invoice[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

invoice.exe
Size

4.1MB
MD5

0fbe886af2d71613d3c5c51d9e30ce17
SHA1

7431d4ab8cde583f487145f380138a7aaccb9680
SHA256

def8ec12b2e452a863dae6edf7a3d9c8d6cb9a6cbc2882855a596aa96d835f32
SHA512

d0eec24d56c0664fc856bf2f30ecbb7ec5d66f0f3c3801114ae97d1582e303e28758887a8c4d50ea2a34a4c327dec4727b4c975aa85b7356775aaecc699b52d7
SSDEEP

49152:PABXHOtk045StGuA0iveSNFiCW/2BN7TPytEh3oy/A3AmAGzz:PABe5xA0iveSSCW/GX2Am

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
invoice.exe

Files

invoice.exe
.exe windows:6 windows x64 arch:x64

6527ba1a9bd228adfc615c9d8b65347d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
LoadLibraryA
GetProcAddress
CreateDirectoryW
GetCurrentProcess
GetUserDefaultUILanguage
GetTimeZoneInformation
GetTickCount64
LoadLibraryW
SetCurrentDirectoryW
GetModuleHandleW
CopyFileW
QueryFullProcessImageNameW
GetComputerNameA
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
LockFile
GetCurrentDirectoryW
ReadConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
OutputDebugStringA
FlsFree
FlsSetValue
FlsGetValue
GetFileSize
GetCurrentThread
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
SetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetFileSizeEx
VerifyVersionInfoW
VerSetConditionMask
SleepEx
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
MoveFileExA
SetLastError
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
TerminateProcess
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
GetLocaleInfoEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
DeleteCriticalSection
LockFileEx
LocalFree
CreateFileMappingA
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
CreateFileA
OutputDebugStringW
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetVersionExW
GetCurrentThreadId
GetFileAttributesW
CreateFileW
FlsAlloc
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
EnterCriticalSection
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
WaitForSingleObject
GetDateFormatW
WriteConsoleW
RtlUnwind

user32

SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowCursor
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
ToUnicodeEx
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnhookWinEvent
UnhookWindowsHookEx
UnloadKeyboardLayout
UnregisterClassW
UnregisterDeviceNotification
UnregisterPowerSettingNotification
UpdateLayeredWindow
SetWindowLongW
ValidateRect
WaitForInputIdle
WindowFromPoint
wsprintfW
DialogBoxParamW
TranslateAcceleratorW
SwitchToThisWindow
LoadAcceleratorsW
EndDialog
SetWindowLongPtrW
RemovePropW
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterTouchWindow
RegisterRawInputDevices
RegisterPowerSettingNotification
RegisterDeviceNotificationW
RegisterClipboardFormatW
RegisterClassW
RegisterClassExW
RedrawWindow
ReplyMessage
SetTimer
SetThreadDesktop
SetSysColors
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetKeyboardState
SetGestureConfig
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClassLongPtrW
SetClassLongA
SetCaretPos
SetCapture
SendNotifyMessageW
SendMessageW
SendMessageTimeoutW
SendInput
UpdateWindow
ScreenToClient
BeginPaint
ActivateKeyboardLayout
AdjustWindowRectEx
AnimateWindow
BringWindowToTop
CallNextHookEx
CallWindowProcW
CharLowerW
ClientToScreen
CloseClipboard
CloseDesktop
CloseGestureInfoHandle
CloseTouchInputHandle
CreateCaret
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyCaret
DestroyIcon
DestroyWindow
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
EnableWindow
EndPaint
EnumChildWindows
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowExW
QueryDisplayConfig
PtInRect
PrintWindow
PostQuitMessage
PostMessageW
PeekMessageW
OpenInputDesktop
OpenClipboard
NotifyWinEvent
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MonitorFromWindow
MonitorFromPoint
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyExW
FindWindowW
FlashWindowEx
FrameRect
GetActiveWindow
GetAncestor
GetCapture
LoadStringW
LoadKeyboardLayoutA
LoadImageW
LoadIconW
LoadCursorW
KillTimer
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsClipboardFormatAvailable
InvalidateRect
IntersectRect
InflateRect
InSendMessageEx
InSendMessage
GetCaretBlinkTime
GetClassInfoW
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextLengthW
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongPtrW
GetWindowDC
GetWindow
GetUserObjectInformationW
GetUpdateRect
GetTouchInputInfo
GetTopWindow
GetThreadDesktop
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetRawInputDeviceList
GetRawInputDeviceInfoW
GetRawInputDeviceInfoA
GetRawInputData
GetQueueStatus
GetPropW
GetParent
GetMonitorInfoW
GetMessageW
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenu
GetLayeredWindowAttributes
GetLastInputInfo
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetIconInfo
GetGestureInfo
GetGUIThreadInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDisplayConfigBufferSizes
GetDC
GetCursorPos
GetCursorInfo
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongPtrW
SetWinEventHook

comdlg32

ChooseColorW
PrintDlgExW

advapi32

CryptEncrypt
RegQueryValueExW
RegOpenKeyExW
CheckTokenMembership
FreeSid
RegSetValueExW
RegCreateKeyExW
AllocateAndInitializeSid
RegCloseKey
CryptImportKey
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash

shell32

ShellExecuteW
ShellExecuteExW
SetCurrentProcessExplicitAppUserModelID
SHQueryUserNotificationState
SHParseDisplayName
SHOpenWithDialog
SHOpenFolderAndSelectItems
SHGetStockIconInfo
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPropertyStoreForWindow
SHGetPathFromIDListW
SHGetKnownFolderPath
SHGetFolderPathW
SHGetFileInfoW
SHCreateItemFromParsingName
SHChangeNotify
SHAppBarMessage
SHAddToRecentDocs
DragQueryFileW
CommandLineToArgvW
GetCurrentProcessExplicitAppUserModelID
Shell_NotifyIconW

ws2_32

getsockopt
gethostname
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

imm32

ImmAssociateContextEx
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetIMEFileNameW
ImmGetOpenStatus
ImmGetProperty
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmSetOpenStatus
ImmGetDescriptionW

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 642KB - Virtual size: 653KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6527ba1a9bd228adfc615c9d8b65347d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ws2_32

crypt32

version

wintrust

imm32

bcrypt

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 331KB - Virtual size: 330KB

.data Size: 642KB - Virtual size: 653KB

.pdata Size: 113KB - Virtual size: 113KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 331KB - Virtual size: 330KB

.data
Size: 642KB - Virtual size: 653KB

.pdata
Size: 113KB - Virtual size: 113KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 8KB - Virtual size: 7KB