Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 12, 2022, 11:04 p.m.	Oct. 12, 2022, 11:10 p.m.

Size	17.5MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`fe3cb9edf4b588d8914cbdc12379def8`
SHA256	`b813f93f24761505af2792be190b5cc19838252fcbdeea9946216964f7649ee8`
CRC32	`27486CD2`
ssdeep	`196608:BJrDZMUFXFKj6JzwzFBxUmucoJ07KgXjz+kVUC:LVM6VKuBwzLqhK7KgXvPt`
Yara	UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen NPKI_Zero - File included NPKI themida_packer - themida packer Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer

nlauncher.exe "C:\Users\test22\AppData\Local\Temp\nlauncher.exe"
1572

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (14 events)

section	$L"NxcXu
section	<4em@+pB
section	25t1Y8xy
section	9]@-?>;"
section	7y.8Fm3V
section	HB1C#==U
section	qI7/zlMf
section	0yobowJ!
section	```F\S!R
section	i?Tb(ulS
section	9c+;Qx#X
section	`')#`D1K
section	.themida
section	.boot

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d _cgo_dummy_export+0x6049a9 nlauncher+0x1407c49 @ 0x141407c49 _cgo_dummy_export+0x665176 nlauncher+0x1468416 @ 0x141468416 HeapWalk-0x1ce0 kernel32+0x0 @ 0x76fc0000 0x22ff28 0x22ff28 0x22ff28 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefdbfa49d registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1
__exception__ Oct. 12, 2022, 10:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5383483392 registers.rax: 2002579208 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 12, 2022, 10:57 p.m.	process_identifier: 1572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000777b7000 process_handle: 0xffffffffffffffff	1	0	0
NtProtectVirtualMemory Oct. 12, 2022, 10:57 p.m.	process_identifier: 1572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077710000 process_handle: 0xffffffffffffffff	1	0	0

Foreign language identified in PE resource (6 events)

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00e13198

size

0x00000568

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00e13198

size

0x00000568

name

RT_ICON

language

LANG_CHINESE

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00e13198

size

0x00000568

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00e13700

size

0x00000058

name

RT_ACCELERATOR

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00e13758

size

0x00000010

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00e13768

size

0x00000030

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00006200', u'virtual_address': u'0x00d8d000', u'entropy': 7.980361815029553, u'name': u'9]@-?>;"', u'virtual_size': u'0x000060e4'}

entropy

7.98036181503

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x003da200', u'virtual_address': u'0x01551000', u'entropy': 7.964053509272844, u'name': u'.boot', u'virtual_size': u'0x003da200'}

entropy

7.96405350927

description

A section with a high entropy has been found

entropy

0.221614227086

description

Overall entropy of this PE file is high

File has been identified by 12 AntiVirus engines on VirusTotal as malicious (12 events)

Elastic	malicious (moderate confidence)
Cylance	Unsafe
ESET-NOD32	a variant of WinGo/PSW.Agent.CC
Zoner	Probably Heur.ExeHeaderL
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.fe3cb9edf4b588d8
Gridinsoft	Trojan.Heur!.032500A3
Malwarebytes	Spyware.PasswordStealer
Rising	Trojan.Zenpak!8.10372 (TFE:5:RDR6JvETRMK)
MaxSecure	Trojan.Malware.300983.susgen

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Oct. 12, 2022, 10:57 p.m.	tid: 2052 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

nlauncher.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All