popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

dd12.exe

UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 13, 2023, 10:59 p.m. June 13, 2023, 11:06 p.m.
Size 540.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2ed9f5fd57f0bd14d8b6a367bcc2e6c7
SHA256 c9e9f4d1945fc9cb9daf5b4a72032a00ba7040154e3fe44be5371fbb7da695ea
CRC32 D1DCAA71
ssdeep 12288:DAijvnPy/8Y83Lt6xqpbxbUVJhlPq36NY7Qjua3j:DAq91LwANxbUV1q36SQiW
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a
GetClientRect+0xc5 CallWindowProcW-0xb user32+0x20d27 @ 0x75600d27
CallWindowProcA+0x1b GetClassNameA-0x95 user32+0x2794a @ 0x7560794a
dd12+0x199c5 @ 0x4199c5
dd12+0x186f5 @ 0x4186f5
dd12+0x19b16 @ 0x419b16
IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33
dd12+0x14800 @ 0x414800
IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034
IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b
IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667
IID_IVbaHost+0x3b77 UserDllMain-0x61740 msvbvm60+0x321b7 @ 0x729721b7
IID_IVbaHost+0x386d UserDllMain-0x61a4a msvbvm60+0x31ead @ 0x72971ead
IID_IVbaHost+0x36291 UserDllMain-0x2f026 msvbvm60+0x648d1 @ 0x729a48d1
IID_IVbaHost+0x418d8 UserDllMain-0x239df msvbvm60+0x6ff18 @ 0x729aff18
BASIC_CLASS_Release+0xfcaa IID_IVbaHost-0xff3d msvbvm60+0x1e703 @ 0x7295e703
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
dd12+0x16a2 @ 0x4016a2
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: 8b 4e 34 89 4f 04 89 f9 83 c1 48 89 4f 0c 83 c1
exception.instruction: mov ecx, dword ptr [esi + 0x34]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x39481df
registers.esp: 1636464
registers.edi: 8454144
registers.eax: 2005662384
registers.ebp: 1636464
registers.edx: 2130566132
registers.ebx: 60064888
registers.esi: 1056637010
registers.ecx: 59621616
1 0 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 652
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00810000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 652
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x005b0000
process_handle: 0xffffffff
1 0 0