popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

5304_1642027539_6274.exe

Generic Malware UPX Malicious Packer PWS PE File PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Jan. 17, 2022, 5:26 p.m. Jan. 17, 2022, 5:34 p.m.
Size 1.5MB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 2d8ebe016b08ce37b916c8ce5889970b
SHA256 cdbed3a79d37d581fc5be268df61e13aaafa5c88a001f4e8b298d77c4b37ae13
CRC32 4C73B7DD
ssdeep 24576:b+NTvHjGD02Lilv9oLfJCTDX+NTvHjGD02Lilv9oLfJCTDX:bO/eBmxXXO/eBmxXX
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • TESTYARA - (no description)
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • Win_Trojan_AgentTesla_IN_Zero - Win Trojan AgentTesla
  • Is_DotNET_EXE - (no description)
  • UPX_Zero - UPX packed file
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044f920
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ŠsWª Ñ ¹Xj×M;]µš’egzÈú€!“Vª¬ E
crypto_handle: 0x000000000044f920
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f Zå”й}VÊÏ»j—Lóîmü¼½Ö¾žcl¶!–Txá
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f Ö.̸JF@ãÜN(Í$„é>³œÕæ›G1cýæ@u
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f Vٔi;£'¼Ùàˆ–Ñ>ç®7ýÄEG1pâ=åõ
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ²vJðŸiTt÷Ãõ^vó{TÆáC_’””!NˊD~
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f óê{ãZó÷Í°‰þ̂ è,ù%géÉRãµ[}‰é
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ÒxÏ ã!ÿƒEø0¹aʼn8!ÑdݔÔÖ±‘w>›‘²
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f 'Ÿ,T² Þ&ã¤&ãñ¢ÒDù·„ôãû32¤Áè
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ´F4q`ˆ3ó>úð­ò¡ŸY›ÉL¸p7p·ÌÒ{:
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f eûðßÚõ¼¬BIãÄFúóMA‘ðJ&gŽ˜ÿý©¼a
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ›¹ØþΫâ­X€;Õ¬Ô=}i‹@Šï?܈QBö¿ª™
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ¯H mûò)æ Íž,¹ì*¿„?0 ə"x|Õ´#
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ¿ò‹Œ¡gAŠêbZ}Rr>\—UÌÿ&Y\7AÔÙzS
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f 1êš « ,KÃ~úTÍœw'ääè#Üe–ûU_’g
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ç)’·d’»k €+ŽÊ¤É­ô^ÓIƽ¨¤×ë0
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ém¾œ¿ÃQ`yuÞ¢°`1°•ås±Ê<ßËú¼}”
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ÙjB—Ð-£ é¢ý¤]j$ G s&UJ£8£‚¼5ÄÔ
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f JåV8nÉ7 ‹ûд%Þu§îto£mÈÆ ôNqnE
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f âβ¿eì~ÖnÊNӃ}£GÖ’d§wvqeÔé’
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ŸEf×»Pö™4Tþ@ó…wª*àoPi Gxïz8©
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ìÜy…5тË7҅œËs#5~ß]>h¿ÖȘö^A
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f L¬WÚx !`Þò 鴝—#éºûXL­tº®l9‹÷m
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f ‘mOH)]Ûý`u±íú_ûueE¿ÿÿã ɞçx
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f hqÚ|{d{ÛҐž}OMþ ÁX>+ü÷²L®P8(LŠ
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0

CryptExportKey

 buffer: f uc”ï›4q¯zã £Ô¦B°±åF©Lky(0Í`C²
crypto_handle: 0x000000000044fc30
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 8
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000530000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000540000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef477b000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000a40000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000a50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef40e4000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff20000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff00000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff00000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe9494a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe9495c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe9495d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe9495e000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe9495f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe94a80000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe94a81000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe94a82000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe94a83000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe94a84000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe94a85000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe949fc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe94a26000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe94a00000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe9496b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe94a90000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe9499c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe9496d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe9494b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe94942000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe9494c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe94a91000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2768
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe94ae0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.MSILHeracles.31987
FireEye Generic.mg.2d8ebe016b08ce37
ALYac Gen:Variant.MSILHeracles.31987
Cylance Unsafe
Cybereason malicious.16b08c
Arcabit Trojan.MSILHeracles.D7CF3
BitDefenderTheta Gen:NN.ZemsilF.34160.Gn3@aKM5Bgo
ESET-NOD32 a variant of MSIL/Spy.Agent.CVT
Paloalto generic.ml
Kaspersky HEUR:Trojan-PSW.MSIL.Reline.gen
BitDefender Gen:Variant.MSILHeracles.31987
Avast FileRepMalware
Tencent Win32.Trojan.Falsesign.Htwo
Ad-Aware Gen:Variant.MSILHeracles.31987
Emsisoft Gen:Variant.MSILHeracles.31987 (B)
McAfee-GW-Edition Trojan-FRAX!3CD9ABCD5B98
SentinelOne Static AI - Malicious PE
Sophos Mal/Generic-S
Avira HEUR/AGEN.1145058
Microsoft Trojan:Win32/Sabsik.FL.B!ml
GData Gen:Variant.MSILHeracles.31987
Cynet Malicious (score: 99)
McAfee Artemis!2D8EBE016B08
Malwarebytes Malware.AI.2539520143
APEX Malicious
Rising Trojan.FakeChrome!1.9C7B (CLASSIC)
MAX malware (ai score=86)
eGambit PE.Heur.InvalidSig
AVG FileRepMalware
Panda Trj/CI.A
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Trojan.Malware.300983.susgen