ScreenShot
| Created | 2024.07.31 07:32 | Machine | s1_win7_x6403 |
| Filename | postbox.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | c53bb047b93851b66fead144d7c46ff3 | ||
| sha256 | 54092d2fb30f9258ab9817de3b886997dbefdee2963b4d051b70c0309aea99e6 | ||
| ssdeep | 98304:8/9by/rwaIUiwqrhpZ28B8ENcFsBEu7eHIHZvEGIjwXApNZciGC5mNX:JrwaIuq9G8BVNcSeJGLqciGqm | ||
| imphash | d309dd91e2ebd5238728f8f2ffd958fa | ||
| impfuzzy | 96:woexMCyamrRHu42xQ2H3XiX1PgblTJGQ661mcqTjz:wNryXLe3SFomQ6+STjz | ||
Network IP location
Signature (0cnts)
| Level | Description |
|---|
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | DllRegisterServer_Zero | execute regsvr32.exe | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14162f494 AddAtomA
0x14162f49c AddVectoredContinueHandler
0x14162f4a4 AddVectoredExceptionHandler
0x14162f4ac CloseHandle
0x14162f4b4 CreateEventA
0x14162f4bc CreateIoCompletionPort
0x14162f4c4 CreateMutexA
0x14162f4cc CreateSemaphoreA
0x14162f4d4 CreateThread
0x14162f4dc CreateWaitableTimerExW
0x14162f4e4 DeleteAtom
0x14162f4ec DeleteCriticalSection
0x14162f4f4 DuplicateHandle
0x14162f4fc EnterCriticalSection
0x14162f504 ExitProcess
0x14162f50c FindAtomA
0x14162f514 FormatMessageA
0x14162f51c FreeEnvironmentStringsW
0x14162f524 GetAtomNameA
0x14162f52c GetConsoleMode
0x14162f534 GetCurrentProcess
0x14162f53c GetCurrentProcessId
0x14162f544 GetCurrentThread
0x14162f54c GetCurrentThreadId
0x14162f554 GetEnvironmentStringsW
0x14162f55c GetErrorMode
0x14162f564 GetHandleInformation
0x14162f56c GetLastError
0x14162f574 GetModuleHandleA
0x14162f57c GetProcAddress
0x14162f584 GetProcessAffinityMask
0x14162f58c GetQueuedCompletionStatusEx
0x14162f594 GetStartupInfoA
0x14162f59c GetStdHandle
0x14162f5a4 GetSystemDirectoryA
0x14162f5ac GetSystemInfo
0x14162f5b4 GetSystemTimeAsFileTime
0x14162f5bc GetThreadContext
0x14162f5c4 GetThreadPriority
0x14162f5cc GetTickCount
0x14162f5d4 InitializeCriticalSection
0x14162f5dc IsDBCSLeadByteEx
0x14162f5e4 IsDebuggerPresent
0x14162f5ec LeaveCriticalSection
0x14162f5f4 LoadLibraryExW
0x14162f5fc LoadLibraryW
0x14162f604 LocalFree
0x14162f60c MultiByteToWideChar
0x14162f614 OpenProcess
0x14162f61c OutputDebugStringA
0x14162f624 PostQueuedCompletionStatus
0x14162f62c QueryPerformanceCounter
0x14162f634 QueryPerformanceFrequency
0x14162f63c RaiseException
0x14162f644 RaiseFailFastException
0x14162f64c ReleaseMutex
0x14162f654 ReleaseSemaphore
0x14162f65c RemoveVectoredExceptionHandler
0x14162f664 ResetEvent
0x14162f66c ResumeThread
0x14162f674 RtlLookupFunctionEntry
0x14162f67c RtlVirtualUnwind
0x14162f684 SetConsoleCtrlHandler
0x14162f68c SetErrorMode
0x14162f694 SetEvent
0x14162f69c SetLastError
0x14162f6a4 SetProcessAffinityMask
0x14162f6ac SetProcessPriorityBoost
0x14162f6b4 SetThreadContext
0x14162f6bc SetThreadPriority
0x14162f6c4 SetUnhandledExceptionFilter
0x14162f6cc SetWaitableTimer
0x14162f6d4 Sleep
0x14162f6dc SuspendThread
0x14162f6e4 SwitchToThread
0x14162f6ec TlsAlloc
0x14162f6f4 TlsGetValue
0x14162f6fc TlsSetValue
0x14162f704 TryEnterCriticalSection
0x14162f70c VirtualAlloc
0x14162f714 VirtualFree
0x14162f71c VirtualProtect
0x14162f724 VirtualQuery
0x14162f72c WaitForMultipleObjects
0x14162f734 WaitForSingleObject
0x14162f73c WerGetFlags
0x14162f744 WerSetFlags
0x14162f74c WideCharToMultiByte
0x14162f754 WriteConsoleW
0x14162f75c WriteFile
0x14162f764 __C_specific_handler
msvcrt.dll
0x14162f774 ___lc_codepage_func
0x14162f77c ___mb_cur_max_func
0x14162f784 __getmainargs
0x14162f78c __initenv
0x14162f794 __iob_func
0x14162f79c __lconv_init
0x14162f7a4 __set_app_type
0x14162f7ac __setusermatherr
0x14162f7b4 _acmdln
0x14162f7bc _amsg_exit
0x14162f7c4 _beginthread
0x14162f7cc _beginthreadex
0x14162f7d4 _cexit
0x14162f7dc _commode
0x14162f7e4 _endthreadex
0x14162f7ec _errno
0x14162f7f4 _fmode
0x14162f7fc _initterm
0x14162f804 _lock
0x14162f80c _memccpy
0x14162f814 _onexit
0x14162f81c _setjmp
0x14162f824 _strdup
0x14162f82c _ultoa
0x14162f834 _unlock
0x14162f83c abort
0x14162f844 calloc
0x14162f84c exit
0x14162f854 fprintf
0x14162f85c fputc
0x14162f864 free
0x14162f86c fwrite
0x14162f874 localeconv
0x14162f87c longjmp
0x14162f884 malloc
0x14162f88c memcpy
0x14162f894 memmove
0x14162f89c memset
0x14162f8a4 printf
0x14162f8ac realloc
0x14162f8b4 signal
0x14162f8bc strerror
0x14162f8c4 strlen
0x14162f8cc strncmp
0x14162f8d4 vfprintf
0x14162f8dc wcslen
EAT(Export Address Table) Library
0x14162c330 _cgo_dummy_export
KERNEL32.dll
0x14162f494 AddAtomA
0x14162f49c AddVectoredContinueHandler
0x14162f4a4 AddVectoredExceptionHandler
0x14162f4ac CloseHandle
0x14162f4b4 CreateEventA
0x14162f4bc CreateIoCompletionPort
0x14162f4c4 CreateMutexA
0x14162f4cc CreateSemaphoreA
0x14162f4d4 CreateThread
0x14162f4dc CreateWaitableTimerExW
0x14162f4e4 DeleteAtom
0x14162f4ec DeleteCriticalSection
0x14162f4f4 DuplicateHandle
0x14162f4fc EnterCriticalSection
0x14162f504 ExitProcess
0x14162f50c FindAtomA
0x14162f514 FormatMessageA
0x14162f51c FreeEnvironmentStringsW
0x14162f524 GetAtomNameA
0x14162f52c GetConsoleMode
0x14162f534 GetCurrentProcess
0x14162f53c GetCurrentProcessId
0x14162f544 GetCurrentThread
0x14162f54c GetCurrentThreadId
0x14162f554 GetEnvironmentStringsW
0x14162f55c GetErrorMode
0x14162f564 GetHandleInformation
0x14162f56c GetLastError
0x14162f574 GetModuleHandleA
0x14162f57c GetProcAddress
0x14162f584 GetProcessAffinityMask
0x14162f58c GetQueuedCompletionStatusEx
0x14162f594 GetStartupInfoA
0x14162f59c GetStdHandle
0x14162f5a4 GetSystemDirectoryA
0x14162f5ac GetSystemInfo
0x14162f5b4 GetSystemTimeAsFileTime
0x14162f5bc GetThreadContext
0x14162f5c4 GetThreadPriority
0x14162f5cc GetTickCount
0x14162f5d4 InitializeCriticalSection
0x14162f5dc IsDBCSLeadByteEx
0x14162f5e4 IsDebuggerPresent
0x14162f5ec LeaveCriticalSection
0x14162f5f4 LoadLibraryExW
0x14162f5fc LoadLibraryW
0x14162f604 LocalFree
0x14162f60c MultiByteToWideChar
0x14162f614 OpenProcess
0x14162f61c OutputDebugStringA
0x14162f624 PostQueuedCompletionStatus
0x14162f62c QueryPerformanceCounter
0x14162f634 QueryPerformanceFrequency
0x14162f63c RaiseException
0x14162f644 RaiseFailFastException
0x14162f64c ReleaseMutex
0x14162f654 ReleaseSemaphore
0x14162f65c RemoveVectoredExceptionHandler
0x14162f664 ResetEvent
0x14162f66c ResumeThread
0x14162f674 RtlLookupFunctionEntry
0x14162f67c RtlVirtualUnwind
0x14162f684 SetConsoleCtrlHandler
0x14162f68c SetErrorMode
0x14162f694 SetEvent
0x14162f69c SetLastError
0x14162f6a4 SetProcessAffinityMask
0x14162f6ac SetProcessPriorityBoost
0x14162f6b4 SetThreadContext
0x14162f6bc SetThreadPriority
0x14162f6c4 SetUnhandledExceptionFilter
0x14162f6cc SetWaitableTimer
0x14162f6d4 Sleep
0x14162f6dc SuspendThread
0x14162f6e4 SwitchToThread
0x14162f6ec TlsAlloc
0x14162f6f4 TlsGetValue
0x14162f6fc TlsSetValue
0x14162f704 TryEnterCriticalSection
0x14162f70c VirtualAlloc
0x14162f714 VirtualFree
0x14162f71c VirtualProtect
0x14162f724 VirtualQuery
0x14162f72c WaitForMultipleObjects
0x14162f734 WaitForSingleObject
0x14162f73c WerGetFlags
0x14162f744 WerSetFlags
0x14162f74c WideCharToMultiByte
0x14162f754 WriteConsoleW
0x14162f75c WriteFile
0x14162f764 __C_specific_handler
msvcrt.dll
0x14162f774 ___lc_codepage_func
0x14162f77c ___mb_cur_max_func
0x14162f784 __getmainargs
0x14162f78c __initenv
0x14162f794 __iob_func
0x14162f79c __lconv_init
0x14162f7a4 __set_app_type
0x14162f7ac __setusermatherr
0x14162f7b4 _acmdln
0x14162f7bc _amsg_exit
0x14162f7c4 _beginthread
0x14162f7cc _beginthreadex
0x14162f7d4 _cexit
0x14162f7dc _commode
0x14162f7e4 _endthreadex
0x14162f7ec _errno
0x14162f7f4 _fmode
0x14162f7fc _initterm
0x14162f804 _lock
0x14162f80c _memccpy
0x14162f814 _onexit
0x14162f81c _setjmp
0x14162f824 _strdup
0x14162f82c _ultoa
0x14162f834 _unlock
0x14162f83c abort
0x14162f844 calloc
0x14162f84c exit
0x14162f854 fprintf
0x14162f85c fputc
0x14162f864 free
0x14162f86c fwrite
0x14162f874 localeconv
0x14162f87c longjmp
0x14162f884 malloc
0x14162f88c memcpy
0x14162f894 memmove
0x14162f89c memset
0x14162f8a4 printf
0x14162f8ac realloc
0x14162f8b4 signal
0x14162f8bc strerror
0x14162f8c4 strlen
0x14162f8cc strncmp
0x14162f8d4 vfprintf
0x14162f8dc wcslen
EAT(Export Address Table) Library
0x14162c330 _cgo_dummy_export