Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 17, 2023, 7:56 a.m.	March 17, 2023, 7:56 a.m.

Size	425.0KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`47fc7775d368ebe67b4b27c7913a4e11`
SHA256	`8bef7c5f74640080536d669c15629c4c720bc081c1f72505eed8c3b87fd5f915`
CRC32	`3558A069`
ssdeep	`12288:tgUuiAbzjDBGGidp60AHqpKKkmFKpBDor0K:vuiA/BGGioK`
PDB Path	E:\repo\ImageMagick\ImageMagick-6.9.3\vc14\x64\bin\CORE_RL_tiff_.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFAccessTagMethods
1932
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFAccessTagMethods
  2468
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCIELabToXYZ
2236
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCIELabToXYZ
  2520
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCIELabToRGBInit
2144
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCIELabToRGBInit
  2604
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCheckTile
2324
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCheckTile
  2648
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCheckpointDirectory
2424
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCheckpointDirectory
  2776
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCleanup
2596
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCleanup
  2916
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFClientOpen
2800
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFClientOpen
  2092
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFClientdata
2952
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFClientdata
  2464
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFComputeStrip
2268
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFComputeStrip
  2760
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFClose
2072
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFClose
  2908
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFComputeTile
2444
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFComputeTile
  3040
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCreateCustomDirectory
2980
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCreateCustomDirectory
  804
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCreateDirectory
2344
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCreateDirectory
  1648
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCreateEXIFDirectory
2936
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCreateEXIFDirectory
  1952
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCurrentDirOffset
2740
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCurrentDirOffset
  2380
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCurrentDirectory
2824
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCurrentDirectory
  3224
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCurrentRow
3132
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCurrentRow
  3396
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCurrentStrip
3272
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCurrentStrip
  3716
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCurrentTile
3380
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFCurrentTile
  3780
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFDataWidth
3508
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFDataWidth
  3928
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFDefaultStripSize
3604
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFDefaultStripSize
  3868
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFDefaultTileSize
3692
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFDefaultTileSize
  4004
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFError
3892
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFError
  3252
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFErrorExt
2788
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFErrorExt
  3408
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFdOpen
3376
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFdOpen
  3808
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldDataType
3600
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldDataType
  4000
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldName
3880
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldName
  3524
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldPassCount
3724
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldPassCount
  3836
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldReadCount
3392
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldReadCount
  4076
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldTag
3768
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldTag
  4036
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldWithName
3568
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldWithName
  3076
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldWithTag
3344
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldWithTag
  3800
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldWriteCount
3708
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFieldWriteCount
  4104
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFileName
3744
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFileName
  3528
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFileno
3324
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFileno
  4316
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFindCODEC
4244
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFindCODEC
  4460
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFindField
4408
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFindField
  4668
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFlush
4580
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFlush
  4700
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFlushData
4772
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFlushData
  4924
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFreeDirectory
4868
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFFreeDirectory
  4476
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetBitRevTable
4996
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetBitRevTable
  4280
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetClientInfo
5096
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetClientInfo
  3980
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetConfiguredCODECs
4108
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetConfiguredCODECs
  4296
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetCloseProc
4240
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetCloseProc
  5020
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetField
4716
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetField
  4168
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetFieldDefaulted
4984
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetFieldDefaulted
  4572
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetMapFileProc
4348
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetMapFileProc
  4232
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetMode
4764
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetMode
  4440
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetReadProc
5012
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetReadProc
  4552
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetSizeProc
4320
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetSizeProc
  4696
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetTagListCount
4516
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetTagListCount
  4464
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetSeekProc
4560
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetSeekProc
  5080
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetTagListEntry
4680
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetTagListEntry
  4196
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetUnmapFileProc
2056
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetUnmapFileProc
  5132
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetVersion
4756
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetVersion
  5296
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFIsBigEndian
5208
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFIsBigEndian
  5616
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetWriteProc
2060
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFGetWriteProc
  5572
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFIsByteSwapped
5320
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFIsByteSwapped
  5752
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFIsCODECConfigured
5448
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFIsCODECConfigured
  5848
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFIsMSB2LSB
5536
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFIsMSB2LSB
  5928
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFIsTiled
5724
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFIsTiled
  5468
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFIsUpSampled
5896
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFIsUpSampled
  5036
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFLastDirectory
6052
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFLastDirectory
  1440
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFMergeFieldInfo
4928
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFMergeFieldInfo
  5596
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFNumberOfDirectories
4288
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFNumberOfDirectories
  5880
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFNumberOfTiles
5816
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFNumberOfStrips
5436
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFNumberOfStrips
  4392
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFOpen
5968
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFOpenW
6140
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader_p1_dll_64_n1_x64_inf.dll35.dll,cIFFRGBAImageBegin
5872

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (50 out of 64 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0
IsDebuggerPresent March 17, 2023, 7:49 a.m.			0	0

This executable has a PDB path (1 event)

pdb_path

E:\repo\ImageMagick\ImageMagick-6.9.3\vc14\x64\bin\CORE_RL_tiff_.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

One or more processes crashed (24 events)

Time & API	Arguments	Status
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5eea8 registers.r14: 0 registers.r15: 0 registers.rcx: 2 registers.rsi: 6442811400 registers.r10: 6442811400 registers.rbx: 68240 registers.rsp: 1373544 registers.r11: 1373376 registers.r8: 1373704 registers.r9: 4290379776 registers.rdx: 6442811400 registers.r12: 10 registers.rbp: 2670928 registers.rdi: 1373704 registers.rax: 6442663312 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: cIFFCIELabToRGBInit+0x20 cIFFCIELabToXYZ-0x1e0 loader_p1_dll_64_n1_x64_inf+0x1c20 @ 0x180001c20 rundll32+0x2f42 @ 0xffba2f42 rundll32+0x3b7a @ 0xffba3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: c7 01 dc 05 00 00 48 89 6c 24 50 48 83 c1 1c 41 exception.instruction: mov dword ptr [rcx], 0x5dc exception.exception_code: 0xc0000005 exception.symbol: cIFFCIELabToRGBInit+0x20 cIFFCIELabToXYZ-0x1e0 loader_p1_dll_64_n1_x64_inf+0x1c20 exception.address: 0x180001c20 registers.r14: 0 registers.r15: 0 registers.rcx: 196964 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2029760 registers.r11: 2028848 registers.r8: 3129880 registers.r9: 10 registers.rdx: 4290379776 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 196964 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5eea8 registers.r14: 1 registers.r15: 0 registers.rcx: 2 registers.rsi: 6442691504 registers.r10: 6442691504 registers.rbx: 6442690968 registers.rsp: 1833576 registers.r11: 7 registers.r8: 1833736 registers.r9: 0 registers.rdx: 6442691504 registers.r12: 0 registers.rbp: 1833833 registers.rdi: 1833736 registers.rax: 6442663312 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x2 registers.r14: 0 registers.r15: 0 registers.rcx: 65898 registers.rsi: 0 registers.r10: 0 registers.rbx: 65898 registers.rsp: 1636904 registers.r11: 1636592 registers.r8: 2146808 registers.r9: 10 registers.rdx: 4290379776 registers.r12: 10 registers.rbp: 2146640 registers.rdi: 2146840 registers.rax: 1 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5eea8 registers.r14: 10 registers.r15: 4290379776 registers.rcx: 2 registers.rsi: 6442804440 registers.r10: 6442804440 registers.rbx: 6442804424 registers.rsp: 1504984 registers.r11: 1504848 registers.r8: 1505144 registers.r9: 4290379776 registers.rdx: 6442804440 registers.r12: 0 registers.rbp: 2081278 registers.rdi: 1505144 registers.rax: 6442663312 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: cIFFComputeStrip+0x8 cIFFDefaultStripSize-0x68 loader_p1_dll_64_n1_x64_inf+0x32a08 @ 0x180032a08 rundll32+0x2f42 @ 0xffba2f42 rundll32+0x3b7a @ 0xffba3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f7 71 74 66 83 b9 9a 00 00 00 02 44 8b c8 75 46 exception.instruction: div dword ptr [rcx + 0x74] exception.exception_code: 0xc0000094 exception.symbol: cIFFComputeStrip+0x8 cIFFDefaultStripSize-0x68 loader_p1_dll_64_n1_x64_inf+0x32a08 exception.address: 0x180032a08 registers.r14: 0 registers.r15: 0 registers.rcx: 65912 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1900384 registers.r11: 1899472 registers.r8: 2867730 registers.r9: 10 registers.rdx: 0 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4290379776 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 66048 registers.rsi: 0 registers.r10: 0 registers.rbx: 66048 registers.rsp: 2029928 registers.r11: 2029664 registers.r8: 3260916 registers.r9: 10 registers.rdx: 4290379776 registers.r12: 10 registers.rbp: 3260752 registers.rdi: 0 registers.rax: 66048 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5ee70 registers.r14: 66178 registers.r15: 0 registers.rcx: 0 registers.rsi: 153 registers.r10: 0 registers.rbx: 0 registers.rsp: 1766728 registers.r11: 1766736 registers.r8: 0 registers.r9: 1224 registers.rdx: 1224 registers.r12: 10 registers.rbp: 153 registers.rdi: 8 registers.rax: 153 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5ee70 registers.r14: 66214 registers.r15: 0 registers.rcx: 0 registers.rsi: 153 registers.r10: 0 registers.rbx: 0 registers.rsp: 1964712 registers.r11: 1964720 registers.r8: 0 registers.r9: 1224 registers.rdx: 1224 registers.r12: 10 registers.rbp: 153 registers.rdi: 8 registers.rax: 153 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5ee70 registers.r14: 66216 registers.r15: 0 registers.rcx: 0 registers.rsi: 153 registers.r10: 0 registers.rbx: 0 registers.rsp: 1833592 registers.r11: 1833600 registers.r8: 0 registers.r9: 1224 registers.rdx: 1224 registers.r12: 10 registers.rbp: 153 registers.rdi: 8 registers.rax: 153 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: cIFFCurrentRow+0x10 cIFFCurrentTile-0x10 loader_p1_dll_64_n1_x64_inf+0x2b120 @ 0x18002b120 rundll32+0x2f42 @ 0xffba2f42 rundll32+0x3b7a @ 0xffba3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 8b 81 64 02 00 00 c3 cc cc cc cc cc cc cc cc cc exception.instruction: mov eax, dword ptr [rcx + 0x264] exception.exception_code: 0xc0000005 exception.symbol: cIFFCurrentRow+0x10 cIFFCurrentTile-0x10 loader_p1_dll_64_n1_x64_inf+0x2b120 exception.address: 0x18002b120 registers.r14: 0 registers.r15: 0 registers.rcx: 262896 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 720800 registers.r11: 719888 registers.r8: 2671122 registers.r9: 10 registers.rdx: 4290379776 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 262896 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: cIFFComputeStrip+0x70 cIFFNumberOfStrips-0x10 loader_p1_dll_64_n1_x64_inf+0x32a70 @ 0x180032a70 rundll32+0x2f42 @ 0xffba2f42 rundll32+0x3b7a @ 0xffba3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 48 ff a1 20 03 00 00 cc cc cc cc cc cc cc cc cc exception.instruction: jmp qword ptr [rcx + 0x320] exception.exception_code: 0xc0000005 exception.symbol: cIFFComputeStrip+0x70 cIFFNumberOfStrips-0x10 loader_p1_dll_64_n1_x64_inf+0x32a70 exception.address: 0x180032a70 registers.r14: 0 registers.r15: 0 registers.rcx: 131826 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2226224 registers.r11: 2225312 registers.r8: 3195418 registers.r9: 10 registers.rdx: 4290379776 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 131826 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 66358 registers.rsi: 0 registers.r10: 0 registers.rbx: 66358 registers.rsp: 2750456 registers.r11: 2750096 registers.r8: 4833816 registers.r9: 10 registers.rdx: 4290379776 registers.r12: 10 registers.rbp: 4833632 registers.rdi: 4833848 registers.rax: 66358 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5eea8 registers.r14: 0 registers.r15: 0 registers.rcx: 2 registers.rsi: 4290379776 registers.r10: 0 registers.rbx: 66362 registers.rsp: 719000 registers.r11: 718768 registers.r8: 719152 registers.r9: 10 registers.rdx: 4290379776 registers.r12: 10 registers.rbp: 2539856 registers.rdi: 719152 registers.rax: 6442663312 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5eea8 registers.r14: 0 registers.r15: 0 registers.rcx: 2 registers.rsi: 4899322 registers.r10: 4899322 registers.rbx: 4290379776 registers.rsp: 2749880 registers.r11: 2749648 registers.r8: 2750040 registers.r9: 10 registers.rdx: 4899322 registers.r12: 10 registers.rbp: 4899152 registers.rdi: 2750040 registers.rax: 6442663312 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5eea8 registers.r14: 6442664336 registers.r15: 3850742 registers.rcx: 2 registers.rsi: 6442804440 registers.r10: 6442804440 registers.rbx: 6442804424 registers.rsp: 2161144 registers.r11: 2161104 registers.r8: 2161304 registers.r9: 3850742 registers.rdx: 6442804440 registers.r12: 0 registers.rbp: 66466 registers.rdi: 2161304 registers.rax: 6442663312 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 0x5eea8 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5eea8 registers.r14: 0 registers.r15: 0 registers.rcx: 2 registers.rsi: 6442687448 registers.r10: 6442687448 registers.rbx: 6442687480 registers.rsp: 2291928 registers.r11: 4290379776 registers.r8: 2292088 registers.r9: 4290379776 registers.rdx: 6442687448 registers.r12: 10 registers.rbp: 3195232 registers.rdi: 2292088 registers.rax: 6442663312 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: cIFFFindField+0x40 cIFFMergeFieldInfo-0x80 loader_p1_dll_64_n1_x64_inf+0x5730 @ 0x180005730 cIFFFieldWithTag+0x1c cIFFFieldWriteCount-0x44 loader_p1_dll_64_n1_x64_inf+0x569c @ 0x18000569c rundll32+0x2f42 @ 0xffba2f42 rundll32+0x3b7a @ 0xffba3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 39 10 75 0b 45 85 c0 74 5f 44 3b 40 08 74 59 48 exception.instruction: cmp dword ptr [rax], edx exception.exception_code: 0xc0000005 exception.symbol: cIFFFindField+0x40 cIFFMergeFieldInfo-0x80 loader_p1_dll_64_n1_x64_inf+0x5730 exception.address: 0x180005730 registers.r14: 0 registers.r15: 0 registers.rcx: 132042 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 785488 registers.r11: 784576 registers.r8: 0 registers.r9: 4290379776 registers.rdx: 4290379776 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 18858960886169702 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: cIFFRewriteDirectory+0xad cIFFWriteCustomDirectory-0x2f3 loader_p1_dll_64_n1_x64_inf+0xd40d @ 0x18000d40d cIFFFlush+0x17f cIFFFlushData-0x21 loader_p1_dll_64_n1_x64_inf+0x1622f @ 0x18001622f rundll32+0x2f42 @ 0xffba2f42 rundll32+0x3b7a @ 0xffba3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: ff 93 b0 03 00 00 48 3b c6 0f 85 b0 00 00 00 0f exception.instruction: call qword ptr [rbx + 0x3b0] exception.exception_code: 0xc0000005 exception.symbol: cIFFRewriteDirectory+0xad cIFFWriteCustomDirectory-0x2f3 loader_p1_dll_64_n1_x64_inf+0xd40d exception.address: 0x18000d40d registers.r14: 0 registers.r15: 0 registers.rcx: 26740595241189481 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2095552 registers.r11: 2094640 registers.r8: 0 registers.r9: 10 registers.rdx: 7274601 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 31525717090238508 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 0x5ecd8 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5ecd8 registers.r14: 0 registers.r15: 0 registers.rcx: 132180 registers.rsi: 0 registers.r10: 0 registers.rbx: 132180 registers.rsp: 1045928 registers.r11: 1045616 registers.r8: 4 registers.r9: 10 registers.rdx: 0 registers.r12: 10 registers.rbp: 3326304 registers.rdi: 132124 registers.rax: 132124 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5ee70 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 6442844176 registers.rsp: 2422232 registers.r11: 2421920 registers.r8: 3260992 registers.r9: 10 registers.rdx: 24 registers.r12: 10 registers.rbp: 24 registers.rdi: 1 registers.rax: 1 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: cIFFGetSizeProc+0x10 cIFFGetWriteProc-0x10 loader_p1_dll_64_n1_x64_inf+0x2b1c0 @ 0x18002b1c0 rundll32+0x2f42 @ 0xffba2f42 rundll32+0x3b7a @ 0xffba3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 48 8b 81 90 03 00 00 c3 cc cc cc cc cc cc cc cc exception.instruction: mov rax, qword ptr [rcx + 0x390] exception.exception_code: 0xc0000005 exception.symbol: cIFFGetSizeProc+0x10 cIFFGetWriteProc-0x10 loader_p1_dll_64_n1_x64_inf+0x2b1c0 exception.address: 0x18002b1c0 registers.r14: 0 registers.r15: 0 registers.rcx: 655854 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1047760 registers.r11: 1046848 registers.r8: 2146842 registers.r9: 10 registers.rdx: 4290379776 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 655854 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: cIFFIsTiled+0x10 cIFFSetClientdata-0x10 loader_p1_dll_64_n1_x64_inf+0x2b230 @ 0x18002b230 rundll32+0x2f42 @ 0xffba2f42 rundll32+0x3b7a @ 0xffba3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 8b 41 10 c1 e8 0e 83 e0 01 c3 cc cc cc cc cc cc exception.instruction: mov eax, dword ptr [rcx + 0x10] exception.exception_code: 0xc0000005 exception.symbol: cIFFIsTiled+0x10 cIFFSetClientdata-0x10 loader_p1_dll_64_n1_x64_inf+0x2b230 exception.address: 0x18002b230 registers.r14: 0 registers.r15: 0 registers.rcx: 459900 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 981872 registers.r11: 980960 registers.r8: 1819152 registers.r9: 10 registers.rdx: 4290379776 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 459900 registers.r13: 0	1
__exception__ March 17, 2023, 7:49 a.m.	stacktrace: 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 0x5ee70 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x5ee70 registers.r14: 66722 registers.r15: 4290379776 registers.rcx: 0 registers.rsi: 1 registers.r10: 0 registers.rbx: 0 registers.rsp: 1701400 registers.r11: 1701248 registers.r8: 0 registers.r9: 24 registers.rdx: 24 registers.r12: 10 registers.rbp: 3785056 registers.rdi: 24 registers.rax: 1 registers.r13: 0	1

File has been identified by 5 AntiVirus engines on VirusTotal as malicious (5 events)

CrowdStrike	win/malicious_confidence_100% (W)
Kaspersky	UDS:DangerousObject.Multi.Generic
TrendMicro	TrojanSpy.Win64.ICEDID.SMYXDAVZ
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Rising	Trojan.IcedID!8.102AF (CLOUD)

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00006000', u'virtual_address': u'0x00069000', u'entropy': 6.888250429789257, u'name': u'.rsrc', u'virtual_size': u'0x0000573b'}

entropy

6.88825042979

description

A section with a high entropy has been found

loader_p1_dll_64_n1_x64_inf.dll35.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All