Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 7, 2023, 6:22 p.m.	June 7, 2023, 6:24 p.m.

Size	363.1KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`97276eade4a474b02892b080fa0cae20`
SHA256	`b89e41d1eaac085d38eed170f2e53fd011fdd322d4b1df5162976ecc59ec7279`
CRC32	`563659EB`
ssdeep	`6144:Np+gg4HygejDqBnVu9haH0purwFVe7mrnmEgqJcaFDhJZ6iayTNI1J:DPHygeqB49d7UKPAivTNC`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library NSIS_Installer - Null Soft Installer PE_Header_Zero - PE File Signature IsPE32 - (no description)

SO785000670065_GK3G46943006_PO#BGMRE23028.exe "C:\Users\test22\AppData\Local\Temp\SO785000670065_GK3G46943006_PO#BGMRE23028.exe"
3012

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 7, 2023, 6:22 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7f 03 4a bc 05 a6 df 9d 60 df 6f c4 1b 69 1d e9 exception.instruction: jg 0x51733aa exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x51733a5 registers.esp: 1629656 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 1629652 registers.ecx: 256	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 03 50 8a 2c d5 73 7a b7 2d ce 6d 66 06 00 5b exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x51733ec registers.esp: 1629656 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 0 registers.esi: 2001474698 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 5a 84 16 25 51 b9 74 8b ea 3f 81 f1 f0 21 84 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5173403 registers.esp: 1629660 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 2001474698 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7a 04 57 99 b2 11 c1 00 39 c1 5a 38 d1 59 81 34 exception.instruction: jp 0x517342f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5173429 registers.esp: 1629652 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 1629648 registers.ebx: 85405696 registers.esi: 2001474698 registers.ecx: 256	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 71 0e 48 da 0d 8d 6b 5b 9a 38 e6 26 03 21 b5 85 exception.instruction: jno 0x5173471 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5173461 registers.esp: 1629652 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 256 registers.ebx: 1629648 registers.esi: 2001474698 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 54 fc 27 59 e2 3c 52 ad ce 5f ff 74 24 04 8f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x51860c8 registers.esp: 1629656 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 2001474698 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 78 02 57 f0 07 8e 5f 00 38 d0 5f 85 c1 5e 68 57 exception.instruction: js 0x5186104 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5186100 registers.esp: 1629616 registers.edi: 1629612 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 256 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7a 07 49 4d 8a 73 4a 46 b6 4e 1f 81 7c a6 b6 8b exception.instruction: jp 0x5186153 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x518614a registers.esp: 1629612 registers.edi: 167008 registers.eax: 1629608 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 256 registers.esi: 2001474698 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 59 09 db 79 a4 89 b5 c9 01 00 00 cc 58 dd d0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5186169 registers.esp: 1629620 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 2001474698 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 58 dd d0 5c 70 b4 be 1f 15 0d a5 81 f6 e7 b4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5186175 registers.esp: 1629620 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 2001474698 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7d 0a 4e 29 7f 0a 78 08 2a d6 72 cd 48 67 d5 06 exception.instruction: jge 0x51861b2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x51861a6 registers.esp: 1629612 registers.edi: 167008 registers.eax: 256 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 1629608 registers.esi: 2282594808 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 77 0a 48 cd b1 41 3c a9 c0 ae 54 d3 0d 15 47 a8 exception.instruction: ja 0x51861ed exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x51861e1 registers.esp: 1629612 registers.edi: 167008 registers.eax: 256 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 1629608 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 4c 94 d4 7b a4 9c 69 41 28 c2 d2 7e f1 84 0a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5186205 registers.esp: 1629620 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 7077988 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 3f 54 85 a9 08 7a eb 0b 78 00 5f 68 ef 0b aa exception.instruction: mov dword ptr [edi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5186231 registers.esp: 1629612 registers.edi: 0 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 2001474698 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 52 8a 00 f5 b3 0c 89 a3 8c 8c 5a 78 53 bb 2b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5186259 registers.esp: 1629612 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 2001474698 registers.ecx: 1629612	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7f 03 58 dd 27 32 00 38 ef 59 38 d3 5b ba 4f 29 exception.instruction: jg 0x518628c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5186287 registers.esp: 1629604 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 256 registers.esi: 2001474698 registers.ecx: 1629600	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 54 97 1c 47 6d d9 ed 17 67 5e b8 b2 02 51 54 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x51862a4 registers.esp: 1629612 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 2494700437 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 72 03 4e da 2a c7 5f ae 72 a3 5d a0 e4 f4 cb 4a exception.instruction: jb 0x51862e5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x51862e0 registers.esp: 1629604 registers.edi: 167008 registers.eax: 2047745140 registers.ebp: 1629664 registers.edx: 1629600 registers.ebx: 256 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 4d 62 1d 9f 69 f9 e5 65 d5 a5 33 17 49 ec 1a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x51862f7 registers.esp: 1629612 registers.edi: 167008 registers.eax: 2047745140 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 2494700437 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 12 55 77 19 59 1b 37 74 00 5a 81 34 24 e4 19 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5186339 registers.esp: 1629616 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 0 registers.ebx: 2494700437 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 59 6b b8 27 b3 81 2c 24 8b a2 ed 11 cc 51 56 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x518634b registers.esp: 1629620 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 2494700437 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 51 56 2c d7 35 db fb 6b 03 48 f2 2f 54 81 2c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5186358 registers.esp: 1629620 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 2494700437 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 79 03 59 20 58 00 66 39 d8 58 38 c3 5a 52 ba c8 exception.instruction: jns 0x5186394 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x518638f registers.esp: 1629612 registers.edi: 167008 registers.eax: 1629608 registers.ebp: 1629664 registers.edx: 256 registers.ebx: 2494700437 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 12 55 85 b8 3a 04 62 53 00 5a cc 57 19 b8 96 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x51863b4 registers.esp: 1629616 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 0 registers.ebx: 2494700437 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 57 19 b8 96 51 4b 2c 68 87 70 6b fa 81 34 24 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x51863bf registers.esp: 1629620 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 2494700437 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7a 12 49 0b e4 3c 18 1e c1 62 2e f5 06 fe 7b a6 exception.instruction: jp 0x518642f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x518641b registers.esp: 1629608 registers.edi: 1634084120 registers.eax: 1629604 registers.ebp: 1629664 registers.edx: 256 registers.ebx: 1629664 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7c 0e 4a d8 f1 0e ab 10 63 2f 94 ea 65 18 af 7b exception.instruction: jl 0x5186467 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5186457 registers.esp: 1629608 registers.edi: 1724734244 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 256 registers.esi: 1629604 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 4a fd c0 2a 06 3e 27 b8 cd 18 a5 ab 50 24 08 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5186494 registers.esp: 1629616 registers.edi: 324 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629664 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 4c 94 55 0c c3 b8 87 25 ff 34 1f 0a 4f 0f e7 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x51864b1 registers.esp: 1629616 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629988 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 56 af f9 f3 66 9a 17 19 89 df 57 8b bd 58 02 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x51864ca registers.esp: 1629616 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629988 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 09 56 8a 7e e3 cc 40 00 59 cc 59 e9 9f 76 32 exception.instruction: mov dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x51864ee registers.esp: 1629608 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629988 registers.esi: 2001474698 registers.ecx: 0	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 59 e9 9f 76 32 68 b3 ba 20 ae 81 34 24 35 21 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x51864f8 registers.esp: 1629612 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629988 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 03 4b b3 87 d5 31 b8 df ff e6 69 8d 79 e9 40 exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x518652f registers.esp: 1629604 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 0 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 74 0d 4f 2d 57 a3 f5 ba 6e d3 b0 2a 5a 6d 63 00 exception.instruction: je 0x518657a exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x518656b registers.esp: 1629600 registers.edi: 167008 registers.eax: 1629596 registers.ebp: 1629664 registers.edx: 256 registers.ebx: 1629988 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 4a eb cf df 52 18 2c 4f 38 4e 6e dd ee 09 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5186593 registers.esp: 1629608 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629988 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 3e 4a df 40 37 07 65 97 f4 41 90 6c 21 0a f6 exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x51865ca registers.esp: 1629604 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629988 registers.esi: 0 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 4a 2d e2 f7 95 70 d6 c2 3f 12 a2 15 7a 05 21 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x51865f4 registers.esp: 1629608 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629988 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 31 49 e6 00 9e 47 80 9b 29 a9 ec 31 5a 94 93 exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x518661b registers.esp: 1629604 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629988 registers.esi: 2001474698 registers.ecx: 0	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 16 48 22 00 4e ba d3 a9 e8 50 75 9e 56 b3 1f exception.instruction: mov dword ptr [esi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x518665c registers.esp: 1629604 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629992 registers.esi: 0 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 1b 4a d2 70 15 d8 c8 3e af d1 fa f7 5d be 09 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5186695 registers.esp: 1629600 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 0 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 89 36 50 1d f2 3a 14 a3 56 b8 ae 79 6f a3 00 5e exception.instruction: mov dword ptr [esi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x51866ce registers.esp: 1629596 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629992 registers.esi: 0 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 52 fc 22 b7 90 e7 15 db 21 42 92 5e 81 34 24 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x51866e5 registers.esp: 1629600 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629992 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 76 04 4b 2f b8 97 97 80 be c8 88 58 92 1a 6f 4d exception.instruction: jbe 0x5186727 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5186721 registers.esp: 1629592 registers.edi: 256 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629588 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 4f 26 85 1a 12 ad 61 55 87 03 08 99 72 41 58 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5186742 registers.esp: 1629600 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629992 registers.esi: 2001474698 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 72 07 4c c1 44 3e a5 74 a7 4d d8 42 09 03 02 b2 exception.instruction: jb 0x5186783 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x518677a registers.esp: 1629588 registers.edi: 167008 registers.eax: 2001271472 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629584 registers.esi: 2001474698 registers.ecx: 256	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 7b 09 4b 5c 62 52 df b0 bf b5 dd c1 db 3a 27 9a exception.instruction: jnp 0x51867c8 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x51867bd registers.esp: 1629588 registers.edi: 167008 registers.eax: 256 registers.ebp: 1629664 registers.edx: 2001232346 registers.ebx: 1629992 registers.esi: 1629584 registers.ecx: 182	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: 71 03 57 7a dc 02 78 00 80 fb da 5f 66 85 d8 5a exception.instruction: jno 0x518680b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5186806 registers.esp: 1629616 registers.edi: 1629612 registers.eax: 0 registers.ebp: 1629664 registers.edx: 256 registers.ebx: 85405696 registers.esi: 2001474698 registers.ecx: 85485535	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 56 7f 8b 32 51 cb fb a6 61 cc 4e d5 22 2f bd exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x518681c registers.esp: 1629624 registers.edi: 167008 registers.eax: 0 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 2001474698 registers.ecx: 85485535	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 4e d5 22 2f bd e0 5c 86 b0 9a dd 48 86 80 42 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5186826 registers.esp: 1629656 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 2001474698 registers.ecx: 85406550	1
__exception__ June 7, 2023, 6:22 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77470000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa exception.instruction_r: cc 52 81 38 23 05 c4 57 42 dc 32 20 33 83 bd 60 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5186837 registers.esp: 1629656 registers.edi: 167008 registers.eax: 6678072 registers.ebp: 1629664 registers.edx: 85405696 registers.ebx: 85405696 registers.esi: 2001474698 registers.ecx: 85406550	1

Allocates read-write-execute memory (usually to unpack itself) (5 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 7, 2023, 6:22 p.m.	process_identifier: 3012 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f22000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 7, 2023, 6:22 p.m.	process_identifier: 3012 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fd3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 7, 2023, 6:22 p.m.	process_identifier: 3012 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fc4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 7, 2023, 6:22 p.m.	process_identifier: 3012 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fb4000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 7, 2023, 6:22 p.m.	process_identifier: 3012 region_size: 40411136 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x033d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (4 events)

file	C:\Users\test22\indregistreringernes\libffi-7.dll
file	C:\Users\test22\AppData\Local\Temp\nsj2E50.tmp\System.dll
file	C:\Users\test22\indregistreringernes\Misdemeanor\Dronningerunde\Lawyered\Alleve\tbtcoinx.dll
file	C:\Users\test22\indregistreringernes\Cauliform.Com

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsj2E50.tmp\System.dll

Queries for potentially installed applications (1 event)

Time & API	Arguments	Status	Return	Repeated
RegOpenKeyExW June 7, 2023, 6:22 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Centralstyrelserne54\Parfumerer\Kremeres base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Centralstyrelserne54\Parfumerer\Kremeres		2	0

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 7, 2023, 6:22 p.m.	tid: 3016 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 32 AntiVirus engines on VirusTotal as malicious (32 events)

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Trojan.Generic.33785605
FireEye	Trojan.Generic.33785605
CAT-QuickHeal	Trojan.Guloader
ALYac	Trojan.Generic.33785605
Cylance	unsafe
Arcabit	Trojan.Generic.D2038705
Cyren	W32/ABRisk.TOCC-5396
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Generik.BIWCHOF
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Backdoor.Win32.Androm.gen
BitDefender	Trojan.Generic.33785605
Avast	Win32:Trojan-gen
Tencent	Win32.Trojan.FalseSign.Gplw
Emsisoft	Trojan.Generic.33785605 (B)
F-Secure	Trojan.TR/AD.NsisInject.mrucq
VIPRE	Trojan.Generic.33785605
TrendMicro	Trojan.Win32.GULOADER.YXDEXZ
McAfee-GW-Edition	RDN/Generic BackDoor
Sophos	Mal/Generic-S
Avira	TR/AD.NsisInject.mrucq
Microsoft	Trojan:Win32/Guloader.RKA!MTB
ZoneAlarm	HEUR:Backdoor.Win32.Androm.gen
GData	Trojan.Generic.33785605
Google	Detected
McAfee	Artemis!97276EADE4A4
MAX	malware (ai score=88)
Malwarebytes	Trojan.Injector.NSIS
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDEXZ
Fortinet	W32/Trojan_Win32_GULOADER.BIWCHOF!tr
AVG	Win32:Trojan-gen

SO785000670065_GK3G46943006_PO#BGMRE23028.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All