Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 17, 2021, 10:47 a.m.	Sept. 17, 2021, 10:49 a.m.

Size	3.0MB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`3a00ac1d224382941045b8673a3b66a0`
SHA256	`f0ec1b1742a80fdcbc0f22788f7b74248dfd650383971bcade1f533c728d0530`
CRC32	`A58593DE`
ssdeep	`49152:lec1jbgkFECrUAwrKorb9TYRWP1d8sz/BwFH0xndk+eXMTBiVDYJ3Q9U31uD9+1P:p1PLRmK+fwFH0xndk+eXcBiVDe3Xlq9S`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library themida_packer - themida packer IsPE32 - (no description)

instal.exe "C:\Users\test22\AppData\Local\Temp\instal.exe"
1896

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
109.248.11.182	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 17, 2021, 10:47 a.m.			0	0
IsDebuggerPresent Sept. 17, 2021, 10:47 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (3 events)

Time & API	Arguments	Status	Return
CryptExportKey Sept. 17, 2021, 10:47 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00eeb3f8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 17, 2021, 10:47 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00eeb3f8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 17, 2021, 10:47 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00eeb478 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 17, 2021, 10:47 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (4 events)

section
section	AliExpre
section	.themida
section	.boot

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	GOOGLEUPDATE
resource name	TYPELIB

One or more processes crashed (3 events)

Time & API	Arguments	Status
__exception__ Sept. 17, 2021, 10:47 a.m.	stacktrace: instal+0x4f4378 @ 0x6e4378 instal+0x4f4427 @ 0x6e4427 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc e9 98 ae af 89 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 11664516 registers.edi: 2850816 registers.eax: 11664516 registers.ebp: 11664596 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 2000778283 registers.ecx: 4083941376	1
__exception__ Sept. 17, 2021, 10:47 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 c4 04 e9 43 88 e5 ff exception.symbol: instal+0x526958 exception.instruction: in eax, dx exception.module: instal.exe exception.exception_code: 0xc0000096 exception.offset: 5400920 exception.address: 0x716958 registers.esp: 11664636 registers.edi: 5722229 registers.eax: 1750617430 registers.ebp: 2850816 registers.edx: 22614 registers.ebx: 2147483650 registers.esi: 5734866 registers.ecx: 20	1
__exception__ Sept. 17, 2021, 10:47 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 c4 04 81 fb 68 58 4d exception.symbol: instal+0x5269cc exception.instruction: in eax, dx exception.module: instal.exe exception.exception_code: 0xc0000096 exception.offset: 5401036 exception.address: 0x7169cc registers.esp: 11664636 registers.edi: 5722229 registers.eax: 1447909480 registers.ebp: 2850816 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 5734866 registers.ecx: 10	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 126 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7574c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a84000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7574a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75734000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75734000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75734000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75734000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75483000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75734000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7574c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75733000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75731000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75733000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a7c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75733000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a8b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75735000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a8b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75734000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a80000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75731000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75731000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a7b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75731000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a7d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75735000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a7c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75731000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75731000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a7d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75734000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75735000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75735000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75734000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a7b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75753000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75758000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x757ae000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75755000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7574c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75731000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2021, 10:47 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a7b000 process_handle: 0xffffffff	1

A process attempted to delay the analysis task. (1 event)

description

instal.exe tried to sleep 175 seconds, actually delayed analysis time by 175 seconds

Foreign language identified in PE resource (50 out of 56 events)

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x007f800c

size

0x000001aa

The binary likely contains encrypted or compressed data indicative of a packer (6 events)

section

{u'size_of_data': u'0x00014400', u'virtual_address': u'0x00002000', u'entropy': 7.997666064789692, u'name': u' ', u'virtual_size': u'0x00034000'}

entropy

7.99766606479

description