ScreenShot
| Created | 2021.10.07 15:52 | Machine | s1_win7_x6402 |
| Filename | eInvoice-20210805_200426_600838.pdf.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (Injuke, malicious, high confidence, GenericKD, Unsafe, Save, Starter, ali2000005, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, HMGB, jaaxnl, BotX, Gencirc, DownLoader41, Minerva, tzuxm, ai score=86, ASMalwS, CryptInject, 15X6WGF, score, SmokeLoader, R439080, Convagent, Obscure, CLASSIC, IrGbORDdaRE, Static AI, Malicious PE, susgen, ZexaF, msW@a8, lXzkG, GdSda) | ||
| md5 | ba6701b6fd76a5e17047d3f1e4aee69b | ||
| sha256 | ff6c62b6761a6afda4b200606f7d414e448d10a4f8ff70b29d069884ab7315cc | ||
| ssdeep | 49152:56EVsepi8fWV3F5jrosfU5jCIqp4mZg4fstQVdEs7DVqaF:56EVsf8fsbPoxPojg4fsyH7Do | ||
| imphash | 67c13f8f6053dc802ad3289485f66709 | ||
| impfuzzy | 48:BbS14jODt/B49dlGXGORaEoycftgh0SzLX/f:dSBE9HGXGTEoycftgCSzLX/f | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x426000 GetThreadContext
0x426004 FileTimeToDosDateTime
0x426008 EnumResourceNamesW
0x42600c CreateMutexW
0x426010 SetPriorityClass
0x426014 GetNativeSystemInfo
0x426018 lstrlenA
0x42601c GetDriveTypeW
0x426020 SetEndOfFile
0x426024 InterlockedDecrement
0x426028 GetSystemWindowsDirectoryW
0x42602c GetNamedPipeHandleStateA
0x426030 SetEvent
0x426034 FreeEnvironmentStringsA
0x426038 GetModuleHandleW
0x42603c GetTickCount
0x426040 GetConsoleAliasesLengthA
0x426044 GetSystemTimeAsFileTime
0x426048 GetPrivateProfileStringW
0x42604c WriteFile
0x426050 SetCommState
0x426054 GetCommandLineA
0x426058 FindResourceExA
0x42605c GetPrivateProfileIntA
0x426060 LoadLibraryW
0x426064 CopyFileW
0x426068 GetConsoleAliasExesLengthW
0x42606c SetConsoleMode
0x426070 SetConsoleCursorPosition
0x426074 IsDBCSLeadByte
0x426078 GetOverlappedResult
0x42607c GetStartupInfoW
0x426080 GlobalUnlock
0x426084 GetFileSizeEx
0x426088 GetLastError
0x42608c GetProcAddress
0x426090 VirtualAlloc
0x426094 LoadLibraryA
0x426098 OpenMutexA
0x42609c CreateSemaphoreW
0x4260a0 LocalAlloc
0x4260a4 IsSystemResumeAutomatic
0x4260a8 SetCurrentDirectoryW
0x4260ac WriteProfileSectionW
0x4260b0 HeapWalk
0x4260b4 Process32NextW
0x4260b8 CreateIoCompletionPort
0x4260bc FindFirstChangeNotificationA
0x4260c0 FreeEnvironmentStringsW
0x4260c4 FatalAppExitA
0x4260c8 GetCurrentThreadId
0x4260cc GetCPInfoExA
0x4260d0 SetThreadAffinityMask
0x4260d4 TlsAlloc
0x4260d8 FindAtomW
0x4260dc DeleteFileW
0x4260e0 ReadConsoleOutputCharacterW
0x4260e4 GetSystemTime
0x4260e8 LCMapStringW
0x4260ec CopyFileExA
0x4260f0 MultiByteToWideChar
0x4260f4 GetStartupInfoA
0x4260f8 HeapValidate
0x4260fc IsBadReadPtr
0x426100 RaiseException
0x426104 Sleep
0x426108 InterlockedIncrement
0x42610c ExitProcess
0x426110 TlsGetValue
0x426114 TlsSetValue
0x426118 TlsFree
0x42611c SetLastError
0x426120 EnterCriticalSection
0x426124 LeaveCriticalSection
0x426128 TerminateProcess
0x42612c GetCurrentProcess
0x426130 UnhandledExceptionFilter
0x426134 SetUnhandledExceptionFilter
0x426138 IsDebuggerPresent
0x42613c GetModuleFileNameW
0x426140 DeleteCriticalSection
0x426144 GetACP
0x426148 GetOEMCP
0x42614c GetCPInfo
0x426150 IsValidCodePage
0x426154 SetHandleCount
0x426158 GetStdHandle
0x42615c GetFileType
0x426160 QueryPerformanceCounter
0x426164 GetCurrentProcessId
0x426168 GetModuleFileNameA
0x42616c GetEnvironmentStrings
0x426170 WideCharToMultiByte
0x426174 GetEnvironmentStringsW
0x426178 HeapDestroy
0x42617c HeapCreate
0x426180 HeapFree
0x426184 VirtualFree
0x426188 HeapAlloc
0x42618c HeapSize
0x426190 HeapReAlloc
0x426194 RtlUnwind
0x426198 InitializeCriticalSectionAndSpinCount
0x42619c DebugBreak
0x4261a0 OutputDebugStringA
0x4261a4 WriteConsoleW
0x4261a8 OutputDebugStringW
0x4261ac LCMapStringA
0x4261b0 GetStringTypeA
0x4261b4 GetStringTypeW
0x4261b8 GetLocaleInfoA
0x4261bc SetFilePointer
0x4261c0 GetConsoleCP
0x4261c4 GetConsoleMode
0x4261c8 FlushFileBuffers
0x4261cc SetStdHandle
0x4261d0 WriteConsoleA
0x4261d4 GetConsoleOutputCP
0x4261d8 CloseHandle
0x4261dc CreateFileA
0x4261e0 GetModuleHandleA
EAT(Export Address Table) is none
KERNEL32.dll
0x426000 GetThreadContext
0x426004 FileTimeToDosDateTime
0x426008 EnumResourceNamesW
0x42600c CreateMutexW
0x426010 SetPriorityClass
0x426014 GetNativeSystemInfo
0x426018 lstrlenA
0x42601c GetDriveTypeW
0x426020 SetEndOfFile
0x426024 InterlockedDecrement
0x426028 GetSystemWindowsDirectoryW
0x42602c GetNamedPipeHandleStateA
0x426030 SetEvent
0x426034 FreeEnvironmentStringsA
0x426038 GetModuleHandleW
0x42603c GetTickCount
0x426040 GetConsoleAliasesLengthA
0x426044 GetSystemTimeAsFileTime
0x426048 GetPrivateProfileStringW
0x42604c WriteFile
0x426050 SetCommState
0x426054 GetCommandLineA
0x426058 FindResourceExA
0x42605c GetPrivateProfileIntA
0x426060 LoadLibraryW
0x426064 CopyFileW
0x426068 GetConsoleAliasExesLengthW
0x42606c SetConsoleMode
0x426070 SetConsoleCursorPosition
0x426074 IsDBCSLeadByte
0x426078 GetOverlappedResult
0x42607c GetStartupInfoW
0x426080 GlobalUnlock
0x426084 GetFileSizeEx
0x426088 GetLastError
0x42608c GetProcAddress
0x426090 VirtualAlloc
0x426094 LoadLibraryA
0x426098 OpenMutexA
0x42609c CreateSemaphoreW
0x4260a0 LocalAlloc
0x4260a4 IsSystemResumeAutomatic
0x4260a8 SetCurrentDirectoryW
0x4260ac WriteProfileSectionW
0x4260b0 HeapWalk
0x4260b4 Process32NextW
0x4260b8 CreateIoCompletionPort
0x4260bc FindFirstChangeNotificationA
0x4260c0 FreeEnvironmentStringsW
0x4260c4 FatalAppExitA
0x4260c8 GetCurrentThreadId
0x4260cc GetCPInfoExA
0x4260d0 SetThreadAffinityMask
0x4260d4 TlsAlloc
0x4260d8 FindAtomW
0x4260dc DeleteFileW
0x4260e0 ReadConsoleOutputCharacterW
0x4260e4 GetSystemTime
0x4260e8 LCMapStringW
0x4260ec CopyFileExA
0x4260f0 MultiByteToWideChar
0x4260f4 GetStartupInfoA
0x4260f8 HeapValidate
0x4260fc IsBadReadPtr
0x426100 RaiseException
0x426104 Sleep
0x426108 InterlockedIncrement
0x42610c ExitProcess
0x426110 TlsGetValue
0x426114 TlsSetValue
0x426118 TlsFree
0x42611c SetLastError
0x426120 EnterCriticalSection
0x426124 LeaveCriticalSection
0x426128 TerminateProcess
0x42612c GetCurrentProcess
0x426130 UnhandledExceptionFilter
0x426134 SetUnhandledExceptionFilter
0x426138 IsDebuggerPresent
0x42613c GetModuleFileNameW
0x426140 DeleteCriticalSection
0x426144 GetACP
0x426148 GetOEMCP
0x42614c GetCPInfo
0x426150 IsValidCodePage
0x426154 SetHandleCount
0x426158 GetStdHandle
0x42615c GetFileType
0x426160 QueryPerformanceCounter
0x426164 GetCurrentProcessId
0x426168 GetModuleFileNameA
0x42616c GetEnvironmentStrings
0x426170 WideCharToMultiByte
0x426174 GetEnvironmentStringsW
0x426178 HeapDestroy
0x42617c HeapCreate
0x426180 HeapFree
0x426184 VirtualFree
0x426188 HeapAlloc
0x42618c HeapSize
0x426190 HeapReAlloc
0x426194 RtlUnwind
0x426198 InitializeCriticalSectionAndSpinCount
0x42619c DebugBreak
0x4261a0 OutputDebugStringA
0x4261a4 WriteConsoleW
0x4261a8 OutputDebugStringW
0x4261ac LCMapStringA
0x4261b0 GetStringTypeA
0x4261b4 GetStringTypeW
0x4261b8 GetLocaleInfoA
0x4261bc SetFilePointer
0x4261c0 GetConsoleCP
0x4261c4 GetConsoleMode
0x4261c8 FlushFileBuffers
0x4261cc SetStdHandle
0x4261d0 WriteConsoleA
0x4261d4 GetConsoleOutputCP
0x4261d8 CloseHandle
0x4261dc CreateFileA
0x4261e0 GetModuleHandleA
EAT(Export Address Table) is none