Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 8, 2021, 5:06 p.m.	Oct. 8, 2021, 5:08 p.m.

Size	6.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`000a8ac13b6903a952c8d4e4efd3cb30`
SHA256	`e0108e85a42f0cc059183ed0b74a689e08f0cb76c59b731a7543de3e881937c0`
CRC32	`BCC21EB2`
ssdeep	`98304:zZxpfLjjZjGTIRN85gm1JkCYGSX34U6cuq5ddctOo8EhYY22LjvlWKVMq50Yohmo:z1fLpmS6OmMhGA34TculIWzTFWKTohii`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

lv.exe "C:\Users\test22\AppData\Local\Temp\lv.exe"
1220
- kitsch.exe "C:\Users\test22\AppData\Local\Temp\parkin\kitsch.exe"
  2492
- origanvp.exe "C:\Users\test22\AppData\Local\Temp\parkin\origanvp.exe"
  972

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 8, 2021, 5:06 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65539 events)

Time & API	Arguments	Status
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefde3a49d kitsch+0x4e2739 @ 0x13f5d2739 kitsch+0x50ef5a @ 0x13f5fef5a HeapWalk-0x1ce0 kernel32+0x0 @ 0x77200000 0x2afaa8 0x2afaa8 0x2afaa8 0x4839b2 0x453136 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 0x477be000000030 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefde3a49d registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816704 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2816712 registers.rdi: 5353111552 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: RtlRestoreContext+0x293 __chkstk-0x1fe ntdll+0x50bd2 @ 0x77950bd2 exception.instruction_r: 48 cf 48 83 ec 30 4c 8b c4 48 81 ec d0 04 00 00 exception.symbol: RtlRestoreContext+0x293 __chkstk-0x1fe ntdll+0x50bd2 exception.instruction: iretq exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 330706 exception.address: 0x77950bd2 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2814880 registers.rsi: 0 registers.r10: 0 registers.rbx: 5353439275 registers.rsp: 2816792 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2004952606 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (16 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73501000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76ec1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e21000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73311000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 1220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733c2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 2492 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000779f7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 2492 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077950000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77b7f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77af0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x012f0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x012ea000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x012ea000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x012ea000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 8, 2021, 5:06 p.m.	process_identifier: 972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x012ea000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (6 events)

file	C:\Program Files (x86)\foler\olader\acppage.dll
file	C:\Users\test22\AppData\Local\Temp\parkin\origanvp.exe
file	C:\Users\test22\AppData\Local\Temp\nst7C4E.tmp\UAC.dll
file	C:\Program Files (x86)\foler\olader\acledit.dll
file	C:\Program Files (x86)\foler\olader\adprovider.dll
file	C:\Users\test22\AppData\Local\Temp\parkin\kitsch.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\parkin\origanvp.exe
file	C:\Users\test22\AppData\Local\Temp\nst7C4E.tmp\UAC.dll

Expresses interest in specific running processes (1 event)

process

system

Attempts to identify installed AV products by installation directory (2 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\AVG

Checks for the presence of known windows from debuggers and forensic tools (12 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Oct. 8, 2021, 5:06 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Oct. 8, 2021, 5:06 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Oct. 8, 2021, 5:06 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Oct. 8, 2021, 5:06 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 8, 2021, 5:06 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 8, 2021, 5:06 p.m.	class_name: File Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 8, 2021, 5:06 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Oct. 8, 2021, 5:06 p.m.	class_name: Process Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 8, 2021, 5:06 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 8, 2021, 5:06 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 8, 2021, 5:06 p.m.	class_name: Registry Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 8, 2021, 5:06 p.m.	class_name: 18467-41 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Oct. 8, 2021, 5:06 p.m.	tid: 2344 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Oct. 8, 2021, 5:06 p.m.	information_class: 76 (SystemFirmwareTableInformation)		3221225507	0

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 8, 2021, 5:06 p.m.	stacktrace: exception.instruction_r: ed e9 12 a4 10 00 5c 02 b0 00 e4 9e fe ff 13 00 exception.symbol: origanvp+0x2d4435 exception.instruction: in eax, dx exception.module: origanvp.exe exception.exception_code: 0xc0000096 exception.offset: 2966581 exception.address: 0x15a4435 registers.esp: 3799924 registers.edi: 8400528 registers.eax: 1447909480 registers.ebp: 19894272 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 21779198 registers.ecx: 10	1	0	0

File has been identified by 36 AntiVirus engines on VirusTotal as malicious (36 events)

MicroWorld-eScan	Gen:Variant.Razy.920754
FireEye	Generic.mg.000a8ac13b6903a9
CAT-QuickHeal	Trojan.GenericRI.S22849637
ALYac	Gen:Trojan.Heur.D.KMW@d8u@Keai
Zillya	Trojan.Swisyn.Win32.35901
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005850dc1 )
K7GW	Trojan ( 005850dc1 )
Cybereason	malicious.13b690
BitDefenderTheta	AI:Packer.7C26BE791E
Cyren	W32/Kryptik.FHH.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Packed.Filerepmalware-9864117-0
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Razy.920754
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	NSIS:CrypterX-gen [Trj]
McAfee-GW-Edition	BehavesLike.Win32.OneSysCare.tc
Emsisoft	Gen:Variant.Razy.920754 (B)
eGambit	Unsafe.AI_Score_99%
Avira	HEUR/AGEN.1140896
Microsoft	Trojan:Win32/Sabsik.FL.A!ml
GData	Win32.Trojan.BSE.HLJWVB
Cynet	Malicious (score: 99)
McAfee	Artemis!000A8AC13B69
MAX	malware (ai score=84)
VBA32	BScope.TrojanPSW.Racealer
Malwarebytes	Malware.AI.753280343
Rising	Trojan.Generic@ML.100 (RDML:8F6us4rQx8RYBNQxECzRsA)
SentinelOne	Static AI - Suspicious PE
AVG	NSIS:CrypterX-gen [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_70% (W)

lv.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All