Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Dec. 23, 2022, 6:14 p.m.	Dec. 23, 2022, 6:16 p.m.

Size	229.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`27a37d7db6c7a8557b770fb860444825`
SHA256	`fc9b641b739432101f1d21c296e4791ad4e09a5712ecc47a82f99b1f6588c675`
CRC32	`3136FD1C`
ssdeep	`3072:0zQ7LmXf5N+NDY39vXRsuYIR7gXrrdR/u+oukz2kWBkOuRGK:kGLmKs39fKDIRsuukKkpjcK`
PDB Path	C:\sad-kaxufareci\jed\wax xeha\cokoz\turuf\wadevuzidam\jis.pdb
Yara	IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

s.exe "C:\Users\test22\AppData\Local\Temp\s.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\sad-kaxufareci\jed\wax xeha\cokoz\turuf\wadevuzidam\jis.pdb

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	AFX_DIALOG_LAYOUT
resource name	None

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1
__exception__ Dec. 23, 2022, 6:14 p.m.	stacktrace: LocalFlags+0x50 LocalHandle-0xee kernel32+0x831df @ 0x756331df s+0x2d66 @ 0x402d66 exception.instruction_r: 80 78 07 05 0f 84 27 56 02 00 f6 40 07 3f 0f 84 exception.symbol: RtlGetUserInfoHeap+0x4e RtlQueueWorkItem-0x3e7 ntdll+0x67cbf exception.instruction: cmp byte ptr [eax + 7], 5 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 425151 exception.address: 0x76f77cbf registers.esp: 1631440 registers.edi: 8847360 registers.eax: 4294967288 registers.ebp: 1631492 registers.edx: 998 registers.ebx: 0 registers.esi: 0 registers.ecx: 2560	1

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Dec. 23, 2022, 6:14 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0088a000 process_handle: 0xffffffff	1	0	0

Foreign language identified in PE resource (43 events)

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_ICON

language

LANG_SERBIAN

filetype

GLS_BINARY_LSB_FIRST

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060200

size

0x00000468

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00062c08

size

0x000002aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00062c08

size

0x000002aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00062c08

size

0x000002aa

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00062c08

size

0x000002aa

name

RT_ACCELERATOR

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x000606d0

size

0x00000070

name

RT_ACCELERATOR

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x000606d0

size

0x00000070

name

RT_GROUP_ICON

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060668

size

0x00000068

name

RT_GROUP_ICON

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060668

size

0x00000068

name

RT_GROUP_ICON

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060668

size

0x00000068

name

RT_GROUP_ICON

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060668

size

0x00000068

name

RT_GROUP_ICON

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x00060668

size

0x00000068

name

None

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x000607f8

size

0x0000000a

name

None

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x000607f8

size

0x0000000a

name

None

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x000607f8

size

0x0000000a

name

None

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_LATIN

offset

0x000607f8

size

0x0000000a

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00012c00', u'virtual_address': u'0x0000f000', u'entropy': 7.268628421305564, u'name': u'.data', u'virtual_size': u'0x0003a0a8'}

entropy

7.26862842131

description

A section with a high entropy has been found

entropy

0.328947368421

description

Overall entropy of this PE file is high

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Dec. 23, 2022, 6:14 p.m.	tid: 2560 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 26 AntiVirus engines on VirusTotal as malicious (26 events)

Bkav	W32.FamVT.RazyNHmC.Trojan
tehtris	Generic.Malware
FireEye	Generic.mg.27a37d7db6c7a855
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.19452b
Cyren	W32/Kryptik.IFU.gen!Eldorado
Symantec	Packed.Generic.528
Elastic	malicious (high confidence)
APEX	Malicious
ClamAV	Win.Packed.Pwsx-9980703-0
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	Win32:DropperX-gen [Drp]
Sophos	ML/PE-A + Troj/Krypt-TG
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.dh
Trapmine	malicious.moderate.ml.score
Jiangmin	Backdoor.QBot.rr
Google	Detected
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
Acronis	suspicious
VBA32	Malware-Cryptor.2LA.gen
Rising	Trojan.Generic@AI.90 (RDML:V8Z2E3+sLR2zGRMewtUNfg)
Ikarus	Trojan.Win32.SmokeLoader
AVG	Win32:DropperX-gen [Drp]
CrowdStrike	win/malicious_confidence_100% (W)

s.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All