Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 8, 2023, 7:56 a.m.	March 8, 2023, 8:03 a.m.

Size	1.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`64c467cadb010b645ad1a04bb9ae000b`
SHA256	`7fcde90bf1f4e6ec55e94000936f6264264990f16511c5fae5a2faaefd8400f7`
CRC32	`CEAE16D3`
ssdeep	`24576:YRXxW6iuh/6+hBbMOr71zBj3qsZw3HKzNf2/nLk/JN4iheo:YRA6iC/hBRv1zBj3q2aqzQ4/JNP`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) PE_Header_Zero - PE File Signature

diyige.exe "C:\Users\test22\AppData\Local\Temp\diyige.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
103.151.5.71	Active	Moloch
104.233.151.40	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 8, 2023, 7:56 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 8, 2023, 7:56 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.sedata

One or more processes crashed (50 out of 363 events)

Time & API	Arguments	Status
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: diyige+0x1194bd @ 0x5194bd diyige+0x15665d @ 0x55665d RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: eb 09 5e cd 5d 24 d7 62 dc 2f 36 c3 e9 6d ff ff exception.symbol: diyige+0x6e926 exception.instruction: jmp 0x46e931 exception.module: diyige.exe exception.exception_code: 0x80000003 exception.offset: 452902 exception.address: 0x46e926 registers.esp: 1638008 registers.edi: 0 registers.eax: 0 registers.ebp: 1638052 registers.edx: 582600 registers.ebx: 5 registers.esi: 10282872 registers.ecx: 10282872	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 1637004 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 1637020 registers.edx: 4830858 registers.ebx: 2332634927 registers.esi: 1637256 registers.ecx: 4599830	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 42531628 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 42531644 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 42531880 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 43580200 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 43580216 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 43580452 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 45677356 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 45677372 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 45677608 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x213 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 47774516 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 47774532 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 47774768 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 47774536 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 47774552 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 47774788 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 44628776 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 44628792 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 44629028 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 46725916 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 46725932 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 46726168 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x207 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 49085244 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 49085260 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 49085496 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 50395976 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 50395992 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 50396228 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 42531628 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 42531644 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 42531880 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 43580200 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 43580216 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 43580452 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 45677356 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 45677372 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 45677608 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 44628776 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 44628792 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 44629028 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:56 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 46725916 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 46725932 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 46726168 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 46725916 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 46725932 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 46726168 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 43580200 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 43580216 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 43580452 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 45677356 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 45677372 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 45677608 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 42531628 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 42531644 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 42531880 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 44628776 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 44628792 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 44629028 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x207 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 49085244 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 49085260 registers.edx: 4830858 registers.ebx: 1674380256 registers.esi: 49085496 registers.ecx: 4600025	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 43580200 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 43580216 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 43580452 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 44628776 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 44628792 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 44629028 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 45677356 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 45677372 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 45677608 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 46725916 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 46725932 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 46726168 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 42531628 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 42531644 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 42531880 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 43580200 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 43580216 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 43580452 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 42531628 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 42531644 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 42531880 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 45677356 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 45677372 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 45677608 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 44628776 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 44628792 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 44629028 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 46725916 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 46725932 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 46726168 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x207 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 49085244 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 49085260 registers.edx: 4830858 registers.ebx: 1674380256 registers.esi: 49085496 registers.ecx: 4600025	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 43580200 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 43580216 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 43580452 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x213 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 47774516 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 47774532 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 47774768 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 46725916 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 46725932 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 46726168 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 47774536 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 47774552 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 47774788 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 42531628 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 42531644 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 42531880 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 45677356 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 45677372 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 45677608 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 44628776 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 44628792 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 44629028 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 50395976 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 50395992 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 50396228 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 43580200 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 43580216 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 43580452 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 46725916 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 46725932 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 46726168 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 45677356 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 45677372 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 45677608 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 42531628 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 42531644 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 42531880 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 44628776 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 44628792 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 44629028 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x207 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 49085244 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 49085260 registers.edx: 4830858 registers.ebx: 1674380256 registers.esi: 49085496 registers.ecx: 4600025	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 43580200 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 43580216 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 43580452 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x217 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 44628776 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 44628792 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 44629028 registers.ecx: 4599946	1
__exception__ March 8, 2023, 7:57 a.m.	stacktrace: 0x203 exception.instruction_r: 66 ba 95 c2 b6 9c 66 8b d1 eb ba 68 7e 9f 15 22 exception.symbol: diyige+0x94b02 exception.instruction: mov dx, 0xc295 exception.module: diyige.exe exception.exception_code: 0x80000004 exception.offset: 609026 exception.address: 0x494b02 registers.esp: 45677356 registers.edi: 4832597 registers.eax: 65057818 registers.ebp: 45677372 registers.edx: 4830858 registers.ebx: 2833573527 registers.esi: 45677608 registers.ecx: 4599946	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 4861 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 region_size: 1048576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01eb0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 region_size: 1576960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02100000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 region_size: 1048576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 region_size: 294912 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x759aa000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2023, 7:56 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 process_handle: 0xffffffff	1

Foreign language identified in PE resource (3 events)

name

RT_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0015b0e8

size

0x00010828

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0016b910

size

0x00000014

name

RT_VERSION

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0016b924

size

0x00000418

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x00029000', u'virtual_address': u'0x00001000', u'entropy': 7.975844993838967, u'name': u'.text', u'virtual_size': u'0x00062000'}

entropy

7.97584499384

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x000f7000', u'virtual_address': u'0x00063000', u'entropy': 7.564714145941648, u'name': u'.sedata', u'virtual_size': u'0x000f7000'}

entropy

7.56471414594

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00001000', u'virtual_address': u'0x0016c000', u'entropy': 7.9823655801920195, u'name': u'.sedata', u'virtual_size': u'0x00001000'}

entropy

7.98236558019

description

A section with a high entropy has been found

entropy

0.941368078176

description

Overall entropy of this PE file is high

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 51 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x0000026c process_name: diyige.exe process_identifier: 7602224		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000270 process_name: diyige.exe process_identifier: 3014768		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000274 process_name: diyige.exe process_identifier: 7274573		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000278 process_name: diyige.exe process_identifier: 5046390		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000294 process_name: diyige.exe process_identifier: 7536688		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000298 process_name: diyige.exe process_identifier: 6619246		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x0000029c process_name: diyige.exe process_identifier: 6881397		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002a0 process_name: diyige.exe process_identifier: 7602277		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002a4 process_name: diyige.exe process_identifier: 5177421		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002a8 process_name: diyige.exe process_identifier: 5046338		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002ac process_name: diyige.exe process_identifier: 6619235		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002b0 process_name: diyige.exe process_identifier: 4456552		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002b4 process_name: diyige.exe process_identifier: 6553705		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002b8 process_name: diyige.exe process_identifier: 6815859		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002bc process_name: diyige.exe process_identifier: 6619251		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002c0 process_name: diyige.exe process_identifier: 6684769		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002c4 process_name: diyige.exe process_identifier: 6357091		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002c8 process_name: diyige.exe process_identifier: 7733331		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002cc process_name: diyige.exe process_identifier: 6815860		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002d0 process_name: diyige.exe process_identifier: 7667815		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002d4 process_name: diyige.exe process_identifier: 6619251		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002d8 process_name: diyige.exe process_identifier: 7209061		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002dc process_name: diyige.exe process_identifier: 3014768		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002e0 process_name: diyige.exe process_identifier: 5374032		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002e4 process_name: e process_identifier: 7471201		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002e8 process_name: diyige.exe process_identifier: 6619251		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002ec process_name: diyige.exe process_identifier: 7733331		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002f0 process_name: diyige.exe process_identifier: 7667821		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002f4 process_name: diyige.exe process_identifier: 7274605		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002f8 process_name: diyige.exe process_identifier: 5439553		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x000002fc process_name: diyige.exe process_identifier: 7602290		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000300 process_name: diyige.exe process_identifier: 5439555		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000304 process_name: diyige.exe process_identifier: 4390992		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000308 process_name: diyige.exe process_identifier: 6553705		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x0000030c process_name: diyige.exe process_identifier: 4522030		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000310 process_name: diyige.exe process_identifier: 6619182		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000314 process_name: diyige.exe process_identifier: 3670069		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000318 process_name: at.exe process_identifier: 6684781		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x0000031c process_name: diyige.exe process_identifier: 7536756		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000320 process_name: diyige.exe process_identifier: 4784233		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000324 process_name: diyige.exe process_identifier: 7471170		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000328 process_name: diyige.exe process_identifier: 7143542		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x0000032c process_name: diyige.exe process_identifier: 6553715		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000330 process_name: diyige.exe process_identifier: 7864421		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000334 process_name: process_identifier: 7733362		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000338 process_name: diyige.exe process_identifier: 3342387		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x0000033c process_name: diyige.exe process_identifier: 3014736		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000340 process_name: diyige.exe process_identifier: 7471220		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000344 process_name: diyige.exe process_identifier: 6619219		0	0
Process32NextW March 8, 2023, 7:56 a.m.	snapshot_handle: 0x00000348 process_name: diyige.exe process_identifier: 4980808		0	0

Communicates with host for which no DNS query was performed (2 events)

host	103.151.5.71
host	104.233.151.40

File has been identified by 43 AntiVirus engines on VirusTotal as malicious (43 events)

Bkav	W32.AIDetectNet.01
Lionic	Trojan.Win32.Generic.msN0
tehtris	Generic.Malware
FireEye	Generic.mg.64c467cadb010b64
McAfee	Artemis!64C467CADB01
Malwarebytes	Malware.AI.2049815872
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005239691 )
Alibaba	Packed:Win32/NoobyProtect.d79656f8
K7GW	Adware ( 005693e61 )
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W32/Trojan.HPC.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.NoobyProtect.M suspicious
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	UDS:Backdoor.Win32.Lotok.lmz
BitDefender	Trojan.GenericKD.65823229
Avast	RATX-gen [Trj]
Sophos	Generic ML PUA (PUA)
TrendMicro	Trojan.Win32.LOTOK.USPAXC723
McAfee-GW-Edition	BehavesLike.Win32.Injector.tc
Trapmine	malicious.high.ml.score
Ikarus	PUA.NoobyProtect
Webroot	W32.Adware.Gen
Avira	HEUR/AGEN.1237427
Antiy-AVL	GrayWare/Win32.Safeguard.a
Gridinsoft	Trojan.Heur!.03010021
Xcitium	TrojWare.Win32.Amtar.KNB@4wlm66
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	UDS:Backdoor.Win32.Lotok.lmz
GData	Win32.Packed.NoobyProtect.B
Google	Detected
AhnLab-V3	Trojan/Win.Leonem.C5391929
MAX	malware (ai score=84)
Cylance	unsafe
Rising	Trojan.Generic@AI.98 (RDML:GwOi296fHcqdrCWFyNxM7w)
SentinelOne	Static AI - Suspicious PE
Fortinet	Riskware/Application
BitDefenderTheta	Gen:NN.ZexaF.36308.nv0@ayFC3Ddb
AVG	RATX-gen [Trj]

diyige.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All