Report - ZeroBOX

ScreenShot

Info
Location map


Created	2023.06.21 07:23	Machine	s1_win7_x6402
Filename	NewPurchaseOrderRequestPO7367346document_file.7z.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	4	Behavior Score	2.2
ZERO API	file : clean
VT API (file)	30 detected (AIDetectMalware, Hesv, malicious, high confidence, Artemis, unsafe, Save, confidence, ModiLoader, Eldorado, Attribute, HighConfidence, score, DropperX, Static AI, Suspicious PE, Wacatac, Detected, BScope, Formbook, Generic@AI, RDML, e4t4vA0QnkxgACsFjoIsvA)
md5	7f301f1443cb5156050f28c97e5e465c
sha256	f89aacb2c1c9d60e078ba59e7a1eab4ff05c8bf94fea2611735b94dacb7a8c9b
ssdeep	12288:a3zVPhzWUzASXFle5g4Rhxo77LovTJ7bCy8bkXk8oH40q2jUushoLGyfZo2:aDrW6G2PnQd7Oy8eO9nYWo
imphash	1cbcb4b65955c8d081a194028529bada
impfuzzy	96:8cfpHYU3O0MJ44Xip4U8lS1Y+Ylbuu2RrSUvK9LVqo1Gqy6nDwPOQ0ZX:f3oZG1ElbuuArSUvK9Rqooqy6EPOQ0B

Network IP location

Signature (5cnts)

Level	Description
danger	File has been identified by 30 AntiVirus engines on VirusTotal as malicious
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	The executable uses a known packer

Rules (5cnts)

Level	Name	Description	Collection
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	mzp_file_format	MZP(Delphi) file format	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
0x4e41b8 DeleteCriticalSection
0x4e41bc LeaveCriticalSection
0x4e41c0 EnterCriticalSection
0x4e41c4 InitializeCriticalSection
0x4e41c8 VirtualFree
0x4e41cc VirtualAlloc
0x4e41d0 LocalFree
0x4e41d4 LocalAlloc
0x4e41d8 GetVersion
0x4e41dc GetCurrentThreadId
0x4e41e0 InterlockedDecrement
0x4e41e4 InterlockedIncrement
0x4e41e8 VirtualQuery
0x4e41ec WideCharToMultiByte
0x4e41f0 MultiByteToWideChar
0x4e41f4 lstrlenA
0x4e41f8 lstrcpynA
0x4e41fc LoadLibraryExA
0x4e4200 GetThreadLocale
0x4e4204 GetStartupInfoA
0x4e4208 GetProcAddress
0x4e420c GetModuleHandleA
0x4e4210 GetModuleFileNameA
0x4e4214 GetLocaleInfoA
0x4e4218 GetCommandLineA
0x4e421c FreeLibrary
0x4e4220 FindFirstFileA
0x4e4224 FindClose
0x4e4228 ExitProcess
0x4e422c WriteFile
0x4e4230 UnhandledExceptionFilter
0x4e4234 RtlUnwind
0x4e4238 RaiseException
0x4e423c GetStdHandle
user32.dll
0x4e4244 GetKeyboardType
0x4e4248 LoadStringA
0x4e424c MessageBoxA
0x4e4250 CharNextA
advapi32.dll
0x4e4258 RegQueryValueExA
0x4e425c RegOpenKeyExA
0x4e4260 RegCloseKey
oleaut32.dll
0x4e4268 SysFreeString
0x4e426c SysReAllocStringLen
0x4e4270 SysAllocStringLen
kernel32.dll
0x4e4278 TlsSetValue
0x4e427c TlsGetValue
0x4e4280 LocalAlloc
0x4e4284 GetModuleHandleA
advapi32.dll
0x4e428c RegQueryValueExA
0x4e4290 RegOpenKeyExA
0x4e4294 RegCloseKey
kernel32.dll
0x4e429c lstrcpyA
0x4e42a0 WriteFile
0x4e42a4 WaitForSingleObject
0x4e42a8 VirtualQuery
0x4e42ac VirtualProtect
0x4e42b0 VirtualAlloc
0x4e42b4 SuspendThread
0x4e42b8 Sleep
0x4e42bc SizeofResource
0x4e42c0 SetThreadLocale
0x4e42c4 SetFilePointer
0x4e42c8 SetEvent
0x4e42cc SetErrorMode
0x4e42d0 SetEndOfFile
0x4e42d4 ResumeThread
0x4e42d8 ResetEvent
0x4e42dc ReadFile
0x4e42e0 MultiByteToWideChar
0x4e42e4 MulDiv
0x4e42e8 LockResource
0x4e42ec LoadResource
0x4e42f0 LoadLibraryExA
0x4e42f4 LoadLibraryA
0x4e42f8 LeaveCriticalSection
0x4e42fc InitializeCriticalSection
0x4e4300 GlobalUnlock
0x4e4304 GlobalReAlloc
0x4e4308 GlobalHandle
0x4e430c GlobalLock
0x4e4310 GlobalFree
0x4e4314 GlobalFindAtomA
0x4e4318 GlobalDeleteAtom
0x4e431c GlobalAlloc
0x4e4320 GlobalAddAtomA
0x4e4324 GetVersionExA
0x4e4328 GetVersion
0x4e432c GetTickCount
0x4e4330 GetThreadLocale
0x4e4334 GetSystemInfo
0x4e4338 GetStringTypeExA
0x4e433c GetStdHandle
0x4e4340 GetProcAddress
0x4e4344 GetModuleHandleA
0x4e4348 GetModuleFileNameA
0x4e434c GetLocaleInfoA
0x4e4350 GetLocalTime
0x4e4354 GetLastError
0x4e4358 GetFullPathNameA
0x4e435c GetDiskFreeSpaceA
0x4e4360 GetDateFormatA
0x4e4364 GetCurrentThreadId
0x4e4368 GetCurrentProcessId
0x4e436c GetCurrentProcess
0x4e4370 GetCPInfo
0x4e4374 GetACP
0x4e4378 FreeResource
0x4e437c InterlockedExchange
0x4e4380 FreeLibrary
0x4e4384 FormatMessageA
0x4e4388 FlushInstructionCache
0x4e438c FindResourceA
0x4e4390 FindFirstFileA
0x4e4394 FindClose
0x4e4398 FileTimeToLocalFileTime
0x4e439c FileTimeToDosDateTime
0x4e43a0 EnumCalendarInfoA
0x4e43a4 EnterCriticalSection
0x4e43a8 DeleteCriticalSection
0x4e43ac CreateThread
0x4e43b0 CreateFileA
0x4e43b4 CreateEventA
0x4e43b8 CompareStringA
0x4e43bc CloseHandle
version.dll
0x4e43c4 VerQueryValueA
0x4e43c8 GetFileVersionInfoSizeA
0x4e43cc GetFileVersionInfoA
gdi32.dll
0x4e43d4 UnrealizeObject
0x4e43d8 StretchBlt
0x4e43dc SetWindowOrgEx
0x4e43e0 SetViewportOrgEx
0x4e43e4 SetTextColor
0x4e43e8 SetStretchBltMode
0x4e43ec SetROP2
0x4e43f0 SetPixel
0x4e43f4 SetDIBColorTable
0x4e43f8 SetBrushOrgEx
0x4e43fc SetBkMode
0x4e4400 SetBkColor
0x4e4404 SelectPalette
0x4e4408 SelectObject
0x4e440c SelectClipRgn
0x4e4410 SaveDC
0x4e4414 RestoreDC
0x4e4418 RectVisible
0x4e441c RealizePalette
0x4e4420 PatBlt
0x4e4424 MoveToEx
0x4e4428 MaskBlt
0x4e442c LineTo
0x4e4430 IntersectClipRect
0x4e4434 GetWindowOrgEx
0x4e4438 GetTextMetricsA
0x4e443c GetTextExtentPoint32A
0x4e4440 GetSystemPaletteEntries
0x4e4444 GetStockObject
0x4e4448 GetPixel
0x4e444c GetPaletteEntries
0x4e4450 GetObjectA
0x4e4454 GetDeviceCaps
0x4e4458 GetDIBits
0x4e445c GetDIBColorTable
0x4e4460 GetDCOrgEx
0x4e4464 GetCurrentPositionEx
0x4e4468 GetClipBox
0x4e446c GetBrushOrgEx
0x4e4470 GetBitmapBits
0x4e4474 ExcludeClipRect
0x4e4478 DeleteObject
0x4e447c DeleteDC
0x4e4480 CreateSolidBrush
0x4e4484 CreatePenIndirect
0x4e4488 CreatePalette
0x4e448c CreateHalftonePalette
0x4e4490 CreateFontIndirectA
0x4e4494 CreateDIBitmap
0x4e4498 CreateDIBSection
0x4e449c CreateCompatibleDC
0x4e44a0 CreateCompatibleBitmap
0x4e44a4 CreateBrushIndirect
0x4e44a8 CreateBitmap
0x4e44ac BitBlt
user32.dll
0x4e44b4 CreateWindowExA
0x4e44b8 WindowFromPoint
0x4e44bc WinHelpA
0x4e44c0 WaitMessage
0x4e44c4 UpdateWindow
0x4e44c8 UnregisterClassA
0x4e44cc UnhookWindowsHookEx
0x4e44d0 TranslateMessage
0x4e44d4 TranslateMDISysAccel
0x4e44d8 TrackPopupMenu
0x4e44dc SystemParametersInfoA
0x4e44e0 ShowWindow
0x4e44e4 ShowScrollBar
0x4e44e8 ShowOwnedPopups
0x4e44ec ShowCursor
0x4e44f0 SetWindowsHookExA
0x4e44f4 SetWindowTextA
0x4e44f8 SetWindowPos
0x4e44fc SetWindowPlacement
0x4e4500 SetWindowLongA
0x4e4504 SetTimer
0x4e4508 SetScrollRange
0x4e450c SetScrollPos
0x4e4510 SetScrollInfo
0x4e4514 SetRect
0x4e4518 SetPropA
0x4e451c SetParent
0x4e4520 SetMenuItemInfoA
0x4e4524 SetMenu
0x4e4528 SetForegroundWindow
0x4e452c SetFocus
0x4e4530 SetCursor
0x4e4534 SetClassLongA
0x4e4538 SetCapture
0x4e453c SetActiveWindow
0x4e4540 SendMessageA
0x4e4544 ScrollWindow
0x4e4548 ScreenToClient
0x4e454c RemovePropA
0x4e4550 RemoveMenu
0x4e4554 ReleaseDC
0x4e4558 ReleaseCapture
0x4e455c RegisterWindowMessageA
0x4e4560 RegisterClipboardFormatA
0x4e4564 RegisterClassA
0x4e4568 RedrawWindow
0x4e456c PtInRect
0x4e4570 PostQuitMessage
0x4e4574 PostMessageA
0x4e4578 PeekMessageA
0x4e457c OffsetRect
0x4e4580 OemToCharA
0x4e4584 MessageBoxA
0x4e4588 MapWindowPoints
0x4e458c MapVirtualKeyA
0x4e4590 LoadStringA
0x4e4594 LoadKeyboardLayoutA
0x4e4598 LoadIconA
0x4e459c LoadCursorA
0x4e45a0 LoadBitmapA
0x4e45a4 KillTimer
0x4e45a8 IsZoomed
0x4e45ac IsWindowVisible
0x4e45b0 IsWindowEnabled
0x4e45b4 IsWindow
0x4e45b8 IsRectEmpty
0x4e45bc IsIconic
0x4e45c0 IsDialogMessageA
0x4e45c4 IsChild
0x4e45c8 InvalidateRect
0x4e45cc IntersectRect
0x4e45d0 InsertMenuItemA
0x4e45d4 InsertMenuA
0x4e45d8 InflateRect
0x4e45dc GetWindowThreadProcessId
0x4e45e0 GetWindowTextA
0x4e45e4 GetWindowRect
0x4e45e8 GetWindowPlacement
0x4e45ec GetWindowLongA
0x4e45f0 GetWindowDC
0x4e45f4 GetTopWindow
0x4e45f8 GetSystemMetrics
0x4e45fc GetSystemMenu
0x4e4600 GetSysColorBrush
0x4e4604 GetSysColor
0x4e4608 GetSubMenu
0x4e460c GetScrollRange
0x4e4610 GetScrollPos
0x4e4614 GetScrollInfo
0x4e4618 GetPropA
0x4e461c GetParent
0x4e4620 GetWindow
0x4e4624 GetMenuStringA
0x4e4628 GetMenuState
0x4e462c GetMenuItemInfoA
0x4e4630 GetMenuItemID
0x4e4634 GetMenuItemCount
0x4e4638 GetMenu
0x4e463c GetLastActivePopup
0x4e4640 GetKeyboardState
0x4e4644 GetKeyboardLayoutList
0x4e4648 GetKeyboardLayout
0x4e464c GetKeyState
0x4e4650 GetKeyNameTextA
0x4e4654 GetIconInfo
0x4e4658 GetForegroundWindow
0x4e465c GetFocus
0x4e4660 GetDlgItem
0x4e4664 GetDesktopWindow
0x4e4668 GetDCEx
0x4e466c GetDC
0x4e4670 GetCursorPos
0x4e4674 GetCursor
0x4e4678 GetClientRect
0x4e467c GetClassNameA
0x4e4680 GetClassInfoA
0x4e4684 GetCapture
0x4e4688 GetActiveWindow
0x4e468c FrameRect
0x4e4690 FindWindowA
0x4e4694 FillRect
0x4e4698 EqualRect
0x4e469c EnumWindows
0x4e46a0 EnumThreadWindows
0x4e46a4 EndPaint
0x4e46a8 EnableWindow
0x4e46ac EnableScrollBar
0x4e46b0 EnableMenuItem
0x4e46b4 DrawTextA
0x4e46b8 DrawMenuBar
0x4e46bc DrawIconEx
0x4e46c0 DrawIcon
0x4e46c4 DrawFrameControl
0x4e46c8 DrawEdge
0x4e46cc DispatchMessageA
0x4e46d0 DestroyWindow
0x4e46d4 DestroyMenu
0x4e46d8 DestroyIcon
0x4e46dc DestroyCursor
0x4e46e0 DeleteMenu
0x4e46e4 DefWindowProcA
0x4e46e8 DefMDIChildProcA
0x4e46ec DefFrameProcA
0x4e46f0 CreatePopupMenu
0x4e46f4 CreateMenu
0x4e46f8 CreateIcon
0x4e46fc ClientToScreen
0x4e4700 CheckMenuItem
0x4e4704 CallWindowProcA
0x4e4708 CallNextHookEx
0x4e470c BeginPaint
0x4e4710 CharNextA
0x4e4714 CharLowerA
0x4e4718 CharToOemA
0x4e471c AdjustWindowRectEx
0x4e4720 ActivateKeyboardLayout
kernel32.dll
0x4e4728 Sleep
oleaut32.dll
0x4e4730 SafeArrayPtrOfIndex
0x4e4734 SafeArrayGetUBound
0x4e4738 SafeArrayGetLBound
0x4e473c SafeArrayCreate
0x4e4740 VariantChangeType
0x4e4744 VariantCopy
0x4e4748 VariantClear
0x4e474c VariantInit
ole32.dll
0x4e4754 CoUninitialize
0x4e4758 CoInitialize
oleaut32.dll
0x4e4760 GetErrorInfo
0x4e4764 SysFreeString
comctl32.dll
0x4e476c ImageList_SetIconSize
0x4e4770 ImageList_GetIconSize
0x4e4774 ImageList_Write
0x4e4778 ImageList_Read
0x4e477c ImageList_GetDragImage
0x4e4780 ImageList_DragShowNolock
0x4e4784 ImageList_SetDragCursorImage
0x4e4788 ImageList_DragMove
0x4e478c ImageList_DragLeave
0x4e4790 ImageList_DragEnter
0x4e4794 ImageList_EndDrag
0x4e4798 ImageList_BeginDrag
0x4e479c ImageList_Remove
0x4e47a0 ImageList_DrawEx
0x4e47a4 ImageList_Replace
0x4e47a8 ImageList_Draw
0x4e47ac ImageList_GetBkColor
0x4e47b0 ImageList_SetBkColor
0x4e47b4 ImageList_ReplaceIcon
0x4e47b8 ImageList_Add
0x4e47bc ImageList_SetImageCount
0x4e47c0 ImageList_GetImageCount
0x4e47c4 ImageList_Destroy
0x4e47c8 ImageList_Create
0x4e47cc InitCommonControls
comdlg32.dll
0x4e47d4 GetSaveFileNameA
0x4e47d8 GetOpenFileNameA
Kernel32
0x4e47e0 GetProcAddress
ntdll
0x4e47e8 NtProtectVirtualMemory
uRL
0x4e47f0 AutodialHookCallback
ntdll
0x4e47f8 NtQueryInformationFile
0x4e47fc NtOpenFile
0x4e4800 NtClose
0x4e4804 NtReadFile
ntdll
0x4e480c RtlDosPathNameToNtPathName_U

EAT(Export Address Table) is none

Report - NewPurchaseOrderRequestPO7367346document_file.7z.exe

Signature (5cnts)

Rules (5cnts)

Network (0cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure