Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 11, 2021, 10:17 a.m.	Oct. 11, 2021, 10:28 a.m.

Size	6.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`91b1dc3f70f739111bfa2b2e42ea30b5`
SHA256	`ab2c8662c8101b040f3b5e41eb3639b1be3ce9da6ac155f7a4b0fbe63bb3fde3`
CRC32	`2719AD68`
ssdeep	`196608:I0LYFdxMbctHWVJ6QXw2iwx5ytLF5OcF9EnXciUJ3Qef:I0axftHWVJ6Lwut6cYvAR`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

lv.exe "C:\Users\test22\AppData\Local\Temp\lv.exe"
1016
- kitsch.exe "C:\Users\test22\AppData\Local\Temp\parkin\kitsch.exe"
  2428
- origanvp.exe "C:\Users\test22\AppData\Local\Temp\parkin\origanvp.exe"
  3016

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 11, 2021, 10:17 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65539 events)

Time & API	Arguments	Status
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd6da49d kitsch+0x436c0e @ 0x13fbb6c0e kitsch+0x54056b @ 0x13fcc056b HeapWalk-0x1ce0 kernel32+0x0 @ 0x76e40000 0x12fab8 0x12fab8 0x12fab8 0x251862 0x223316 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa 0x247dc001c614aa exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefd6da49d registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243856 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1243864 registers.rdi: 5359992832 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: RtlRestoreContext+0x293 __chkstk-0x1fe ntdll+0x50bd2 @ 0x77210bd2 exception.instruction_r: 48 cf 48 83 ec 30 4c 8b c4 48 81 ec d0 04 00 00 exception.symbol: RtlRestoreContext+0x293 __chkstk-0x1fe ntdll+0x50bd2 exception.instruction: iretq exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 330706 exception.address: 0x77210bd2 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 0 registers.r10: 0 registers.rbx: 5360827483 registers.rsp: 1243944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999978176 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (16 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73721000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74e51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73711000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72764000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:10 a.m.	process_identifier: 2428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000772b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:10 a.m.	process_identifier: 2428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077210000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 3016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7743f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 3016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 3016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00340000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 3016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0033a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 3016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0033a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 3016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0033a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 3016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0033a000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (6 events)

file	C:\Program Files (x86)\foler\olader\acppage.dll
file	C:\Users\test22\AppData\Local\Temp\nsd6480.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\parkin\origanvp.exe
file	C:\Program Files (x86)\foler\olader\acledit.dll
file	C:\Program Files (x86)\foler\olader\adprovider.dll
file	C:\Users\test22\AppData\Local\Temp\parkin\kitsch.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\nsd6480.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\parkin\origanvp.exe

Expresses interest in specific running processes (1 event)

process

system

Attempts to identify installed AV products by installation directory (2 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\AVG

Checks for the presence of known windows from debuggers and forensic tools (12 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: File Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: Process Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: Registry Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: 18467-41 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Oct. 11, 2021, 10:10 a.m.	tid: 2852 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Oct. 11, 2021, 10:17 a.m.	information_class: 76 (SystemFirmwareTableInformation)		3221225507	0

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 11, 2021, 10:17 a.m.	stacktrace: exception.instruction_r: ed e9 69 a4 00 00 a9 c4 46 46 09 43 43 ad 2e bf exception.symbol: origanvp+0x380528 exception.instruction: in eax, dx exception.module: origanvp.exe exception.exception_code: 0xc0000096 exception.offset: 3671336 exception.address: 0x6a0528 registers.esp: 11729884 registers.edi: 12268184 registers.eax: 1447909480 registers.ebp: 3444736 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 4922749 registers.ecx: 10	1	0	0

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Lionic	Trojan.Win32.ClipBanker.7!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.37751117
FireEye	Generic.mg.91b1dc3f70f73911
CAT-QuickHeal	Trojan.GenericRI.S22849637
ALYac	Gen:Trojan.Heur.D.MMW@dye4lHii
Cylance	Unsafe
Zillya	Trojan.Swisyn.Win32.35901
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005850dc1 )
Alibaba	TrojanBanker:Win32/SelfDel.4cfdae8b
K7GW	Trojan ( 005850dc1 )
Cybereason	malicious.f70f73
Arcabit	Trojan.Generic.D240094D
BitDefenderTheta	AI:Packer.BB4AE9FC1E
Cyren	W32/Kryptik.FHH.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
TrendMicro-HouseCall	TROJ_FRS.0NA103J921
Paloalto	generic.ml
ClamAV	Win.Packed.Filerepmalware-9864117-0
Kaspersky	HEUR:Trojan-Banker.Win32.ClipBanker.gen
BitDefender	Trojan.GenericKD.37751117
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	NSIS:CrypterX-gen [Trj]
Rising	Trojan.Generic@ML.100 (RDML:fFhCicYd+LkwuIzlOhsuCw)
Ad-Aware	Trojan.GenericKD.37751117
Emsisoft	Trojan.GenericKD.37751117 (B)
DrWeb	Trojan.MulDrop18.42914
TrendMicro	TROJ_FRS.0NA103J921
McAfee-GW-Edition	BehavesLike.Win32.OneSysCare.vc
SentinelOne	Static AI - Suspicious PE
Sophos	Mal/Generic-S
APEX	Malicious
eGambit	Unsafe.AI_Score_63%
Avira	HEUR/AGEN.1140896
MAX	malware (ai score=86)
Kingsoft	Win32.Troj.Banker.(kcloud)
Gridinsoft	Malware.Win32.GenericMC.cc
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Win32.Trojan.BSE.HLJWVB
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Generic.C4684827
McAfee	Artemis!91B1DC3F70F7
VBA32	BScope.Trojan.Wacatac
Malwarebytes	Malware.AI.753280343
Tencent	Win32.Trojan-banker.Clipbanker.Htbt
Ikarus	Trojan.Win32.Krypt
Fortinet	W32/multiple_detections
Webroot	W32.Malware.Gen

lv.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All