Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 12, 2023, 10:16 a.m.	March 12, 2023, 10:18 a.m.

Size	842.0KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`1821abde4a17d5c775e197217ca2a1d6`
SHA256	`befeb1ab986fae9a54d4761d072bf50fdbff5c6b1b89b66a6790a3f0bfc4243f`
CRC32	`3022E499`
ssdeep	`24576:iX/wM8bxdVOcVYXNg31qU1c8/UxMzFni:i9EKNI8U68/U+zFn`
PDB Path	E:\tmp\ImageMagic\7.0.7-11\vc15\x64\bin\CORE_RL_MagickWand_.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,ccquireDrawingWand
316
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,ccquireDrawingWand
  2528
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,ccquireScriptTokenInfo
2240
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,ccquireScriptTokenInfo
  2576
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,ccquireWandId
2328
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,ccquireWandId
  2672
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,ccquireMagickCLI
2148
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,ccquireMagickCLI
  2768
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cnimateImageCommand
2420
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cnimateImageCommand
  2760
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cLICatchException
2520
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cLICatchException
  2804
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cLILogEvent
2732
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cLILogEvent
  2992
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cLIOption
2980
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cLIOption
  2200
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cLIThrowException
2344
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cLIThrowException
  2512
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clearDrawingWand
2620
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clearDrawingWand
  2180
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clearMagickWand
2884
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clearMagickWand
  2412
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clearPixelIterator
2184
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clearPixelIterator
  2856
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clearPixelWand
2752
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clearPixelWand
  3064
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cloneDrawingWand
2472
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cloneDrawingWand
  2556
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cloneMagickWand
2952
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cloneMagickWand
  2268
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clonePixelIterator
3004
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clonePixelIterator
  2700
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clonePixelWand
2696
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clonePixelWand
  3172
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clonePixelWands
3128
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,clonePixelWands
  3316
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cloneWandView
3364
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cloneWandView
  3544
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,compareImagesCommand
3476
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,compareImagesCommand
  3748
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,compositeImageCommand
3632
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,compositeImageCommand
  3852
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,conjureImageCommand
3740
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,conjureImageCommand
  3940
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,convertImageCommand
3928
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,convertImageCommand
  3332
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyDrawingWand
2092
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyDrawingWand
  3092
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyMagickCLI
3224
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyMagickCLI
  3700
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyMagickWand
3588
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyMagickWand
  4004
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyPixelIterator
3784
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyPixelIterator
  3112
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyPixelWand
2064
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyPixelWand
  3268
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyPixelWands
3380
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyPixelWands
  3924
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyScriptTokenInfo
3776
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyScriptTokenInfo
  300
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyWandIds
4040
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyWandIds
  4056
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyWandView
3244
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cestroyWandView
  288
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cisplayImageCommand
3464
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,cisplayImageCommand
  4060
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawAffine
3960
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawAffine
  3496
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawAlpha
3972
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawAlpha
  4264
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawAnnotation
4156
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawAnnotation
  4324
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawArc
4316
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawArc
  4488
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawBezier
4572
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawBezier
  4720
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawCircle
4760
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawCircle
  4972
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawClearException
4928
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawClearException
  3084
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawCloneExceptionInfo
5104
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawCloneExceptionInfo
  4596
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawColor
4284
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawColor
  4740
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawComment
4416
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawComment
  5024
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawComposite
4904
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawComposite
  4152
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawEllipse
4360
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawEllipse
  4988
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetBorderColor
4648
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetBorderColor
  4452
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetClipPath
4196
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetClipPath
  4952
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetClipRule
4780
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetClipRule
  4180
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetClipUnits
4852
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetClipUnits
  5288
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetDensity
5140
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetDensity
  5412
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetException
5240
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetException
  5504
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetExceptionType
5404
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetExceptionType
  5732
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFillColor
5584
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFillColor
  5812
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFillOpacity
5720
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFillOpacity
  5880
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFillRule
5948
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFillRule
  6136
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFont
6072
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFont
  5480
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFontFamily
5212
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFontFamily
  5760
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFontResolution
5452
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFontResolution
  5860
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFontSize
5664
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFontSize
  5020
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFontStretch
1684
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFontStretch
  5440
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFontStyle
6108
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFontStyle
  5648
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFontWeight
5392
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetFontWeight
  1700
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetGravity
5904
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetGravity
  516
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetOpacity
5956
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetOpacity
  5680
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetStrokeAntialias
2572
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetStrokeAntialias
  5920
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetStrokeColor
6024
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetStrokeColor
  2308
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetStrokeDashArray
1676
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetStrokeDashArray
  6028
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetStrokeDashOffset
5276
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetStrokeDashOffset
  2508
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetStrokeLineCap
2340
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetStrokeLineJoin
5696
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll53.dll,crawGetStrokeMiterLimit
6184

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 12, 2023, 10:16 a.m.			0	0
IsDebuggerPresent March 12, 2023, 10:16 a.m.			0	0

This executable has a PDB path (1 event)

pdb_path

E:\tmp\ImageMagic\7.0.7-11\vc15\x64\bin\CORE_RL_MagickWand_.pdb

One or more processes crashed (2 events)

Time & API	Arguments	Status	Return	Repeated
__exception__ March 12, 2023, 10:16 a.m.	stacktrace: 0xc552a cewDrawingWand+0x14 ceekDrawingWand-0x2ec loader_p1_dll_64_n1_x64_inf+0x3ee14 @ 0x18003ee14 ccquireDrawingWand+0x1a clearDrawingWand-0x256 loader_p1_dll_64_n1_x64_inf+0x35f4a @ 0x180035f4a rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 68 00 75 00 6b 00 77 00 69 00 00 00 06 00 50 00 exception.instruction: push 0x6b007500 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc552a registers.r14: 0 registers.r15: 0 registers.rcx: 1899264 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1899856 registers.r11: 1898944 registers.r8: 2671126 registers.r9: 10 registers.rdx: 4289462272 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 196648 registers.r13: 0	1	0	0
__exception__ March 12, 2023, 10:16 a.m.	stacktrace: 0xc4f26 cLIThrowException+0x56 cestroyMagickCLI-0xca loader_p1_dll_64_n1_x64_inf+0xaa2a6 @ 0x1800aa2a6 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: add byte ptr [rax], al exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc4f26 registers.r14: 0 registers.r15: 0 registers.rcx: 846912 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 851632 registers.r11: 850720 registers.r8: 4096 registers.r9: 10 registers.rdx: 851168 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936898813490 registers.r13: 0	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00006000', u'virtual_address': u'0x000ce000', u'entropy': 6.88755735265922, u'name': u'.rsrc', u'virtual_size': u'0x00005673'}

entropy

6.88755735266

description

A section with a high entropy has been found

File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 events)

Cylance	unsafe
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	Trojan.Gen.2
ESET-NOD32	a variant of Win64/TrojanDownloader.IcedId.U.gen
Kaspersky	UDS:Trojan-Banker.Win32.IcedID.uohj
Avast	FileRepMalware [Misc]
Rising	Downloader.IcedId!8.1132C (CLOUD)
TrendMicro	TrojanSpy.Win64.ICEDID.SMYXDAVZ
McAfee-GW-Edition	Artemis!Trojan
Webroot	W32.Trojan.Qakbot
Microsoft	Trojan:Win32/Wacatac.B!ml
McAfee	Artemis!1821ABDE4A17
AVG	FileRepMalware [Misc]

loader_p1_dll_64_n1_x64_inf.dll53.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All