Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 8, 2023, 7:56 a.m.	March 8, 2023, 8:01 a.m.

Size	1.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6bb3828d5bd61e4b73581121630c82e3`
SHA256	`9e8f5d962be4c9c30afd780db646ea526198574774c780d7e731c2c9e3a815f5`
CRC32	`2DE01B5C`
ssdeep	`24576:pETON88hUmQ8GShuEc5JXbIfrxZeajZsV8FDGsxG2CL6+5UI4Z6j:puONHVVtwJXLKPqssVCIqs`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) PE_Header_Zero - PE File Signature

kizzd.exe "C:\Users\test22\AppData\Local\Temp\kizzd.exe"
2560

Name	Response	Post-Analysis Lookup
www.5161658.top	A 103.151.5.71	103.151.5.71

IP Address	Status	Action
154.91.230.44	Active	Moloch
103.151.5.71	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:59002 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 8, 2023, 7:56 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 8, 2023, 7:56 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.sedata

One or more processes crashed (50 out of 367 events)

Time & API	Arguments	Status
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: kizzd+0x112a84 @ 0x512a84 kizzd+0x14b636 @ 0x54b636 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: eb 09 51 c0 56 31 c0 77 fd cc 5f c3 e9 64 ff ff exception.symbol: kizzd+0x6e05a exception.instruction: jmp 0x46e065 exception.module: kizzd.exe exception.exception_code: 0x80000003 exception.offset: 450650 exception.address: 0x46e05a registers.esp: 1638008 registers.edi: 0 registers.eax: 0 registers.ebp: 1638052 registers.edx: 582600 registers.ebx: 5 registers.esi: 6940520 registers.ecx: 6940520	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 1637020 registers.edi: 1637020 registers.eax: 0 registers.ebp: 1637256 registers.edx: 795617725 registers.ebx: 4599808 registers.esi: 4829068 registers.ecx: 3487491665	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 42203960 registers.edi: 42203960 registers.eax: 0 registers.ebp: 42204196 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 44825404 registers.edi: 44825404 registers.eax: 0 registers.ebp: 44825640 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 47446852 registers.edi: 47446852 registers.eax: 0 registers.ebp: 47447088 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 47446872 registers.edi: 47446872 registers.eax: 0 registers.ebp: 47447108 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 50068312 registers.edi: 50068312 registers.eax: 0 registers.ebp: 50068548 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 40893244 registers.edi: 40893244 registers.eax: 0 registers.ebp: 40893480 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 43514680 registers.edi: 43514680 registers.eax: 0 registers.ebp: 43514916 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x80 exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 46136108 registers.edi: 46136108 registers.eax: 0 registers.ebp: 46136344 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 48757580 registers.edi: 48757580 registers.eax: 0 registers.ebp: 48757816 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 44825404 registers.edi: 44825404 registers.eax: 0 registers.ebp: 44825640 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 42203960 registers.edi: 42203960 registers.eax: 0 registers.ebp: 42204196 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 40893244 registers.edi: 40893244 registers.eax: 0 registers.ebp: 40893480 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 43514680 registers.edi: 43514680 registers.eax: 0 registers.ebp: 43514916 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x80 exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 46136108 registers.edi: 46136108 registers.eax: 0 registers.ebp: 46136344 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 44825404 registers.edi: 44825404 registers.eax: 0 registers.ebp: 44825640 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 42203960 registers.edi: 42203960 registers.eax: 0 registers.ebp: 42204196 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 40893244 registers.edi: 40893244 registers.eax: 0 registers.ebp: 40893480 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 43514680 registers.edi: 43514680 registers.eax: 0 registers.ebp: 43514916 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x80 exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 46136108 registers.edi: 46136108 registers.eax: 0 registers.ebp: 46136344 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 48757580 registers.edi: 48757580 registers.eax: 0 registers.ebp: 48757816 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 42203960 registers.edi: 42203960 registers.eax: 0 registers.ebp: 42204196 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 44825404 registers.edi: 44825404 registers.eax: 0 registers.ebp: 44825640 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 40893244 registers.edi: 40893244 registers.eax: 0 registers.ebp: 40893480 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x80 exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 46136108 registers.edi: 46136108 registers.eax: 0 registers.ebp: 46136344 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 43514680 registers.edi: 43514680 registers.eax: 0 registers.ebp: 43514916 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 44825404 registers.edi: 44825404 registers.eax: 0 registers.ebp: 44825640 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 42203960 registers.edi: 42203960 registers.eax: 0 registers.ebp: 42204196 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 40893244 registers.edi: 40893244 registers.eax: 0 registers.ebp: 40893480 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x80 exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 46136108 registers.edi: 46136108 registers.eax: 0 registers.ebp: 46136344 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 43514680 registers.edi: 43514680 registers.eax: 0 registers.ebp: 43514916 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 48757580 registers.edi: 48757580 registers.eax: 0 registers.ebp: 48757816 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 44825404 registers.edi: 44825404 registers.eax: 0 registers.ebp: 44825640 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 42203960 registers.edi: 42203960 registers.eax: 0 registers.ebp: 42204196 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 47446852 registers.edi: 47446852 registers.eax: 0 registers.ebp: 47447088 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 47446872 registers.edi: 47446872 registers.eax: 0 registers.ebp: 47447108 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 50068312 registers.edi: 50068312 registers.eax: 0 registers.ebp: 50068548 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 40893244 registers.edi: 40893244 registers.eax: 0 registers.ebp: 40893480 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x80 exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 46136108 registers.edi: 46136108 registers.eax: 0 registers.ebp: 46136344 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 43514680 registers.edi: 43514680 registers.eax: 0 registers.ebp: 43514916 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 44825404 registers.edi: 44825404 registers.eax: 0 registers.ebp: 44825640 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 42203960 registers.edi: 42203960 registers.eax: 0 registers.ebp: 42204196 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 40893244 registers.edi: 40893244 registers.eax: 0 registers.ebp: 40893480 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x80 exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 46136108 registers.edi: 46136108 registers.eax: 0 registers.ebp: 46136344 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 43514680 registers.edi: 43514680 registers.eax: 0 registers.ebp: 43514916 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 48757580 registers.edi: 48757580 registers.eax: 0 registers.ebp: 48757816 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 44825404 registers.edi: 44825404 registers.eax: 0 registers.ebp: 44825640 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 42203960 registers.edi: 42203960 registers.eax: 0 registers.ebp: 42204196 registers.edx: 795617725 registers.ebx: 4599830 registers.esi: 4829068 registers.ecx: 3527079930	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: exception.instruction_r: eb 96 66 8b cb eb 1b 55 f9 52 02 10 af 73 4a a1 exception.symbol: kizzd+0x97546 exception.instruction: jmp 0x4974de exception.module: kizzd.exe exception.exception_code: 0x80000004 exception.offset: 619846 exception.address: 0x497546 registers.esp: 40893244 registers.edi: 40893244 registers.eax: 0 registers.ebp: 40893480 registers.edx: 795617725 registers.ebx: 4599816 registers.esi: 4829068 registers.ecx: 1915420083	1

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

www.5161658.top

description

Generic top level domain TLD

Allocates read-write-execute memory (usually to unpack itself) (50 out of 4861 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 region_size: 1245184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fb0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 region_size: 1576960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02220000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 region_size: 1048576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 region_size: 294912 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x759aa000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 process_handle: 0xffffffff	1

Foreign language identified in PE resource (3 events)

name

RT_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x001500e8

size

0x00010828

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00160910

size

0x00000014

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00160924

size

0x00000418

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (1 event)

Time & API	Arguments	Status	Return	Repeated
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000278 process_name: taskhost.exe process_identifier: 2368	1	1	0

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x00029000', u'virtual_address': u'0x00001000', u'entropy': 7.978232359224543, u'name': u'.text', u'virtual_size': u'0x00062000'}

entropy

7.97823235922

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x000ec000', u'virtual_address': u'0x00063000', u'entropy': 7.580896888365572, u'name': u'.sedata', u'virtual_size': u'0x000ec000'}

entropy

7.58089688837

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00001000', u'virtual_address': u'0x00161000', u'entropy': 7.98225752685003, u'name': u'.sedata', u'virtual_size': u'0x00001000'}

entropy

7.98225752685

description

A section with a high entropy has been found

entropy

0.939189189189

description

Overall entropy of this PE file is high

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 51 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000278 process_name: kizzd.exe process_identifier: 7602224		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x0000027c process_name: kizzd.exe process_identifier: 3014768		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000280 process_name: kizzd.exe process_identifier: 7274573		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000284 process_name: kizzd.exe process_identifier: 5046390		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002a0 process_name: kizzd.exe process_identifier: 7536688		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002a4 process_name: kizzd.exe process_identifier: 6619246		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002a8 process_name: kizzd.exe process_identifier: 6881397		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002ac process_name: kizzd.exe process_identifier: 7602277		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002b0 process_name: kizzd.exe process_identifier: 5177421		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002b4 process_name: kizzd.exe process_identifier: 5046338		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002b8 process_name: kizzd.exe process_identifier: 6619235		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002bc process_name: kizzd.exe process_identifier: 4456552		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002c0 process_name: kizzd.exe process_identifier: 6553705		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002c4 process_name: kizzd.exe process_identifier: 6815859		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002c8 process_name: kizzd.exe process_identifier: 6619251		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002cc process_name: kizzd.exe process_identifier: 6684769		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002d0 process_name: kizzd.exe process_identifier: 6357091		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002d4 process_name: kizzd.exe process_identifier: 7733331		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002d8 process_name: kizzd.exe process_identifier: 6815860		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002dc process_name: kizzd.exe process_identifier: 7667815		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002e0 process_name: kizzd.exe process_identifier: 6619251		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002e4 process_name: kizzd.exe process_identifier: 7209061		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002e8 process_name: kizzd.exe process_identifier: 3014768		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002ec process_name: kizzd.exe process_identifier: 5374032		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002f0 process_name: e process_identifier: 7471201		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002f4 process_name: kizzd.exe process_identifier: 6619251		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002f8 process_name: kizzd.exe process_identifier: 7733331		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002fc process_name: kizzd.exe process_identifier: 7667821		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000300 process_name: kizzd.exe process_identifier: 7274605		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000304 process_name: kizzd.exe process_identifier: 5439553		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000308 process_name: kizzd.exe process_identifier: 7602290		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x0000030c process_name: kizzd.exe process_identifier: 5439555		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000310 process_name: kizzd.exe process_identifier: 4390992		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000314 process_name: kizzd.exe process_identifier: 6553705		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000318 process_name: kizzd.exe process_identifier: 4522030		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x0000031c process_name: kizzd.exe process_identifier: 6619182		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000320 process_name: kizzd.exe process_identifier: 3670069		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000324 process_name: at.exe process_identifier: 6684781		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000328 process_name: kizzd.exe process_identifier: 7536756		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x0000032c process_name: kizzd.exe process_identifier: 4784233		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000330 process_name: kizzd.exe process_identifier: 7471170		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000334 process_name: kizzd.exe process_identifier: 7143542		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000338 process_name: kizzd.exe process_identifier: 6553715		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x0000033c process_name: kizzd.exe process_identifier: 7864421		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000340 process_name: process_identifier: 7733362		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000344 process_name: kizzd.exe process_identifier: 3342387		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000348 process_name: kizzd.exe process_identifier: 3014736		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x0000034c process_name: kizzd.exe process_identifier: 7471220		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000350 process_name: kizzd.exe process_identifier: 6619219		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000354 process_name: kizzd.exe process_identifier: 4980808		0	0

Communicates with host for which no DNS query was performed (1 event)

host

154.91.230.44

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

192.168.56.101:49163

File has been identified by 36 AntiVirus engines on VirusTotal as malicious (36 events)

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
FireEye	Generic.mg.6bb3828d5bd61e4b
McAfee	GenericRXAA-FA!6BB3828D5BD6
Malwarebytes	Malware.Heuristic.1003
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005239691 )
K7GW	Adware ( 005693e61 )
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	Gen:NN.ZexaF.36308.kv0@aakdxxkb
Cyren	W32/Trojan.HPC.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Packed.NoobyProtect.M suspicious
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	VHO:Trojan-Dropper.Win32.Injector.gen
Avast	RATX-gen [Trj]
Sophos	Generic ML PUA (PUA)
F-Secure	Heuristic.HEUR/AGEN.1237427
McAfee-GW-Edition	BehavesLike.Win32.Injector.tc
Trapmine	malicious.high.ml.score
SentinelOne	Static AI - Malicious PE
Avira	HEUR/AGEN.1237427
Antiy-AVL	GrayWare/Win32.Safeguard.a
Microsoft	Program:Win32/Wacapew.C!ml
Gridinsoft	Trojan.Heur!.03010021
Xcitium	TrojWare.Win32.Amtar.KNB@4wlm66
ZoneAlarm	VHO:Trojan-Dropper.Win32.Injector.gen
GData	Win32.Packed.NoobyProtect.B
Google	Detected
AhnLab-V3	Trojan/Win.Leonem.C5391929
Cylance	unsafe
Rising	Trojan.Generic@AI.98 (RDML:MeA6SSOgtrMzjEDLxLyRJw)
Ikarus	PUA.NoobyProtect
AVG	RATX-gen [Trj]

kizzd.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All