Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	April 1, 2021, 9:20 a.m.	April 1, 2021, 9:28 a.m.

Size	381.5KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`d29310c232038a6dd1f2b8749be5619e`
SHA256	`bb56d5afc7d00cb06990a05455fdaffd42f98f2b86fba71a282df8d0195ff674`
CRC32	`296252D8`
ssdeep	`6144:n6vYH/guLTgCb1oFtIaJmGDtDplcJqiD4IU2fQ/TxH+GtrHayYm:n6vYouLTgC5oFt/hRDfkL1U2Y/TxeGtn`
PDB Path	paragraph.pdbVillagesdinghgaragraph#@db
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero win_files_operation - Affect private profile IsPE32 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) HasDebugData - DebugData Check HasRichSignature - Rich Signature Check

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\oqibxmsfz.zip.dll,Columnspot
1836
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\oqibxmsfz.zip.dll,Groundhuman
3236
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\oqibxmsfz.zip.dll,Hotelement
8780
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\oqibxmsfz.zip.dll,Wheredesert
3752
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\oqibxmsfz.zip.dll,
8704

Name	Response	Post-Analysis Lookup
r3---sn-3u-bh26.gvt1.com	A 59.18.44.14 CNAME r3.sn-3u-bh26.gvt1.com	59.18.44.14

IP Address	Status	Action
142.250.199.78	Active	Moloch
142.250.66.67	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
59.18.44.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

paragraph.pdbVillagesdinghgaragraph#@db

One or more processes crashed (50 out of 140 events)

Time & API	Arguments	Status
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569372 registers.edi: 3877608 registers.eax: 2000478246 registers.ebp: 2000552521 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1970405376 registers.ecx: 66040	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 16 registers.eax: 2000478246 registers.ebp: 10029008 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 15 registers.eax: 2000478246 registers.ebp: 10029024 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 14 registers.eax: 2000478246 registers.ebp: 10029040 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 13 registers.eax: 2000478246 registers.ebp: 10029056 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 12 registers.eax: 2000478246 registers.ebp: 10029072 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 11 registers.eax: 2000478246 registers.ebp: 10029088 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 10 registers.eax: 2000478246 registers.ebp: 10029104 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 9 registers.eax: 2000478246 registers.ebp: 10029120 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 8 registers.eax: 2000478246 registers.ebp: 10029136 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 7 registers.eax: 2000478246 registers.ebp: 10029152 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 10029168 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 5 registers.eax: 2000478246 registers.ebp: 10029184 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 4 registers.eax: 2000478246 registers.ebp: 10029200 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 3 registers.eax: 2000478246 registers.ebp: 10029216 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 2 registers.eax: 2000478246 registers.ebp: 10029232 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569348 registers.edi: 1 registers.eax: 2000478246 registers.ebp: 10029248 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: DllRegisterServer+0xcbc7 oqibxmsfz+0x16937 @ 0x73806937 exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1568552 registers.edi: 12 registers.eax: 2000478246 registers.ebp: 1569616 registers.edx: 23 registers.ebx: 1569632 registers.esi: 23 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569600 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 96784 registers.edx: 827898 registers.ebx: 0 registers.esi: 282 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 16 registers.edx: 0 registers.ebx: 64 registers.esi: 10032488 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 15 registers.edx: 0 registers.ebx: 64 registers.esi: 10032512 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 14 registers.edx: 0 registers.ebx: 64 registers.esi: 10032536 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 13 registers.edx: 0 registers.ebx: 64 registers.esi: 10032560 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 12 registers.edx: 0 registers.ebx: 64 registers.esi: 10032584 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 11 registers.edx: 0 registers.ebx: 64 registers.esi: 10032608 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 10 registers.edx: 0 registers.ebx: 64 registers.esi: 10032632 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 9 registers.edx: 0 registers.ebx: 64 registers.esi: 10032656 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 8 registers.edx: 0 registers.ebx: 64 registers.esi: 10032680 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 7 registers.edx: 0 registers.ebx: 64 registers.esi: 10032704 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 6 registers.edx: 0 registers.ebx: 64 registers.esi: 10032728 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 5 registers.edx: 0 registers.ebx: 64 registers.esi: 10032752 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 4 registers.edx: 0 registers.ebx: 64 registers.esi: 10032776 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 3 registers.edx: 0 registers.ebx: 64 registers.esi: 10032800 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 2 registers.edx: 0 registers.ebx: 64 registers.esi: 10032824 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 1569576 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 1 registers.edx: 0 registers.ebx: 64 registers.esi: 10032848 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028716 registers.edi: 5778152 registers.eax: 2000478246 registers.ebp: 2000552521 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1970405376 registers.ecx: 66040	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 16 registers.eax: 2000478246 registers.ebp: 12584912 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 15 registers.eax: 2000478246 registers.ebp: 12584928 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 14 registers.eax: 2000478246 registers.ebp: 12584944 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 13 registers.eax: 2000478246 registers.ebp: 12584960 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 12 registers.eax: 2000478246 registers.ebp: 12584976 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 11 registers.eax: 2000478246 registers.ebp: 12584992 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 10 registers.eax: 2000478246 registers.ebp: 12585008 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 9 registers.eax: 2000478246 registers.ebp: 12585024 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 8 registers.eax: 2000478246 registers.ebp: 12585040 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 7 registers.eax: 2000478246 registers.ebp: 12585056 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 12585072 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 5 registers.eax: 2000478246 registers.ebp: 12585088 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 4 registers.eax: 2000478246 registers.ebp: 12585104 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 1, 2021, 9:21 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec oqibxmsfz+0x1105c exception.address: 0x7380105c registers.esp: 2028692 registers.edi: 3 registers.eax: 2000478246 registers.ebp: 12585120 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

POST method with no referer header

suspicious_request

POST https://update.googleapis.com/service/update2?cup2key=10:1131089239&cup2hreq=b1fbf598cff2d879a4bf382cc07193d04fcb89cdad69ea0b0d44ceb3cb86d922

Performs some HTTP requests (3 events)

request	HEAD http://redirector.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe
request	HEAD http://r3---sn-3u-bh26.gvt1.com/edgedl/release2/update2/ALmnr7lDhOvozdF08iOk7Ks_1.3.36.72/GoogleUpdateSetup.exe?cms_redirect=yes&mh=pH&mip=175.208.134.150&mm=28&mn=sn-3u-bh26&ms=nvh&mt=1617236418&mv=m&mvi=3&pl=18&shardbypass=yes
request	POST https://update.googleapis.com/service/update2?cup2key=10:1131089239&cup2hreq=b1fbf598cff2d879a4bf382cc07193d04fcb89cdad69ea0b0d44ceb3cb86d922

Sends data using the HTTP POST Method (1 event)

request

POST https://update.googleapis.com/service/update2?cup2key=10:1131089239&cup2hreq=b1fbf598cff2d879a4bf382cc07193d04fcb89cdad69ea0b0d44ceb3cb86d922

Allocates read-write-execute memory (usually to unpack itself) (20 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 1, 2021, 9:20 a.m.	process_identifier: 1836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73831000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 1836 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73850000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 1836 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 1836 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 1836 region_size: 532480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00910000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 1, 2021, 9:20 a.m.	process_identifier: 3236 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73831000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 3236 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73850000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 3236 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 3236 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 3236 region_size: 532480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00410000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 1, 2021, 9:20 a.m.	process_identifier: 8780 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73831000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 8780 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73850000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 8780 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00330000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 8780 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00340000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 8780 region_size: 532480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 1, 2021, 9:20 a.m.	process_identifier: 3752 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73831000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 3752 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73850000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 3752 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 3752 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 1, 2021, 9:21 a.m.	process_identifier: 3752 region_size: 532480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00810000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

File has been identified by 7 AntiVirus engines on VirusTotal as malicious (7 events)

Bkav	W32.AIDetect.malware2
FireEye	Generic.mg.d29310c232038a6d
APEX	Malicious
Kaspersky	VHO:Trojan-Dropper.Win32.Roxer.gen
Ikarus	Trojan-Dropper.VBA.Agent
Microsoft	Program:Win32/Wacapew.C!ml
Cynet	Malicious (score: 100)

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0003f600', u'virtual_address': u'0x00001000', u'entropy': 6.832596215946129, u'name': u'.text', u'virtual_size': u'0x0003f474'}

entropy

6.83259621595

description

A section with a high entropy has been found

entropy

0.666228646518

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (3 events)

host	142.250.199.78
host	142.250.66.67
host	172.217.25.14

oqibxmsfz.zip

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All