popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

MAGNIFICENT_MAILBOX.exe

Malicious Packer UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Feb. 19, 2025, 11:20 a.m. Feb. 19, 2025, 11:37 a.m.
Size 15.0MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 a1d8035b93923215c7d7cbc17e735deb
SHA256 5a37021cd9626f6b48a8cf31c79d350946a5ac9dd94b96f51e121b991b5353dc
CRC32 06EB702F
ssdeep 98304:L3SxOjhGAjzbKwCdgVNIBh3dzU5DqcLbDudEo9GWc5V/by:DSSX2+VNIBphU5mcLvo9GW6xy
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
193.3.23.122 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
section .symtab
host 193.3.23.122
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefd6b7a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076d30000
-1073741511 0
dead_host 192.168.56.101:49164
dead_host 192.168.56.101:49161
dead_host 193.3.23.122:8888