recv
send
setsockopt
socket
gethostbyname
gethostname
WSAStartup
WSAGetLastError
WSAAsyncSelect
closesocket
__WSAFDIsSet
select
bind

imm32

ImmGetDescriptionA
ImmGetProperty
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringA
ImmGetCandidateListCountA
ImmGetCandidateListA
ImmGetConversionStatus
ImmSetConversionStatus
ImmSetOpenStatus

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 93.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a2bba46af1df3fbab712f8c97c4eb5c

Headers

DLL Characteristics

File Characteristics

Imports

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

d3d9

d3dx9_43

winmm

shlwapi

msvfw32

avifil32

iphlpapi

wininet

wsock32

imm32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 456KB - Virtual size: 456KB

.data Size: 1.4MB - Virtual size: 93.8MB

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 269KB - Virtual size: 268KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 456KB - Virtual size: 456KB

.data
Size: 1.4MB - Virtual size: 93.8MB

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 269KB - Virtual size: 268KB