Threat Database Trojans Trojan.Lumma.AT

Trojan.Lumma.AT

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Lumma.AT
Signature status: No Signature

Known Samples

MD5: 33dc5fa617e799988b4156ccda02b899
SHA1: 360692b013303ac853a2744c9f465fc8f9476c6f
SHA256: 99EA7DCED9398CD7358FDB971CFF8D568F9C5A570A141B773BF5CA6373E05B63
File Size: 1.39 MB, 1387008 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Company Name BAC Protection
File Description TQADEK
File Version 1.0.0.0
Internal Name BAC.dll
Legal Copyright Copyright (C) 2025
Original Filename BAC.dll
Product Name BAC Protection
Product Version 1.0.0.0

File Traits

  • dll
  • fptable
  • WriteProcessMemory
  • x86

Block Information

Total Blocks: 4,615
Potentially Malicious Blocks: 105
Whitelisted Blocks: 4,068
Unknown Blocks: 442

Visual Map

? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 0 0 x x x ? ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 x x ? x 0 ? ? ? 0 0 ? ? ? ? ? 0 0 0 x ? 0 ? 0 0 ? 0 0 ? x 0 ? ? ? ? ? ? 0 0 ? 0 0 ? 0 x ? x x 0 x x 0 0 0 x ? ? ? 0 0 0 x 0 0 x x 0 x 0 0 0 x 0 x x ? 0 0 ? ? 0 0 0 0 ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? 0 0 ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 x 0 ? ? ? 0 ? 0 ? x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 x x x 0 x x 0 0 ? x 0 ? ? ? 0 0 0 x x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 x 0 0 0 ? 0 0 0 ? 0 0 x x 0 0 0 0 ? 0 0 0 0 0 0 0 0 x x x 0 0 ? ? ? x 0 0 0 0 ? ? ? ? ? ? 0 0 0 ? ? 0 0 0 0 ? 0 ? ? 0 ? 0 0 ? ? 0 x 0 0 0 0 x 0 0 ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 x ? 0 0 0 0 0 ? 0 0 ? ? 0 0 0 ? 0 0 0 0 x ? 0 0 0 0 0 0 0 ? 0 2 0 ? ? ? ? ? 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 ? ? ? ? 0 0 0 0 0 0 ? ? ? 0 ? 0 ? ? 0 0 0 0 ? 0 ? ? 0 ? 0 ? ? 0 ? ? ? ? ? x ? 0 ? 0 0 0 0 x 0 0 0 0 0 0 x 0 ? 0 ? ? x ? 0 ? ? ? x 0 0 0 0 0 0 0 0 0 0 ? x 0 0 ? 0 ? x x ? ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 ? 0 0 ? ? ? ? ? ? 0 x ? x 0 0 0 x x 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 x x x x 0 0 ? ? ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 ? x ? ? ? ? 0 0 ? 0 ? ? ? ? x ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? 0 ? 0 0 0 ? ? ? ? 0 ? ? 0 ? ? ? 0 ? ? ? 0 0 0 ? ? 0 ? ? 0 0 ? ? 0 ? ? ? 0 0 0 0 0 ? ? ? ? ? ? ? 0 ? ? 1 x x ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? 0 0 0 ? x 0 0 ? 0 ? ? ? ? ? 0 ? 0 0 ? 0 x 0 0 ? 0 x ? 0 ? ? 0 0 0 x ? ? 0 ? ? 1 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 ? ? 0 0 0 ? ? 0 0 ? 0 ? 0 ? ? ? ? ? 2 ? 0 ? 0 0 ? ? ? ? ? 0 ? 2 x 0 0 0 x ? ? x ? 0 ? ? 0 ? ? ? 0 x ? x ? 0 x 0 0 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 ? ? ? 0 x 0 0 0 0 ? 0 0 0 x x x ? ? ? ? ? x x x x x x x x x x ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWriteFile
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Anti Debug
  • NtQuerySystemInformation

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\360692b013303ac853a2744c9f465fc8f9476c6f_0001387008.,LiQMAxHB

Trending

Most Viewed

Loading...