ScreenShot
| Created | 2025.02.19 11:38 | Machine | s1_win7_x6401 |
| Filename | MAGNIFICENT_MAILBOX.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | |||
| VT API (file) | |||
| md5 | a1d8035b93923215c7d7cbc17e735deb | ||
| sha256 | 5a37021cd9626f6b48a8cf31c79d350946a5ac9dd94b96f51e121b991b5353dc | ||
| ssdeep | 98304:L3SxOjhGAjzbKwCdgVNIBh3dzU5DqcLbDudEo9GWc5V/by:DSSX2+VNIBphU5mcLvo9GW6xy | ||
| imphash | f0ea7b7844bbc5bfa9bb32efdcea957c | ||
| impfuzzy | 24:UbVjh9wO+VuT2oLtXOr6kwmDruMztxdEr6tP:GwO+VAXOmGx0oP | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects the presence of Wine emulator |
| info | Checks if process is being debugged by a debugger |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x1299040 WriteFile
0x1299048 WriteConsoleW
0x1299050 WaitForMultipleObjects
0x1299058 WaitForSingleObject
0x1299060 VirtualQuery
0x1299068 VirtualFree
0x1299070 VirtualAlloc
0x1299078 TlsAlloc
0x1299080 SwitchToThread
0x1299088 SuspendThread
0x1299090 SetWaitableTimer
0x1299098 SetUnhandledExceptionFilter
0x12990a0 SetProcessPriorityBoost
0x12990a8 SetEvent
0x12990b0 SetErrorMode
0x12990b8 SetConsoleCtrlHandler
0x12990c0 ResumeThread
0x12990c8 PostQueuedCompletionStatus
0x12990d0 LoadLibraryA
0x12990d8 LoadLibraryW
0x12990e0 SetThreadContext
0x12990e8 GetThreadContext
0x12990f0 GetSystemInfo
0x12990f8 GetSystemDirectoryA
0x1299100 GetStdHandle
0x1299108 GetQueuedCompletionStatusEx
0x1299110 GetProcessAffinityMask
0x1299118 GetProcAddress
0x1299120 GetEnvironmentStringsW
0x1299128 GetConsoleMode
0x1299130 FreeEnvironmentStringsW
0x1299138 ExitProcess
0x1299140 DuplicateHandle
0x1299148 CreateWaitableTimerExW
0x1299150 CreateThread
0x1299158 CreateIoCompletionPort
0x1299160 CreateFileA
0x1299168 CreateEventA
0x1299170 CloseHandle
0x1299178 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x1299040 WriteFile
0x1299048 WriteConsoleW
0x1299050 WaitForMultipleObjects
0x1299058 WaitForSingleObject
0x1299060 VirtualQuery
0x1299068 VirtualFree
0x1299070 VirtualAlloc
0x1299078 TlsAlloc
0x1299080 SwitchToThread
0x1299088 SuspendThread
0x1299090 SetWaitableTimer
0x1299098 SetUnhandledExceptionFilter
0x12990a0 SetProcessPriorityBoost
0x12990a8 SetEvent
0x12990b0 SetErrorMode
0x12990b8 SetConsoleCtrlHandler
0x12990c0 ResumeThread
0x12990c8 PostQueuedCompletionStatus
0x12990d0 LoadLibraryA
0x12990d8 LoadLibraryW
0x12990e0 SetThreadContext
0x12990e8 GetThreadContext
0x12990f0 GetSystemInfo
0x12990f8 GetSystemDirectoryA
0x1299100 GetStdHandle
0x1299108 GetQueuedCompletionStatusEx
0x1299110 GetProcessAffinityMask
0x1299118 GetProcAddress
0x1299120 GetEnvironmentStringsW
0x1299128 GetConsoleMode
0x1299130 FreeEnvironmentStringsW
0x1299138 ExitProcess
0x1299140 DuplicateHandle
0x1299148 CreateWaitableTimerExW
0x1299150 CreateThread
0x1299158 CreateIoCompletionPort
0x1299160 CreateFileA
0x1299168 CreateEventA
0x1299170 CloseHandle
0x1299178 AddVectoredExceptionHandler
EAT(Export Address Table) is none