Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 9, 2021, 4:29 p.m.	Sept. 9, 2021, 4:33 p.m.

Size	6.3MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`25a6cb0f02405cdb54aef3696a91d405`
SHA256	`81f9e755ba26058922c5fdb70ead4d6d36c65e95d3bc59a44112c0dd1f928b0e`
CRC32	`6AE97553`
ssdeep	`196608:56NRS1fl4D//vZ1qeDG9p4nfQythL5mnnbrF:cHel4DiP98bibrF`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

lv.exe "C:\Users\test22\AppData\Local\Temp\lv.exe"
1896
- dosselvp.exe "C:\Users\test22\AppData\Local\Temp\chital\dosselvp.exe"
  2244
- teemer.exe "C:\Users\test22\AppData\Local\Temp\chital\teemer.exe"
  2256

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 9, 2021, 4:29 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65539 events)

Time & API	Arguments	Status
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: dosselvp+0x34d58b @ 0x4bd58b dosselvp+0x3606db @ 0x4d06db exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 11336320 registers.edi: 1675264 registers.eax: 11336320 registers.ebp: 11336400 registers.edx: 2130566132 registers.ebx: 11272235 registers.esi: 2000778283 registers.ecx: 4154589184	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.instruction_r: ed e9 6e e3 00 00 c3 e9 a8 7e ff ff ac 05 59 1c exception.symbol: dosselvp+0x392cd0 exception.instruction: in eax, dx exception.module: dosselvp.exe exception.exception_code: 0xc0000096 exception.offset: 3747024 exception.address: 0x502cd0 registers.esp: 11336440 registers.edi: 15413912 registers.eax: 1750617430 registers.ebp: 1675264 registers.edx: 15423574 registers.ebx: 0 registers.esi: 13 registers.ecx: 20	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.instruction_r: ed e9 19 28 fe ff f1 f7 0d 13 bd 5f 9f 95 00 c8 exception.symbol: dosselvp+0x39baed exception.instruction: in eax, dx exception.module: dosselvp.exe exception.exception_code: 0xc0000096 exception.offset: 3783405 exception.address: 0x50baed registers.esp: 11336440 registers.edi: 15413912 registers.eax: 1447909480 registers.ebp: 1675264 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13 registers.ecx: 10	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd6da49d teemer+0x5346b0 @ 0x1402146b0 teemer+0x531279 @ 0x140211279 HeapWalk-0x1ce0 kernel32+0x0 @ 0x76e40000 0x12fcf8 0x12fcf8 0x12fcf8 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefd6da49d registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242608 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244416 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1244440 registers.rdi: 5365628928 registers.rax: 1999976984 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73721000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74e51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73711000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72764000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 2244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7743f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 2244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 2244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00190000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 2244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0018a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 2244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0018a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 2244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0018a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 2256 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000772b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 9, 2021, 4:29 p.m.	process_identifier: 2256 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077210000 process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (6 events)

file	C:\Program Files (x86)\foler\olader\adprovider.dll
file	C:\Program Files (x86)\foler\olader\acppage.dll
file	C:\Program Files (x86)\foler\olader\acledit.dll
file	C:\Users\test22\AppData\Local\Temp\nsk655B.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\chital\teemer.exe
file	C:\Users\test22\AppData\Local\Temp\chital\dosselvp.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\nsk655B.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\chital\dosselvp.exe

Expresses interest in specific running processes (1 event)

process

system

Attempts to identify installed AV products by installation directory (2 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\AVG

Checks for the presence of known windows from debuggers and forensic tools (12 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Sept. 9, 2021, 4:29 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Sept. 9, 2021, 4:29 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Sept. 9, 2021, 4:29 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Sept. 9, 2021, 4:29 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 9, 2021, 4:29 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 9, 2021, 4:29 p.m.	class_name: File Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Sept. 9, 2021, 4:29 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 9, 2021, 4:29 p.m.	class_name: Process Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Sept. 9, 2021, 4:29 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 9, 2021, 4:29 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 9, 2021, 4:29 p.m.	class_name: Registry Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Sept. 9, 2021, 4:29 p.m.	class_name: 18467-41 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Sept. 9, 2021, 4:29 p.m.	tid: 1332 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Sept. 9, 2021, 4:29 p.m.	information_class: 76 (SystemFirmwareTableInformation)		3221225507	0

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 9, 2021, 4:29 p.m.	stacktrace: exception.instruction_r: ed e9 19 28 fe ff f1 f7 0d 13 bd 5f 9f 95 00 c8 exception.symbol: dosselvp+0x39baed exception.instruction: in eax, dx exception.module: dosselvp.exe exception.exception_code: 0xc0000096 exception.offset: 3783405 exception.address: 0x50baed registers.esp: 11336440 registers.edi: 15413912 registers.eax: 1447909480 registers.ebp: 1675264 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13 registers.ecx: 10	1	0	0

File has been identified by 39 AntiVirus engines on VirusTotal as malicious (39 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.D.QMW@daAEb5ki
ALYac	Gen:Variant.Razy.920754
Cylance	Unsafe
Zillya	Trojan.Coins.Win32.6491
Sangfor	Suspicious.Win32.Save.a
K7GW	Trojan ( 00581cd31 )
Cybereason	malicious.f02405
Arcabit	Trojan.Heur.D.ED2423F
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Packed.Filerepmalware-9864117-0
Kaspersky	Trojan.Win32.AntiVM.ub
BitDefender	Gen:Trojan.Heur.D.QMW@daAEb5ki
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	Win32:CrypterX-gen [Trj]
Rising	Trojan.Generic@ML.100 (RDML:hDS21qcGHBwZI7riRLUesw)
Emsisoft	Gen:Trojan.Heur.D.QMW@daAEb5ki (B)
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
FireEye	Generic.mg.25a6cb0f02405cdb
Sophos	Mal/Generic-S
Avira	HEUR/AGEN.1140896
Kingsoft	Win32.PSWTroj.Undef.(kcloud)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Win32.Trojan.BSE.HLJWVB
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Generic.C4482386
McAfee	Artemis!25A6CB0F0240
MAX	malware (ai score=84)
VBA32	BScope.TrojanPSW.Coins
Malwarebytes	Malware.AI.753280343
Tencent	Win32.Trojan.Genkryptik.Hrpe
eGambit	Unsafe.AI_Score_91%
BitDefenderTheta	AI:Packer.3026FBC51E
AVG	Win32:CrypterX-gen [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_70% (W)

lv.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All