ScreenShot
| Created | 2022.01.18 16:47 | Machine | s1_win7_x6403 |
| Filename | invoice.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetect, malware1, Convagent, malicious, high confidence, Siggen3, Mikey, Unsafe, Save, Kryptik, Eldorado, HNZX, FileRepMalware, score, Generic@AI, RDML, ByFA, TKkxB1wobZgEFSaDw, Outbreak, kcloud, Phonzy, Artemis, R002H0DAI22, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 9fca8332a98b2475b8c5243f70ce5058 | ||
| sha256 | c33fcdf3021040ca6a3cab3a0c8276eab8b4f810687a8da405cd77b2664590f4 | ||
| ssdeep | 12288:ydObsBO4L4mw0slCa0PkWNIzj1tn0G3ioQJ4chMz+k:gHNL4m5swnVq3nZoJ | ||
| imphash | 7435d26c0c13d1849943ee53652747f4 | ||
| impfuzzy | 96:hMo1M11BWPTQ2Z0xX8FDdwn6a6iVfcmG3tcCe24xg6C:exBWPTQeSs/wNol | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_DarkSide_Ransomware_1_Zero | Darkside Ransomware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x401000 HeapLock
0x401004 CreateNamedPipeW
0x401008 GetExitCodeProcess
0x40100c DeactivateActCtx
0x401010 GetVersionExW
0x401014 GetConsoleCP
0x401018 GetConsoleAliasesLengthA
0x40101c GetDefaultCommConfigA
0x401020 FindFirstFileExA
0x401024 GetDriveTypeW
0x401028 FreeEnvironmentStringsW
0x40102c GetProcessPriorityBoost
0x401030 SetVolumeMountPointA
0x401034 SetCurrentDirectoryW
0x401038 GetLongPathNameA
0x40103c CopyFileW
0x401040 TlsGetValue
0x401044 LoadResource
0x401048 SetComputerNameExW
0x40104c SystemTimeToTzSpecificLocalTime
0x401050 FindAtomA
0x401054 ReleaseSemaphore
0x401058 CallNamedPipeW
0x40105c CreateMailslotW
0x401060 BuildCommDCBAndTimeoutsA
0x401064 VirtualProtect
0x401068 LoadLibraryA
0x40106c GlobalAlloc
0x401070 TryEnterCriticalSection
0x401074 GetCommandLineA
0x401078 InterlockedDecrement
0x40107c GetCalendarInfoA
0x401080 DeleteFileA
0x401084 CreateActCtxW
0x401088 OutputDebugStringA
0x40108c SetSystemTimeAdjustment
0x401090 SetPriorityClass
0x401094 WritePrivateProfileStringW
0x401098 GetProcessHeaps
0x40109c GlobalUnWire
0x4010a0 GetProcessHeap
0x4010a4 GetStartupInfoW
0x4010a8 GetDiskFreeSpaceExW
0x4010ac GetCPInfoExW
0x4010b0 GetWindowsDirectoryA
0x4010b4 GetSystemWow64DirectoryW
0x4010b8 GetLastError
0x4010bc GetProfileStringA
0x4010c0 WriteProfileSectionA
0x4010c4 GetProfileStringW
0x4010c8 GetConsoleCursorInfo
0x4010cc SetLastError
0x4010d0 DeleteVolumeMountPointW
0x4010d4 DebugBreak
0x4010d8 GetPrivateProfileSectionW
0x4010dc lstrcmpA
0x4010e0 ReadFileScatter
0x4010e4 SetConsoleMode
0x4010e8 GetSystemWindowsDirectoryA
0x4010ec TerminateProcess
0x4010f0 GlobalFindAtomW
0x4010f4 FindCloseChangeNotification
0x4010f8 SetTapeParameters
0x4010fc SetMailslotInfo
0x401100 InterlockedExchange
0x401104 DefineDosDeviceA
0x401108 FindVolumeMountPointClose
0x40110c EndUpdateResourceW
0x401110 WriteConsoleA
0x401114 GetSystemTimeAdjustment
0x401118 GetPrivateProfileSectionA
0x40111c WritePrivateProfileSectionA
0x401120 GetPrivateProfileStructW
0x401124 GetDriveTypeA
0x401128 GetFileAttributesExA
0x40112c FileTimeToLocalFileTime
0x401130 MoveFileA
0x401134 GetVolumePathNameW
0x401138 HeapUnlock
0x40113c lstrcmpW
0x401140 SetDefaultCommConfigA
0x401144 FindActCtxSectionGuid
0x401148 SetThreadContext
0x40114c MoveFileExW
0x401150 GlobalUnlock
0x401154 UnregisterWait
0x401158 BuildCommDCBA
0x40115c GlobalDeleteAtom
0x401160 OpenEventW
0x401164 TransmitCommChar
0x401168 WaitNamedPipeA
0x40116c GetPrivateProfileSectionNamesW
0x401170 FindResourceExW
0x401174 GetLocalTime
0x401178 SetLocalTime
0x40117c OpenSemaphoreA
0x401180 GetProcAddress
0x401184 SetFileShortNameW
0x401188 lstrcpyW
0x40118c VerLanguageNameW
0x401190 GetThreadSelectorEntry
0x401194 SetSystemTime
0x401198 SetConsoleCP
0x40119c GetConsoleAliasW
0x4011a0 FlushConsoleInputBuffer
0x4011a4 AllocConsole
0x4011a8 GetAtomNameW
0x4011ac WriteConsoleInputA
0x4011b0 TransactNamedPipe
0x4011b4 GetCommState
0x4011b8 LockFile
0x4011bc _lopen
0x4011c0 GetConsoleAliasExesLengthA
0x4011c4 GetWriteWatch
0x4011c8 GetConsoleOutputCP
0x4011cc GetModuleHandleA
0x4011d0 WriteConsoleOutputCharacterW
0x4011d4 EnumDateFormatsW
0x4011d8 HeapReAlloc
0x4011dc GetCommMask
0x4011e0 SetFilePointer
0x4011e4 FindClose
0x4011e8 SetFileApisToANSI
0x4011ec CancelWaitableTimer
0x4011f0 GetProcessHandleCount
0x4011f4 GetCurrentProcessId
0x4011f8 SetNamedPipeHandleState
0x4011fc GetCompressedFileSizeA
0x401200 FindNextVolumeMountPointW
0x401204 GetFullPathNameA
0x401208 WriteProfileStringW
0x40120c DeleteAtom
0x401210 GlobalAddAtomA
0x401214 AssignProcessToJobObject
0x401218 QueryDosDeviceW
0x40121c InitializeCriticalSection
0x401220 SetFirmwareEnvironmentVariableW
0x401224 GetBinaryTypeA
0x401228 CreateIoCompletionPort
0x40122c InterlockedIncrement
0x401230 Sleep
0x401234 DeleteCriticalSection
0x401238 EnterCriticalSection
0x40123c LeaveCriticalSection
0x401240 RaiseException
0x401244 RtlUnwind
0x401248 GetCurrentProcess
0x40124c UnhandledExceptionFilter
0x401250 SetUnhandledExceptionFilter
0x401254 IsDebuggerPresent
0x401258 GetModuleFileNameW
0x40125c GetStartupInfoA
0x401260 WideCharToMultiByte
0x401264 MultiByteToWideChar
0x401268 LCMapStringA
0x40126c LCMapStringW
0x401270 GetCPInfo
0x401274 HeapValidate
0x401278 IsBadReadPtr
0x40127c GetModuleHandleW
0x401280 TlsAlloc
0x401284 TlsSetValue
0x401288 GetCurrentThreadId
0x40128c TlsFree
0x401290 GetStdHandle
0x401294 WriteFile
0x401298 WriteConsoleW
0x40129c GetFileType
0x4012a0 OutputDebugStringW
0x4012a4 ExitProcess
0x4012a8 LoadLibraryW
0x4012ac GetModuleFileNameA
0x4012b0 SetHandleCount
0x4012b4 QueryPerformanceCounter
0x4012b8 GetTickCount
0x4012bc GetSystemTimeAsFileTime
0x4012c0 FreeEnvironmentStringsA
0x4012c4 GetEnvironmentStrings
0x4012c8 GetEnvironmentStringsW
0x4012cc HeapDestroy
0x4012d0 HeapCreate
0x4012d4 HeapFree
0x4012d8 VirtualFree
0x4012dc GetACP
0x4012e0 GetOEMCP
0x4012e4 IsValidCodePage
0x4012e8 GetLocaleInfoA
0x4012ec GetStringTypeA
0x4012f0 GetStringTypeW
0x4012f4 HeapAlloc
0x4012f8 HeapSize
0x4012fc VirtualAlloc
0x401300 IsValidLocale
0x401304 EnumSystemLocalesA
0x401308 GetUserDefaultLCID
0x40130c FlushFileBuffers
0x401310 GetConsoleMode
0x401314 InitializeCriticalSectionAndSpinCount
0x401318 GetLocaleInfoW
0x40131c SetStdHandle
0x401320 CloseHandle
0x401324 CreateFileA
USER32.dll
0x40132c OemToCharW
EAT(Export Address Table) is none
KERNEL32.dll
0x401000 HeapLock
0x401004 CreateNamedPipeW
0x401008 GetExitCodeProcess
0x40100c DeactivateActCtx
0x401010 GetVersionExW
0x401014 GetConsoleCP
0x401018 GetConsoleAliasesLengthA
0x40101c GetDefaultCommConfigA
0x401020 FindFirstFileExA
0x401024 GetDriveTypeW
0x401028 FreeEnvironmentStringsW
0x40102c GetProcessPriorityBoost
0x401030 SetVolumeMountPointA
0x401034 SetCurrentDirectoryW
0x401038 GetLongPathNameA
0x40103c CopyFileW
0x401040 TlsGetValue
0x401044 LoadResource
0x401048 SetComputerNameExW
0x40104c SystemTimeToTzSpecificLocalTime
0x401050 FindAtomA
0x401054 ReleaseSemaphore
0x401058 CallNamedPipeW
0x40105c CreateMailslotW
0x401060 BuildCommDCBAndTimeoutsA
0x401064 VirtualProtect
0x401068 LoadLibraryA
0x40106c GlobalAlloc
0x401070 TryEnterCriticalSection
0x401074 GetCommandLineA
0x401078 InterlockedDecrement
0x40107c GetCalendarInfoA
0x401080 DeleteFileA
0x401084 CreateActCtxW
0x401088 OutputDebugStringA
0x40108c SetSystemTimeAdjustment
0x401090 SetPriorityClass
0x401094 WritePrivateProfileStringW
0x401098 GetProcessHeaps
0x40109c GlobalUnWire
0x4010a0 GetProcessHeap
0x4010a4 GetStartupInfoW
0x4010a8 GetDiskFreeSpaceExW
0x4010ac GetCPInfoExW
0x4010b0 GetWindowsDirectoryA
0x4010b4 GetSystemWow64DirectoryW
0x4010b8 GetLastError
0x4010bc GetProfileStringA
0x4010c0 WriteProfileSectionA
0x4010c4 GetProfileStringW
0x4010c8 GetConsoleCursorInfo
0x4010cc SetLastError
0x4010d0 DeleteVolumeMountPointW
0x4010d4 DebugBreak
0x4010d8 GetPrivateProfileSectionW
0x4010dc lstrcmpA
0x4010e0 ReadFileScatter
0x4010e4 SetConsoleMode
0x4010e8 GetSystemWindowsDirectoryA
0x4010ec TerminateProcess
0x4010f0 GlobalFindAtomW
0x4010f4 FindCloseChangeNotification
0x4010f8 SetTapeParameters
0x4010fc SetMailslotInfo
0x401100 InterlockedExchange
0x401104 DefineDosDeviceA
0x401108 FindVolumeMountPointClose
0x40110c EndUpdateResourceW
0x401110 WriteConsoleA
0x401114 GetSystemTimeAdjustment
0x401118 GetPrivateProfileSectionA
0x40111c WritePrivateProfileSectionA
0x401120 GetPrivateProfileStructW
0x401124 GetDriveTypeA
0x401128 GetFileAttributesExA
0x40112c FileTimeToLocalFileTime
0x401130 MoveFileA
0x401134 GetVolumePathNameW
0x401138 HeapUnlock
0x40113c lstrcmpW
0x401140 SetDefaultCommConfigA
0x401144 FindActCtxSectionGuid
0x401148 SetThreadContext
0x40114c MoveFileExW
0x401150 GlobalUnlock
0x401154 UnregisterWait
0x401158 BuildCommDCBA
0x40115c GlobalDeleteAtom
0x401160 OpenEventW
0x401164 TransmitCommChar
0x401168 WaitNamedPipeA
0x40116c GetPrivateProfileSectionNamesW
0x401170 FindResourceExW
0x401174 GetLocalTime
0x401178 SetLocalTime
0x40117c OpenSemaphoreA
0x401180 GetProcAddress
0x401184 SetFileShortNameW
0x401188 lstrcpyW
0x40118c VerLanguageNameW
0x401190 GetThreadSelectorEntry
0x401194 SetSystemTime
0x401198 SetConsoleCP
0x40119c GetConsoleAliasW
0x4011a0 FlushConsoleInputBuffer
0x4011a4 AllocConsole
0x4011a8 GetAtomNameW
0x4011ac WriteConsoleInputA
0x4011b0 TransactNamedPipe
0x4011b4 GetCommState
0x4011b8 LockFile
0x4011bc _lopen
0x4011c0 GetConsoleAliasExesLengthA
0x4011c4 GetWriteWatch
0x4011c8 GetConsoleOutputCP
0x4011cc GetModuleHandleA
0x4011d0 WriteConsoleOutputCharacterW
0x4011d4 EnumDateFormatsW
0x4011d8 HeapReAlloc
0x4011dc GetCommMask
0x4011e0 SetFilePointer
0x4011e4 FindClose
0x4011e8 SetFileApisToANSI
0x4011ec CancelWaitableTimer
0x4011f0 GetProcessHandleCount
0x4011f4 GetCurrentProcessId
0x4011f8 SetNamedPipeHandleState
0x4011fc GetCompressedFileSizeA
0x401200 FindNextVolumeMountPointW
0x401204 GetFullPathNameA
0x401208 WriteProfileStringW
0x40120c DeleteAtom
0x401210 GlobalAddAtomA
0x401214 AssignProcessToJobObject
0x401218 QueryDosDeviceW
0x40121c InitializeCriticalSection
0x401220 SetFirmwareEnvironmentVariableW
0x401224 GetBinaryTypeA
0x401228 CreateIoCompletionPort
0x40122c InterlockedIncrement
0x401230 Sleep
0x401234 DeleteCriticalSection
0x401238 EnterCriticalSection
0x40123c LeaveCriticalSection
0x401240 RaiseException
0x401244 RtlUnwind
0x401248 GetCurrentProcess
0x40124c UnhandledExceptionFilter
0x401250 SetUnhandledExceptionFilter
0x401254 IsDebuggerPresent
0x401258 GetModuleFileNameW
0x40125c GetStartupInfoA
0x401260 WideCharToMultiByte
0x401264 MultiByteToWideChar
0x401268 LCMapStringA
0x40126c LCMapStringW
0x401270 GetCPInfo
0x401274 HeapValidate
0x401278 IsBadReadPtr
0x40127c GetModuleHandleW
0x401280 TlsAlloc
0x401284 TlsSetValue
0x401288 GetCurrentThreadId
0x40128c TlsFree
0x401290 GetStdHandle
0x401294 WriteFile
0x401298 WriteConsoleW
0x40129c GetFileType
0x4012a0 OutputDebugStringW
0x4012a4 ExitProcess
0x4012a8 LoadLibraryW
0x4012ac GetModuleFileNameA
0x4012b0 SetHandleCount
0x4012b4 QueryPerformanceCounter
0x4012b8 GetTickCount
0x4012bc GetSystemTimeAsFileTime
0x4012c0 FreeEnvironmentStringsA
0x4012c4 GetEnvironmentStrings
0x4012c8 GetEnvironmentStringsW
0x4012cc HeapDestroy
0x4012d0 HeapCreate
0x4012d4 HeapFree
0x4012d8 VirtualFree
0x4012dc GetACP
0x4012e0 GetOEMCP
0x4012e4 IsValidCodePage
0x4012e8 GetLocaleInfoA
0x4012ec GetStringTypeA
0x4012f0 GetStringTypeW
0x4012f4 HeapAlloc
0x4012f8 HeapSize
0x4012fc VirtualAlloc
0x401300 IsValidLocale
0x401304 EnumSystemLocalesA
0x401308 GetUserDefaultLCID
0x40130c FlushFileBuffers
0x401310 GetConsoleMode
0x401314 InitializeCriticalSectionAndSpinCount
0x401318 GetLocaleInfoW
0x40131c SetStdHandle
0x401320 CloseHandle
0x401324 CreateFileA
USER32.dll
0x40132c OemToCharW
EAT(Export Address Table) is none