Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 2, 2021, 8:50 a.m.	April 2, 2021, 8:53 a.m.

Size	380.5KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`30315eed5f5ade346b5ccfcc452310bf`
SHA256	`fdce1eff308b78fefc2ef730679bd5317620f3e3a52a695ebb3ad355663603c2`
CRC32	`75AD0BF1`
ssdeep	`6144:OOhxWpCcRexubjw/WNQoGuBF4CEejyK0nnTaftjWnFGLOk0zEj/L3Oc+gpHU:OOKcubjuA5BFiTaFjaPczOcjpHU`
PDB Path	c:\try\Fair\Did-miss\Neigh\Deep.pdb
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero win_files_operation - Affect private profile IsPE32 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) HasDebugData - DebugData Check HasRichSignature - Rich Signature Check

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\u8muj5t.zip.dll,Flowertruck
112
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\u8muj5t.zip.dll,Manyclimb
2076
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\u8muj5t.zip.dll,Putearly
596
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\u8muj5t.zip.dll,Shalltoward
1048
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\u8muj5t.zip.dll,
2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

c:\try\Fair\Did-miss\Neigh\Deep.pdb

One or more processes crashed (50 out of 140 events)

Time & API	Arguments	Status
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224388 registers.edi: 5712616 registers.eax: 2000478246 registers.ebp: 2000552521 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1970405376 registers.ecx: 66040	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 16 registers.eax: 2000478246 registers.ebp: 3540944 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 15 registers.eax: 2000478246 registers.ebp: 3540960 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 14 registers.eax: 2000478246 registers.ebp: 3540976 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 13 registers.eax: 2000478246 registers.ebp: 3540992 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 12 registers.eax: 2000478246 registers.ebp: 3541008 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 11 registers.eax: 2000478246 registers.ebp: 3541024 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 10 registers.eax: 2000478246 registers.ebp: 3541040 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 9 registers.eax: 2000478246 registers.ebp: 3541056 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 8 registers.eax: 2000478246 registers.ebp: 3541072 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 7 registers.eax: 2000478246 registers.ebp: 3541088 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 3541104 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 5 registers.eax: 2000478246 registers.ebp: 3541120 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 4 registers.eax: 2000478246 registers.ebp: 3541136 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 3 registers.eax: 2000478246 registers.ebp: 3541152 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 2 registers.eax: 2000478246 registers.ebp: 3541168 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224364 registers.edi: 1 registers.eax: 2000478246 registers.ebp: 3541184 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: DllRegisterServer+0xcbc7 u8muj5t+0x16937 @ 0x73cc6937 exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2223560 registers.edi: 12 registers.eax: 2000478246 registers.ebp: 2224632 registers.edx: 23 registers.ebx: 2224648 registers.esi: 23 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224616 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 96784 registers.edx: 827898 registers.ebx: 0 registers.esi: 282 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 16 registers.edx: 0 registers.ebx: 64 registers.esi: 3544424 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 15 registers.edx: 0 registers.ebx: 64 registers.esi: 3544448 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 14 registers.edx: 0 registers.ebx: 64 registers.esi: 3544472 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 13 registers.edx: 0 registers.ebx: 64 registers.esi: 3544496 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 12 registers.edx: 0 registers.ebx: 64 registers.esi: 3544520 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 11 registers.edx: 0 registers.ebx: 64 registers.esi: 3544544 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 10 registers.edx: 0 registers.ebx: 64 registers.esi: 3544568 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 9 registers.edx: 0 registers.ebx: 64 registers.esi: 3544592 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 8 registers.edx: 0 registers.ebx: 64 registers.esi: 3544616 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 7 registers.edx: 0 registers.ebx: 64 registers.esi: 3544640 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 6 registers.edx: 0 registers.ebx: 64 registers.esi: 3544664 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 5 registers.edx: 0 registers.ebx: 64 registers.esi: 3544688 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 4 registers.edx: 0 registers.ebx: 64 registers.esi: 3544712 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 3 registers.edx: 0 registers.ebx: 64 registers.esi: 3544736 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 2 registers.edx: 0 registers.ebx: 64 registers.esi: 3544760 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 2224592 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 1 registers.edx: 0 registers.ebx: 64 registers.esi: 3544784 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176416 registers.edi: 7678680 registers.eax: 2000478246 registers.ebp: 2000552521 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1970405376 registers.ecx: 66040	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 16 registers.eax: 2000478246 registers.ebp: 3672016 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 15 registers.eax: 2000478246 registers.ebp: 3672032 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 14 registers.eax: 2000478246 registers.ebp: 3672048 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 13 registers.eax: 2000478246 registers.ebp: 3672064 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 12 registers.eax: 2000478246 registers.ebp: 3672080 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 11 registers.eax: 2000478246 registers.ebp: 3672096 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 10 registers.eax: 2000478246 registers.ebp: 3672112 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 9 registers.eax: 2000478246 registers.ebp: 3672128 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 8 registers.eax: 2000478246 registers.ebp: 3672144 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 7 registers.eax: 2000478246 registers.ebp: 3672160 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 3672176 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 5 registers.eax: 2000478246 registers.ebp: 3672192 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 4 registers.eax: 2000478246 registers.ebp: 3672208 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 2, 2021, 8:51 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec u8muj5t+0x1105c exception.address: 0x73cc105c registers.esp: 1176392 registers.edi: 3 registers.eax: 2000478246 registers.ebp: 3672224 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (20 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 2, 2021, 8:50 a.m.	process_identifier: 112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73cf1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d0f000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 112 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00350000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 112 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00360000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 112 region_size: 532480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00370000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 2, 2021, 8:50 a.m.	process_identifier: 2076 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73cf1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 2076 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d0f000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 2076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00320000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 2076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00340000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 2076 region_size: 532480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00350000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 2, 2021, 8:50 a.m.	process_identifier: 596 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73cf1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 596 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d0f000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 596 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00320000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 596 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00340000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 596 region_size: 532480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00350000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 2, 2021, 8:50 a.m.	process_identifier: 1048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73cf1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 1048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73d0f000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 1048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 1048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00410000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 2, 2021, 8:51 a.m.	process_identifier: 1048 region_size: 532480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01c80000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0003fa00', u'virtual_address': u'0x00001000', u'entropy': 6.848382768576494, u'name': u'.text', u'virtual_size': u'0x0003f9a4'}

entropy

6.84838276858

description

A section with a high entropy has been found

entropy

0.670619235837

description

Overall entropy of this PE file is high

File has been identified by 28 AntiVirus engines on VirusTotal as malicious (28 events)

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.36620846
McAfee	RDN/Dridex
Sangfor	Trojan.Win32.Save.a
Alibaba	Trojan:Office/Dridex.783a0a63
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HKFQ
Paloalto	generic.ml
BitDefender	Trojan.GenericKD.36620846
Avast	Win32:MalwareX-gen [Trj]
Ad-Aware	Trojan.GenericKD.36620846
Emsisoft	Trojan.GenericKD.36620846 (B)
DrWeb	Trojan.Dridex.735
McAfee-GW-Edition	Artemis!Trojan
FireEye	Generic.mg.30315eed5f5ade34
APEX	Malicious
GData	Win32.Trojan.Agent.9GYV42
Webroot	W32.Trojan.Gen
MAX	malware (ai score=89)
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
Ikarus	Trojan-Banker.Dridex
Rising	Malware.Undefined!8.C (CLOUD)
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/Dridex.735!tr
AVG	Win32:MalwareX-gen [Trj]
Qihoo-360	Win32/Trojan.Dridex.HgkASR4A

u8muj5t.zip

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All