popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

InvoicePrinter.exe

Emotet Malicious Library UPX Admin Tool (Sysinternals etc ...) PE32 PE File MZP Format
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 24, 2023, 5:51 p.m. Aug. 24, 2023, 5:53 p.m.
Size 3.6MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c86f7b00cedb3b932c5a4714cd011a33
SHA256 ee5f78a62048a105cd7275b11cd0f165b33b82fa044ebea517efb7f9b5e2be4c
CRC32 E5D0BAE9
ssdeep 49152:Fg9LYcFfraQq83Vchfg0GKCI6SbmIxHa9ppDLEhTmPOV6hQ:Fg9LY4NFcxg0G5gmy63pDLfPO6h
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section CODE
section DATA
section BSS
packer BobSoft Mini Delphi -> BoB / BobSoft
resource name DXSKINS
resource name PNG
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
invoiceprinter+0x23d919 @ 0x63d919
invoiceprinter+0x23d1c1 @ 0x63d1c1
invoiceprinter+0x23f23a @ 0x63f23a
invoiceprinter+0x21ac42 @ 0x61ac42
invoiceprinter+0x265ce2 @ 0x665ce2
invoiceprinter+0x21af62 @ 0x61af62
invoiceprinter+0x2e0c27 @ 0x6e0c27
invoiceprinter+0x2e27d6 @ 0x6e27d6
invoiceprinter+0x2aede @ 0x42aede
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755f77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x755f7bca
invoiceprinter+0x8f4e0 @ 0x48f4e0
invoiceprinter+0x2e34f9 @ 0x6e34f9
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x7559b727
registers.esp: 1636952
registers.edi: 0
registers.eax: 1636952
registers.ebp: 1637032
registers.edx: 0
registers.ebx: 6525136
registers.esi: 2147500037
registers.ecx: 7
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1476
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
name RT_ICON language LANG_KOREAN filetype dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 3886289152, next used block 1420038400 sublanguage SUBLANG_KOREAN offset 0x0034c480 size 0x00010828
name RT_GROUP_ICON language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x003a8488 size 0x00000014
Bkav W32.AIDetectMalware
Webroot W32.Malware.Gen
MaxSecure Trojan.Malware.300983.susgen