Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 15, 2021, 10:03 a.m.	July 15, 2021, 10:20 a.m.

Size	164.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`76590750b6933c89a6fd7007812a5897`
SHA256	`d93210076662115315a8713a18a86f22051c45ab7216129daa9b5638a76dac43`
CRC32	`E53DC4A4`
ssdeep	`3072:a7p3dQo86PI7e2seiJPWZ6Ox1uTQjY48+STfLbh9w47sIF:g3dyj7NseoPOx1KQU5TTbbT`
PDB Path	Gpernfedeefe.pdb
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature

file7.bin "C:\Users\test22\AppData\Local\Temp\file7.bin"
2424

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

Gpernfedeefe.pdb

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 0 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 0 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: file7+0x21eb exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: file7+0x21ec exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: file7+0x21eb exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 2 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: file7+0x21ec exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 2 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 2 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 2 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: file7+0x21eb exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 3 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: file7+0x21ec exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 3 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 3 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 3 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: file7+0x21eb exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 4 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: file7+0x21ec exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 4 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 4 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 4 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: file7+0x21eb exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 5 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: file7+0x21ec exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 5 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 5 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 5 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: file7+0x21eb exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 6 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: file7+0x21ec exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 6 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 6 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 6 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: file7+0x21eb exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 7 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: file7+0x21ec exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 7 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 7 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 7 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: file7+0x21eb exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 8 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: file7+0x21ec exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 8 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 8 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 8 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: file7+0x21eb exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 9 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: file7+0x21ec exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 9 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 9 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 9 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: file7+0x21eb exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 10 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: file7+0x21ec exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 10 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 10 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 10 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: file7+0x21eb exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 11 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: file7+0x21ec exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 11 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 11 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 11 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 exception.symbol: file7+0x21eb exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8683 exception.address: 0x100021eb registers.esp: 1638276 registers.edi: 0 registers.eax: 12 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 4a 00 00 exception.symbol: file7+0x21ec exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8684 exception.address: 0x100021ec registers.esp: 1638276 registers.edi: 0 registers.eax: 12 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 exception.symbol: file7+0x21e8 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8680 exception.address: 0x100021e8 registers.esp: 1638276 registers.edi: 0 registers.eax: 12 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1
__exception__ July 15, 2021, 10:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77799ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77799ea5 exception.instruction_r: cc 40 cc cc eb f2 58 64 a3 00 00 00 00 58 e9 b0 exception.symbol: file7+0x21e9 exception.instruction: int3 exception.module: file7.bin exception.exception_code: 0x80000003 exception.offset: 8681 exception.address: 0x100021e9 registers.esp: 1638276 registers.edi: 0 registers.eax: 12 registers.ebp: 1638292 registers.edx: 1637888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 1638088	1

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory July 15, 2021, 10:03 a.m.	process_identifier: 2424 region_size: 24576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00014000', u'virtual_address': u'0x00001000', u'entropy': 7.873813903755649, u'name': u'.text', u'virtual_size': u'0x00013a7c'}

entropy

7.87381390376

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00011000', u'virtual_address': u'0x00016000', u'entropy': 7.849022484939113, u'name': u'.data', u'virtual_size': u'0x0001190c'}

entropy

7.84902248494

description

A section with a high entropy has been found

entropy

0.925

description

Overall entropy of this PE file is high

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ July 15, 2021, 10:03 a.m.	tid: 2428 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 32 AntiVirus engines on VirusTotal as malicious (32 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
DrWeb	Trojan.Dridex.776
FireEye	Generic.mg.76590750b6933c89
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00549d461 )
Alibaba	Trojan:Win32/EmotetedCryptc.180910
K7GW	Trojan ( 00549d461 )
Cybereason	malicious.2db86d
BitDefenderTheta	Gen:NN.ZexaF.34796.ku0@a07tS@b
Symantec	Packed.Generic.553
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:Trojan.Multi.GenericML.xnet
Avast	Win32:TrojanX-gen [Trj]
Rising	Trojan.Generic@ML.96 (RDML:CYgHAdR/Dm+FoNLx/9rmrA)
Sophos	Mal/Generic-R + Mal/EncPk-APX
McAfee-GW-Edition	BehavesLike.Win32.Generic.cc
SentinelOne	Static AI - Malicious PE
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Emotet.LK!ml
GData	Win32.Trojan-Downloader.Dridex.4QO2LB
Cynet	Malicious (score: 100)
Acronis	suspicious
McAfee	RDN/Generic.grp
Malwarebytes	MachineLearning/Anomalous.100%
TrendMicro-HouseCall	TROJ_GEN.R002H07GE21
Fortinet	W32/PossibleThreat
AVG	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Trojan.Generic.HxQBlecA

file7.bin

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All