Report - Invoice_Final.exe

Gen1 Generic Malware Malicious Library ASPack UPX Malicious Packer PE File PE64 OS Processor Check DLL ZIP Format
ScreenShot
Created 2024.12.19 08:41 Machine s1_win7_x6401
Filename Invoice_Final.exe
Type PE32+ executable (GUI) x86-64, for MS Windows
AI Score Not founds Behavior Score
3.4
ZERO API file : clean
VT API (file) 49 detected (Python, Malicious, score, Tedy, Unsafe, Vz1k, confidence, 100%, high confidence, dcxon, R002C0XLE24, Static AI, Suspicious PE, Detected, Kryptik, ABTrojan, LBWI, Artemis, CobaltStrike, Chgt, Jajl)
md5 b304c075b26e1080ad3162b03c77d246
sha256 5e7efd8babcbed47ad99ae7b66770061c03ca999fe78b25ceb2fd12438a5b838
ssdeep 196608:ogvR18WvNm1E8giq1g9KDOywzGzHKTSuLJlpZstQoS9Hf128WretWVI:jRCW1m1NqtkTTSuhGt7G/xWrr
imphash 72c4e339b7af8ab1ed2eb3821c98713a
impfuzzy 48:tVYEK/0W/KA4JGn6gF/gub6EwoQ54rzSv6xviAYd9pUJOyIx0LwitN1MEc+pIuCP:D/sTfh18gJtIx0LZtN1MEc+pIuYQ9HS
  Network IP location

Signature (7cnts)

Level Description
danger File has been identified by 49 AntiVirus engines on VirusTotal as malicious
watch Creates known Upatre files
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates executable files on the filesystem
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info Checks if process is being debugged by a debugger

Rules (17cnts)

Level Name Description Collection
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch ASPack_Zero ASPack packed file binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (download)
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
info IsDLL (no description) binaries (download)
info IsPE64 (no description) binaries (download)
info IsPE64 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info zip_file_format ZIP file format binaries (download)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

USER32.dll
 0x14002b3b8 CreateWindowExW
 0x14002b3c0 ShutdownBlockReasonCreate
 0x14002b3c8 MsgWaitForMultipleObjects
 0x14002b3d0 ShowWindow
 0x14002b3d8 DestroyWindow
 0x14002b3e0 RegisterClassW
 0x14002b3e8 DefWindowProcW
 0x14002b3f0 PeekMessageW
 0x14002b3f8 DispatchMessageW
 0x14002b400 TranslateMessage
 0x14002b408 PostMessageW
 0x14002b410 GetMessageW
 0x14002b418 MessageBoxW
 0x14002b420 MessageBoxA
 0x14002b428 SystemParametersInfoW
 0x14002b430 DestroyIcon
 0x14002b438 SetWindowLongPtrW
 0x14002b440 GetWindowLongPtrW
 0x14002b448 GetClientRect
 0x14002b450 InvalidateRect
 0x14002b458 ReleaseDC
 0x14002b460 GetDC
 0x14002b468 DrawTextW
 0x14002b470 GetDialogBaseUnits
 0x14002b478 EndDialog
 0x14002b480 DialogBoxIndirectParamW
 0x14002b488 MoveWindow
 0x14002b490 SendMessageW
COMCTL32.dll
 0x14002b028 None
KERNEL32.dll
 0x14002b058 GetACP
 0x14002b060 IsValidCodePage
 0x14002b068 GetStringTypeW
 0x14002b070 GetFileAttributesExW
 0x14002b078 SetEnvironmentVariableW
 0x14002b080 FlushFileBuffers
 0x14002b088 GetCurrentDirectoryW
 0x14002b090 LCMapStringW
 0x14002b098 CompareStringW
 0x14002b0a0 FlsFree
 0x14002b0a8 GetOEMCP
 0x14002b0b0 GetCPInfo
 0x14002b0b8 GetModuleHandleW
 0x14002b0c0 MulDiv
 0x14002b0c8 FormatMessageW
 0x14002b0d0 GetLastError
 0x14002b0d8 GetModuleFileNameW
 0x14002b0e0 LoadLibraryExW
 0x14002b0e8 SetDllDirectoryW
 0x14002b0f0 CreateSymbolicLinkW
 0x14002b0f8 GetProcAddress
 0x14002b100 GetEnvironmentStringsW
 0x14002b108 GetCommandLineW
 0x14002b110 GetEnvironmentVariableW
 0x14002b118 ExpandEnvironmentStringsW
 0x14002b120 DeleteFileW
 0x14002b128 FindClose
 0x14002b130 FindFirstFileW
 0x14002b138 FindNextFileW
 0x14002b140 GetDriveTypeW
 0x14002b148 RemoveDirectoryW
 0x14002b150 GetTempPathW
 0x14002b158 CloseHandle
 0x14002b160 QueryPerformanceCounter
 0x14002b168 QueryPerformanceFrequency
 0x14002b170 WaitForSingleObject
 0x14002b178 Sleep
 0x14002b180 GetCurrentProcess
 0x14002b188 TerminateProcess
 0x14002b190 GetExitCodeProcess
 0x14002b198 CreateProcessW
 0x14002b1a0 GetStartupInfoW
 0x14002b1a8 FreeLibrary
 0x14002b1b0 LocalFree
 0x14002b1b8 SetConsoleCtrlHandler
 0x14002b1c0 K32EnumProcessModules
 0x14002b1c8 K32GetModuleFileNameExW
 0x14002b1d0 CreateFileW
 0x14002b1d8 FindFirstFileExW
 0x14002b1e0 GetFinalPathNameByHandleW
 0x14002b1e8 MultiByteToWideChar
 0x14002b1f0 WideCharToMultiByte
 0x14002b1f8 FlsSetValue
 0x14002b200 FreeEnvironmentStringsW
 0x14002b208 GetProcessHeap
 0x14002b210 GetTimeZoneInformation
 0x14002b218 HeapSize
 0x14002b220 HeapReAlloc
 0x14002b228 WriteConsoleW
 0x14002b230 SetEndOfFile
 0x14002b238 CreateDirectoryW
 0x14002b240 RtlCaptureContext
 0x14002b248 RtlLookupFunctionEntry
 0x14002b250 RtlVirtualUnwind
 0x14002b258 UnhandledExceptionFilter
 0x14002b260 SetUnhandledExceptionFilter
 0x14002b268 IsProcessorFeaturePresent
 0x14002b270 GetCurrentProcessId
 0x14002b278 GetCurrentThreadId
 0x14002b280 GetSystemTimeAsFileTime
 0x14002b288 InitializeSListHead
 0x14002b290 IsDebuggerPresent
 0x14002b298 RtlUnwindEx
 0x14002b2a0 SetLastError
 0x14002b2a8 EnterCriticalSection
 0x14002b2b0 LeaveCriticalSection
 0x14002b2b8 DeleteCriticalSection
 0x14002b2c0 InitializeCriticalSectionAndSpinCount
 0x14002b2c8 TlsAlloc
 0x14002b2d0 TlsGetValue
 0x14002b2d8 TlsSetValue
 0x14002b2e0 TlsFree
 0x14002b2e8 EncodePointer
 0x14002b2f0 RaiseException
 0x14002b2f8 RtlPcToFileHeader
 0x14002b300 GetCommandLineA
 0x14002b308 GetFileInformationByHandle
 0x14002b310 GetFileType
 0x14002b318 PeekNamedPipe
 0x14002b320 SystemTimeToTzSpecificLocalTime
 0x14002b328 FileTimeToSystemTime
 0x14002b330 ReadFile
 0x14002b338 GetFullPathNameW
 0x14002b340 SetStdHandle
 0x14002b348 GetStdHandle
 0x14002b350 WriteFile
 0x14002b358 ExitProcess
 0x14002b360 GetModuleHandleExW
 0x14002b368 HeapFree
 0x14002b370 GetConsoleMode
 0x14002b378 ReadConsoleW
 0x14002b380 SetFilePointerEx
 0x14002b388 GetConsoleOutputCP
 0x14002b390 GetFileSizeEx
 0x14002b398 HeapAlloc
 0x14002b3a0 FlsAlloc
 0x14002b3a8 FlsGetValue
ADVAPI32.dll
 0x14002b000 OpenProcessToken
 0x14002b008 GetTokenInformation
 0x14002b010 ConvertStringSecurityDescriptorToSecurityDescriptorW
 0x14002b018 ConvertSidToStringSidW
GDI32.dll
 0x14002b038 SelectObject
 0x14002b040 DeleteObject
 0x14002b048 CreateFontIndirectW

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure