popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

WebMailTester.exe

Generic Malware UPX Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 22, 2022, 1:25 p.m. Sept. 22, 2022, 1:27 p.m.
Size 933.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c3509310546d5a0de9f11fefe3410a9e
SHA256 aff388f01d5aa3eaa64d4c3b4e389337e45fad2cc13c1671b0e9c27bf16c195d
CRC32 BB0DBA81
ssdeep 12288:uWNHRVEfTKybMJmBZWpS2FURq7gW5QNhi/CgU9oB8HBtKlmU888888888888W88c:1RRQTKwMJmTDkMW5QNg/CgBB8H3a
Yara
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
smtp
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .itext
packer BobSoft Mini Delphi -> BoB / BobSoft
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
webmailtester+0x82710 @ 0x482710
webmailtester+0x80fd6 @ 0x480fd6
webmailtester+0x822ad @ 0x4822ad
webmailtester+0x9e1b2 @ 0x49e1b2
webmailtester+0xb7a5e @ 0x4b7a5e
webmailtester+0x9d941 @ 0x49d941
webmailtester+0xa06d5 @ 0x4a06d5
webmailtester+0xbd52e @ 0x4bd52e
webmailtester+0x550f1 @ 0x4550f1
webmailtester+0x5908c @ 0x45908c
webmailtester+0x3e391 @ 0x43e391
webmailtester+0x591dc @ 0x4591dc
webmailtester+0x5908c @ 0x45908c
webmailtester+0x6bf75 @ 0x46bf75
webmailtester+0x587a3 @ 0x4587a3
webmailtester+0x24656 @ 0x424656
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76be62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76be6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x76be965e
SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x76be96c5
GetEffectiveClientRect+0x3409 DPA_Merge-0xa5a comctl32+0xa4601 @ 0x73fa4601
GetEffectiveClientRect+0x346b DPA_Merge-0x9f8 comctl32+0xa4663 @ 0x73fa4663
GetEffectiveClientRect+0x32f5 DPA_Merge-0xb6e comctl32+0xa44ed @ 0x73fa44ed
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76be62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76be6d3a
GetClientRect+0xc5 CallWindowProcW-0xb user32+0x20d27 @ 0x76bf0d27
CallWindowProcW+0x1b SetRectEmpty-0x38 user32+0x20d4d @ 0x76bf0d4d
webmailtester+0x59188 @ 0x459188
webmailtester+0x5908c @ 0x45908c
webmailtester+0x3e391 @ 0x43e391
webmailtester+0x24656 @ 0x424656
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76be62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76be6d3a
GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x76be965e
SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x76be96c5
DestroyPropertySheetPage+0x69a DllGetVersion-0x1939 comctl32+0x44136 @ 0x73f44136
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76be62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76be6d3a
GetClientRect+0xc5 CallWindowProcW-0xb user32+0x20d27 @ 0x76bf0d27
CallWindowProcW+0x1b SetRectEmpty-0x38 user32+0x20d4d @ 0x76bf0d4d
webmailtester+0x59188 @ 0x459188
webmailtester+0x5908c @ 0x45908c
webmailtester+0x3e391 @ 0x43e391
webmailtester+0x24656 @ 0x424656
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76be62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76be6d3a
GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x76be6de8
GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x76be6e44
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7765011a
PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x76bf0751
webmailtester+0x744d1 @ 0x4744d1
webmailtester+0xc038f @ 0x4c038f
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x760cb727
registers.esp: 1633736
registers.edi: 11001
registers.eax: 1633736
registers.ebp: 1633816
registers.edx: 0
registers.ebx: 4716704
registers.esi: 6259392
registers.ecx: 7
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2804
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73c82000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00650000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2804
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03330000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
name RT_ICON language LANG_KOREAN filetype dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 16777215, next used block 16777215 sublanguage SUBLANG_KOREAN offset 0x000e11f0 size 0x00004228
name RT_GROUP_ICON language LANG_KOREAN filetype data sublanguage SUBLANG_KOREAN offset 0x000f3774 size 0x00000014
name RT_MANIFEST language LANG_KOREAN filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_KOREAN offset 0x000f3788 size 0x00000352
MaxSecure Trojan.Malware.300983.susgen