Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 22, 2021, 9:02 a.m.	Oct. 22, 2021, 9:04 a.m.

Size	6.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`63c6959237b662401a9f78e799d34db1`
SHA256	`e3d5b6d0c39c747762c25d021c7a8aedaa7a30beb9af9187d15aea7178ea9758`
CRC32	`E7BDDC9D`
ssdeep	`196608:4k2h2ABtGyZS/8LJ6pJhzcXyc1oCkx07g4UgrP:4xsWlS/8L8pJh0oCkmmYP`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

lv.exe "C:\Users\test22\AppData\Local\Temp\lv.exe"
2972
- undirk.exe "C:\Users\test22\AppData\Local\Temp\lizard\undirk.exe"
  2384
- yoicksvp.exe "C:\Users\test22\AppData\Local\Temp\lizard\yoicksvp.exe"
  2240

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 22, 2021, 9:02 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65539 events)

Time & API	Arguments	Status
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd6da49d undirk+0x3d4baf @ 0x13fe44baf undirk+0x525925 @ 0x13ff95925 HeapWalk-0x1ce0 kernel32+0x0 @ 0x76e40000 0x21fa88 0x21fa88 0x21fa88 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefd6da49d registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2225024 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2226856 registers.rdi: 5363073024 registers.rax: 1996898217 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73721000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74e51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73711000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72764000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000772b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077210000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7743f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01120000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0111a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0111a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 22, 2021, 9:02 a.m.	process_identifier: 2240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0111a000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (6 events)

file	C:\Users\test22\AppData\Local\Temp\lizard\yoicksvp.exe
file	C:\Program Files (x86)\foler\olader\acppage.dll
file	C:\Users\test22\AppData\Local\Temp\nsz629C.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\lizard\undirk.exe
file	C:\Program Files (x86)\foler\olader\acledit.dll
file	C:\Program Files (x86)\foler\olader\adprovider.dll

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\nsz629C.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\lizard\yoicksvp.exe

Expresses interest in specific running processes (1 event)

process

system

Attempts to identify installed AV products by installation directory (2 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\AVG

Checks for the presence of known windows from debuggers and forensic tools (12 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Oct. 22, 2021, 9:02 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Oct. 22, 2021, 9:02 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Oct. 22, 2021, 9:02 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Oct. 22, 2021, 9:02 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 22, 2021, 9:02 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 22, 2021, 9:02 a.m.	class_name: File Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 22, 2021, 9:02 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Oct. 22, 2021, 9:02 a.m.	class_name: Process Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 22, 2021, 9:02 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 22, 2021, 9:02 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 22, 2021, 9:02 a.m.	class_name: Registry Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 22, 2021, 9:02 a.m.	class_name: 18467-41 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Oct. 22, 2021, 9:02 a.m.	tid: 1772 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Oct. 22, 2021, 9:02 a.m.	information_class: 76 (SystemFirmwareTableInformation)		3221225507	0

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 22, 2021, 9:02 a.m.	stacktrace: exception.instruction_r: ed e9 17 bb 13 00 b8 00 69 01 9d 73 47 3e b8 00 exception.symbol: yoicksvp+0x27764f exception.instruction: in eax, dx exception.module: yoicksvp.exe exception.exception_code: 0xc0000096 exception.offset: 2586191 exception.address: 0x137764f registers.esp: 2685260 registers.edi: 6369944 registers.eax: 1447909480 registers.ebp: 17993728 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 18592114 registers.ecx: 10	1	0	0

File has been identified by 31 AntiVirus engines on VirusTotal as malicious (31 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.63c6959237b66240
ALYac	Gen:Trojan.Heur.D.zMW@d4DPX9mi
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.237b66
BitDefenderTheta	AI:Packer.10738D451E
Cyren	W64/S-6a34bfca!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
ClamAV	Win.Packed.Filerepmalware-9864117-0
Kaspersky	HEUR:Trojan-Dropper.Win32.Scrop.pef
BitDefender	Gen:Variant.Razy.921612
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	NSIS:PWSX-gen [Trj]
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Emsisoft	Trojan.Agent (A)
SentinelOne	Static AI - Suspicious PE
eGambit	Unsafe.AI_Score_99%
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Win32.Trojan.BSE.HLJWVB
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Gen.Reputation.C4247356
McAfee	Artemis!63C6959237B6
MAX	malware (ai score=84)
VBA32	BScope.Backdoor.Agent
Malwarebytes	Malware.AI.753280343
Rising	Trojan.Generic@ML.100 (RDML:RQ5NpPlVLxPx5cM65nTudg)
AVG	NSIS:PWSX-gen [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_70% (W)

lv.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All