Report - invoice.exe

UPX PE File PE32
ScreenShot
Created 2025.04.02 10:05 Machine s1_win7_x6403
Filename invoice.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
11
Behavior Score
3.0
ZERO API file : malware
VT API (file) 26 detected (AIDetectMalware, Lazy, Unsafe, Save, malicious, confidence, 100%, GenHeur, MalPbs, gen2, high confidence, GenKryptik, HHUD, Kryptik@AI, RDML, i3iOxKzU69W1htAsnVUIVg, high, score, Static AI, Malicious PE, Ztjl)
md5 57bcb61167abd03d9d98705ab39e79ab
sha256 7c321f8a0d6c357d3406afb96408968d107c81f8282e2353ea4cebed67432f88
ssdeep 24576:BAzEBC+2X2jofsfO1AVPul+3Dhs2ccmsh:BAz+J2mMfd1LDlRsh
imphash 71f2fc6f961ae32c66027ae469c38c53
impfuzzy 12:vVKKZkZGcOcJhCrPQE/mlA/j9r1ByB5w4F+fnQ6iA092+IK+Av5kXtAhS:kVLOChKPQE/KA/JrS5w4F+fnQnA095Ol
  Network IP location

Signature (7cnts)

Level Description
warning File has been identified by 26 AntiVirus engines on VirusTotal as malicious
watch Communicates with host for which no DNS query was performed
notice Allocates read-write-execute memory (usually to unpack itself)
notice Searches running processes potentially to identify processes for sandbox evasion
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (3cnts)

Level Name Description Collection
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (1cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
176.65.142.252 Unknown 176.65.142.252 malware

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x4698b4 CloseHandle
 0x4698b8 CreateToolhelp32Snapshot
 0x4698bc ExitProcess
 0x4698c0 GetCommandLineW
 0x4698c4 GetLastError
 0x4698c8 GetModuleHandleW
 0x4698cc GetSystemInfo
 0x4698d0 GetTickCount
 0x4698d4 GlobalMemoryStatusEx
 0x4698d8 Process32FirstW
 0x4698dc Process32NextW
 0x4698e0 Sleep
 0x4698e4 lstrcmpiW
USER32.dll
 0x4698ec BeginPaint
 0x4698f0 DefWindowProcW
 0x4698f4 DestroyWindow
 0x4698f8 DispatchMessageW
 0x4698fc DrawTextW
 0x469900 EndPaint
 0x469904 FillRect
 0x469908 GetDC
 0x46990c GetMessageW
 0x469910 LoadCursorW
 0x469914 PostQuitMessage
 0x469918 RegisterClassExW
 0x46991c ReleaseDC
 0x469920 SetCursor
 0x469924 SetFocus
 0x469928 ShowWindow
 0x46992c TranslateMessage
 0x469930 UpdateWindow

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure