popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

eInvoice-20210805_200426_600838.pdf.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 7, 2021, 3:48 p.m. Oct. 7, 2021, 3:52 p.m.
Size 2.2MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ba6701b6fd76a5e17047d3f1e4aee69b
SHA256 ff6c62b6761a6afda4b200606f7d414e448d10a4f8ff70b29d069884ab7315cc
CRC32 7B1EC5BC
ssdeep 49152:56EVsepi8fWV3F5jrosfU5jCIqp4mZg4fstQVdEs7DVqaF:56EVsf8fsbPoxPojg4fsyH7Do
PDB Path C:\munim\veyufecotunomi\71\zuhucukageli_buj\redoyonovomeri\pap-1.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
89.248.173.187 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\munim\veyufecotunomi\71\zuhucukageli_buj\redoyonovomeri\pap-1.pdb
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1328
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 2097152
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02b10000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1328
region_size: 4096000
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02d10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
name RT_ICON language LANG_KYRGYZ filetype dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0 sublanguage SUBLANG_DEFAULT offset 0x0219a190 size 0x000025a8
name RT_GROUP_ICON language LANG_KYRGYZ filetype data sublanguage SUBLANG_DEFAULT offset 0x0219c738 size 0x00000014
section {u'size_of_data': u'0x00201600', u'virtual_address': u'0x00030000', u'entropy': 7.998846541420599, u'name': u'.data', u'virtual_size': u'0x0216907c'} entropy 7.99884654142 description A section with a high entropy has been found
entropy 0.913072476656 description Overall entropy of this PE file is high
host 89.248.173.187
Lionic Trojan.Win32.Injuke.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37491637
FireEye Generic.mg.ba6701b6fd76a5e1
ALYac Trojan.GenericKD.37491637
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 005818121 )
Alibaba Trojan:Win32/Starter.ali2000005
K7GW Trojan ( 005818121 )
CrowdStrike win/malicious_confidence_100% (W)
Cyren W32/Kryptik.EYC.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HMGB
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Generic-9888765-0
Kaspersky HEUR:Trojan.Win32.Injuke.gen
BitDefender Trojan.GenericKD.37491637
NANO-Antivirus Trojan.Win32.Injuke.jaaxnl
Avast Win32:BotX-gen [Trj]
Tencent Malware.Win32.Gencirc.11cbd3c0
Ad-Aware Trojan.GenericKD.37491637
Emsisoft Trojan.GenericKD.37491637 (B)
DrWeb Trojan.DownLoader41.34961
McAfee-GW-Edition BehavesLike.Win32.Generic.vc
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Crypt
Jiangmin Trojan.Injuke.lfa
Avira EXP/YAV.Minerva.tzuxm
MAX malware (ai score=86)
Antiy-AVL Trojan/Generic.ASMalwS.3480F0D
Microsoft Trojan:Win32/CryptInject!MSR
Arcabit Trojan.Generic.D23C13B5
GData Win32.Trojan.PSE.15X6WGF
Cynet Malicious (score: 100)
AhnLab-V3 Infostealer/Win.SmokeLoader.R439080
Acronis suspicious
McAfee Packed-GDT!BA6701B6FD76
VBA32 Backdoor.Convagent
Malwarebytes Trojan.MalPack.GS
Rising Malware.Obscure/Heur!1.A89F (CLASSIC)
Yandex Trojan.Injuke!IrGbORDdaRE
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.HMGB!tr
BitDefenderTheta Gen:NN.ZexaF.34126.msW@a8!lXzkG
AVG Win32:BotX-gen [Trj]
Cybereason malicious.1da35d
Panda Trj/GdSda.A