Summary | ZeroBOX

loader_p1_dll_64_n1_x64_inf.dll35.dll

UPX OS Processor Check PE64 PE File DLL
Category Machine Started Completed
FILE s1_win7_x6403_us March 17, 2023, 7:56 a.m. March 17, 2023, 7:56 a.m.
Size 425.0KB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 47fc7775d368ebe67b4b27c7913a4e11
SHA256 8bef7c5f74640080536d669c15629c4c720bc081c1f72505eed8c3b87fd5f915
CRC32 3558A069
ssdeep 12288:tgUuiAbzjDBGGidp60AHqpKKkmFKpBDor0K:vuiA/BGGioK
PDB Path E:\repo\ImageMagick\ImageMagick-6.9.3\vc14\x64\bin\CORE_RL_tiff_.pdb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0
pdb_path E:\repo\ImageMagick\ImageMagick-6.9.3\vc14\x64\bin\CORE_RL_tiff_.pdb
section .gfids
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5eea8
registers.r14: 0
registers.r15: 0
registers.rcx: 2
registers.rsi: 6442811400
registers.r10: 6442811400
registers.rbx: 68240
registers.rsp: 1373544
registers.r11: 1373376
registers.r8: 1373704
registers.r9: 4290379776
registers.rdx: 6442811400
registers.r12: 10
registers.rbp: 2670928
registers.rdi: 1373704
registers.rax: 6442663312
registers.r13: 0
1 0 0

__exception__

stacktrace:
cIFFCIELabToRGBInit+0x20 cIFFCIELabToXYZ-0x1e0 loader_p1_dll_64_n1_x64_inf+0x1c20 @ 0x180001c20
rundll32+0x2f42 @ 0xffba2f42
rundll32+0x3b7a @ 0xffba3b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: c7 01 dc 05 00 00 48 89 6c 24 50 48 83 c1 1c 41
exception.instruction: mov dword ptr [rcx], 0x5dc
exception.exception_code: 0xc0000005
exception.symbol: cIFFCIELabToRGBInit+0x20 cIFFCIELabToXYZ-0x1e0 loader_p1_dll_64_n1_x64_inf+0x1c20
exception.address: 0x180001c20
registers.r14: 0
registers.r15: 0
registers.rcx: 196964
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2029760
registers.r11: 2028848
registers.r8: 3129880
registers.r9: 10
registers.rdx: 4290379776
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 196964
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5eea8
registers.r14: 1
registers.r15: 0
registers.rcx: 2
registers.rsi: 6442691504
registers.r10: 6442691504
registers.rbx: 6442690968
registers.rsp: 1833576
registers.r11: 7
registers.r8: 1833736
registers.r9: 0
registers.rdx: 6442691504
registers.r12: 0
registers.rbp: 1833833
registers.rdi: 1833736
registers.rax: 6442663312
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2
0x2

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x2
registers.r14: 0
registers.r15: 0
registers.rcx: 65898
registers.rsi: 0
registers.r10: 0
registers.rbx: 65898
registers.rsp: 1636904
registers.r11: 1636592
registers.r8: 2146808
registers.r9: 10
registers.rdx: 4290379776
registers.r12: 10
registers.rbp: 2146640
registers.rdi: 2146840
registers.rax: 1
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5eea8
registers.r14: 10
registers.r15: 4290379776
registers.rcx: 2
registers.rsi: 6442804440
registers.r10: 6442804440
registers.rbx: 6442804424
registers.rsp: 1504984
registers.r11: 1504848
registers.r8: 1505144
registers.r9: 4290379776
registers.rdx: 6442804440
registers.r12: 0
registers.rbp: 2081278
registers.rdi: 1505144
registers.rax: 6442663312
registers.r13: 0
1 0 0

__exception__

stacktrace:
cIFFComputeStrip+0x8 cIFFDefaultStripSize-0x68 loader_p1_dll_64_n1_x64_inf+0x32a08 @ 0x180032a08
rundll32+0x2f42 @ 0xffba2f42
rundll32+0x3b7a @ 0xffba3b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: f7 71 74 66 83 b9 9a 00 00 00 02 44 8b c8 75 46
exception.instruction: div dword ptr [rcx + 0x74]
exception.exception_code: 0xc0000094
exception.symbol: cIFFComputeStrip+0x8 cIFFDefaultStripSize-0x68 loader_p1_dll_64_n1_x64_inf+0x32a08
exception.address: 0x180032a08
registers.r14: 0
registers.r15: 0
registers.rcx: 65912
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1900384
registers.r11: 1899472
registers.r8: 2867730
registers.r9: 10
registers.rdx: 0
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 4290379776
registers.r13: 0
1 0 0

__exception__

stacktrace:

        
      
      
      
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x0
registers.r14: 0
registers.r15: 0
registers.rcx: 66048
registers.rsi: 0
registers.r10: 0
registers.rbx: 66048
registers.rsp: 2029928
registers.r11: 2029664
registers.r8: 3260916
registers.r9: 10
registers.rdx: 4290379776
registers.r12: 10
registers.rbp: 3260752
registers.rdi: 0
registers.rax: 66048
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5ee70
registers.r14: 66178
registers.r15: 0
registers.rcx: 0
registers.rsi: 153
registers.r10: 0
registers.rbx: 0
registers.rsp: 1766728
registers.r11: 1766736
registers.r8: 0
registers.r9: 1224
registers.rdx: 1224
registers.r12: 10
registers.rbp: 153
registers.rdi: 8
registers.rax: 153
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5ee70
registers.r14: 66214
registers.r15: 0
registers.rcx: 0
registers.rsi: 153
registers.r10: 0
registers.rbx: 0
registers.rsp: 1964712
registers.r11: 1964720
registers.r8: 0
registers.r9: 1224
registers.rdx: 1224
registers.r12: 10
registers.rbp: 153
registers.rdi: 8
registers.rax: 153
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5ee70
registers.r14: 66216
registers.r15: 0
registers.rcx: 0
registers.rsi: 153
registers.r10: 0
registers.rbx: 0
registers.rsp: 1833592
registers.r11: 1833600
registers.r8: 0
registers.r9: 1224
registers.rdx: 1224
registers.r12: 10
registers.rbp: 153
registers.rdi: 8
registers.rax: 153
registers.r13: 0
1 0 0

__exception__

stacktrace:
cIFFCurrentRow+0x10 cIFFCurrentTile-0x10 loader_p1_dll_64_n1_x64_inf+0x2b120 @ 0x18002b120
rundll32+0x2f42 @ 0xffba2f42
rundll32+0x3b7a @ 0xffba3b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 8b 81 64 02 00 00 c3 cc cc cc cc cc cc cc cc cc
exception.instruction: mov eax, dword ptr [rcx + 0x264]
exception.exception_code: 0xc0000005
exception.symbol: cIFFCurrentRow+0x10 cIFFCurrentTile-0x10 loader_p1_dll_64_n1_x64_inf+0x2b120
exception.address: 0x18002b120
registers.r14: 0
registers.r15: 0
registers.rcx: 262896
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 720800
registers.r11: 719888
registers.r8: 2671122
registers.r9: 10
registers.rdx: 4290379776
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 262896
registers.r13: 0
1 0 0

__exception__

stacktrace:
cIFFComputeStrip+0x70 cIFFNumberOfStrips-0x10 loader_p1_dll_64_n1_x64_inf+0x32a70 @ 0x180032a70
rundll32+0x2f42 @ 0xffba2f42
rundll32+0x3b7a @ 0xffba3b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 48 ff a1 20 03 00 00 cc cc cc cc cc cc cc cc cc
exception.instruction: jmp qword ptr [rcx + 0x320]
exception.exception_code: 0xc0000005
exception.symbol: cIFFComputeStrip+0x70 cIFFNumberOfStrips-0x10 loader_p1_dll_64_n1_x64_inf+0x32a70
exception.address: 0x180032a70
registers.r14: 0
registers.r15: 0
registers.rcx: 131826
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2226224
registers.r11: 2225312
registers.r8: 3195418
registers.r9: 10
registers.rdx: 4290379776
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 131826
registers.r13: 0
1 0 0

__exception__

stacktrace:

        
      
      
      
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x0
registers.r14: 0
registers.r15: 0
registers.rcx: 66358
registers.rsi: 0
registers.r10: 0
registers.rbx: 66358
registers.rsp: 2750456
registers.r11: 2750096
registers.r8: 4833816
registers.r9: 10
registers.rdx: 4290379776
registers.r12: 10
registers.rbp: 4833632
registers.rdi: 4833848
registers.rax: 66358
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5eea8
registers.r14: 0
registers.r15: 0
registers.rcx: 2
registers.rsi: 4290379776
registers.r10: 0
registers.rbx: 66362
registers.rsp: 719000
registers.r11: 718768
registers.r8: 719152
registers.r9: 10
registers.rdx: 4290379776
registers.r12: 10
registers.rbp: 2539856
registers.rdi: 719152
registers.rax: 6442663312
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5eea8
registers.r14: 0
registers.r15: 0
registers.rcx: 2
registers.rsi: 4899322
registers.r10: 4899322
registers.rbx: 4290379776
registers.rsp: 2749880
registers.r11: 2749648
registers.r8: 2750040
registers.r9: 10
registers.rdx: 4899322
registers.r12: 10
registers.rbp: 4899152
registers.rdi: 2750040
registers.rax: 6442663312
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5eea8
registers.r14: 6442664336
registers.r15: 3850742
registers.rcx: 2
registers.rsi: 6442804440
registers.r10: 6442804440
registers.rbx: 6442804424
registers.rsp: 2161144
registers.r11: 2161104
registers.r8: 2161304
registers.r9: 3850742
registers.rdx: 6442804440
registers.r12: 0
registers.rbp: 66466
registers.rdi: 2161304
registers.rax: 6442663312
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8
0x5eea8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5eea8
registers.r14: 0
registers.r15: 0
registers.rcx: 2
registers.rsi: 6442687448
registers.r10: 6442687448
registers.rbx: 6442687480
registers.rsp: 2291928
registers.r11: 4290379776
registers.r8: 2292088
registers.r9: 4290379776
registers.rdx: 6442687448
registers.r12: 10
registers.rbp: 3195232
registers.rdi: 2292088
registers.rax: 6442663312
registers.r13: 0
1 0 0

__exception__

stacktrace:
cIFFFindField+0x40 cIFFMergeFieldInfo-0x80 loader_p1_dll_64_n1_x64_inf+0x5730 @ 0x180005730
cIFFFieldWithTag+0x1c cIFFFieldWriteCount-0x44 loader_p1_dll_64_n1_x64_inf+0x569c @ 0x18000569c
rundll32+0x2f42 @ 0xffba2f42
rundll32+0x3b7a @ 0xffba3b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 39 10 75 0b 45 85 c0 74 5f 44 3b 40 08 74 59 48
exception.instruction: cmp dword ptr [rax], edx
exception.exception_code: 0xc0000005
exception.symbol: cIFFFindField+0x40 cIFFMergeFieldInfo-0x80 loader_p1_dll_64_n1_x64_inf+0x5730
exception.address: 0x180005730
registers.r14: 0
registers.r15: 0
registers.rcx: 132042
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 785488
registers.r11: 784576
registers.r8: 0
registers.r9: 4290379776
registers.rdx: 4290379776
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 18858960886169702
registers.r13: 0
1 0 0

__exception__

stacktrace:
cIFFRewriteDirectory+0xad cIFFWriteCustomDirectory-0x2f3 loader_p1_dll_64_n1_x64_inf+0xd40d @ 0x18000d40d
cIFFFlush+0x17f cIFFFlushData-0x21 loader_p1_dll_64_n1_x64_inf+0x1622f @ 0x18001622f
rundll32+0x2f42 @ 0xffba2f42
rundll32+0x3b7a @ 0xffba3b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: ff 93 b0 03 00 00 48 3b c6 0f 85 b0 00 00 00 0f
exception.instruction: call qword ptr [rbx + 0x3b0]
exception.exception_code: 0xc0000005
exception.symbol: cIFFRewriteDirectory+0xad cIFFWriteCustomDirectory-0x2f3 loader_p1_dll_64_n1_x64_inf+0xd40d
exception.address: 0x18000d40d
registers.r14: 0
registers.r15: 0
registers.rcx: 26740595241189481
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 2095552
registers.r11: 2094640
registers.r8: 0
registers.r9: 10
registers.rdx: 7274601
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 31525717090238508
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8
0x5ecd8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5ecd8
registers.r14: 0
registers.r15: 0
registers.rcx: 132180
registers.rsi: 0
registers.r10: 0
registers.rbx: 132180
registers.rsp: 1045928
registers.r11: 1045616
registers.r8: 4
registers.r9: 10
registers.rdx: 0
registers.r12: 10
registers.rbp: 3326304
registers.rdi: 132124
registers.rax: 132124
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5ee70
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 0
registers.rbx: 6442844176
registers.rsp: 2422232
registers.r11: 2421920
registers.r8: 3260992
registers.r9: 10
registers.rdx: 24
registers.r12: 10
registers.rbp: 24
registers.rdi: 1
registers.rax: 1
registers.r13: 0
1 0 0

__exception__

stacktrace:
cIFFGetSizeProc+0x10 cIFFGetWriteProc-0x10 loader_p1_dll_64_n1_x64_inf+0x2b1c0 @ 0x18002b1c0
rundll32+0x2f42 @ 0xffba2f42
rundll32+0x3b7a @ 0xffba3b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 48 8b 81 90 03 00 00 c3 cc cc cc cc cc cc cc cc
exception.instruction: mov rax, qword ptr [rcx + 0x390]
exception.exception_code: 0xc0000005
exception.symbol: cIFFGetSizeProc+0x10 cIFFGetWriteProc-0x10 loader_p1_dll_64_n1_x64_inf+0x2b1c0
exception.address: 0x18002b1c0
registers.r14: 0
registers.r15: 0
registers.rcx: 655854
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 1047760
registers.r11: 1046848
registers.r8: 2146842
registers.r9: 10
registers.rdx: 4290379776
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 655854
registers.r13: 0
1 0 0

__exception__

stacktrace:
cIFFIsTiled+0x10 cIFFSetClientdata-0x10 loader_p1_dll_64_n1_x64_inf+0x2b230 @ 0x18002b230
rundll32+0x2f42 @ 0xffba2f42
rundll32+0x3b7a @ 0xffba3b7a
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521

exception.instruction_r: 8b 41 10 c1 e8 0e 83 e0 01 c3 cc cc cc cc cc cc
exception.instruction: mov eax, dword ptr [rcx + 0x10]
exception.exception_code: 0xc0000005
exception.symbol: cIFFIsTiled+0x10 cIFFSetClientdata-0x10 loader_p1_dll_64_n1_x64_inf+0x2b230
exception.address: 0x18002b230
registers.r14: 0
registers.r15: 0
registers.rcx: 459900
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 981872
registers.r11: 980960
registers.r8: 1819152
registers.r9: 10
registers.rdx: 4290379776
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 459900
registers.r13: 0
1 0 0

__exception__

stacktrace:
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70
0x5ee70

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x5ee70
registers.r14: 66722
registers.r15: 4290379776
registers.rcx: 0
registers.rsi: 1
registers.r10: 0
registers.rbx: 0
registers.rsp: 1701400
registers.r11: 1701248
registers.r8: 0
registers.r9: 24
registers.rdx: 24
registers.r12: 10
registers.rbp: 3785056
registers.rdi: 24
registers.rax: 1
registers.r13: 0
1 0 0
CrowdStrike win/malicious_confidence_100% (W)
Kaspersky UDS:DangerousObject.Multi.Generic
TrendMicro TrojanSpy.Win64.ICEDID.SMYXDAVZ
ZoneAlarm UDS:DangerousObject.Multi.Generic
Rising Trojan.IcedID!8.102AF (CLOUD)
section {u'size_of_data': u'0x00006000', u'virtual_address': u'0x00069000', u'entropy': 6.888250429789257, u'name': u'.rsrc', u'virtual_size': u'0x0000573b'} entropy 6.88825042979 description A section with a high entropy has been found