Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 14, 2023, 7:57 p.m.	June 14, 2023, 8:02 p.m.

Size	3.5MB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`f40e1a15f93696510e5faef3a216f18f`
SHA256	`f8d015ac4faff5d7a5da0e95f3cc9e9eb18417cd749b3b4625b5312910a25b7b`
CRC32	`A5C0D8A8`
ssdeep	`49152:T+y6I9edJ9qu8moH+xNSJJ1LKz+JsK47C:L69RyLqe`
Yara	IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\64.dll,
2064
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\64.dll,rundll
1460
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\64.dll,rundll
  2144

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section
section	.themida

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d rundll+0x318050 64+0x319070 @ 0x7fef3b09070 rundll+0x31801b 64+0x31903b @ 0x7fef3b0903b HeapWalk-0x1ce0 kernel32+0x0 @ 0x76fc0000 0x18edb8 0x18edb8 0x18edb8 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefdbfa49d registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1
__exception__ June 14, 2023, 7:57 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 1631920 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1633728 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791590340762 registers.rbp: 1633752 registers.rdi: 8791588311040 registers.rax: 2003235733 registers.r13: 0	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00001200', u'virtual_address': u'0x00001000', u'entropy': 7.941773887719946, u'name': u' ', u'virtual_size': u'0x00002d9e'}

entropy

7.94177388772

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000200', u'virtual_address': u'0x00004000', u'entropy': 7.073302526096524, u'name': u' ', u'virtual_size': u'0x00000a55'}

entropy

7.0733025261

description

A section with a high entropy has been found

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 14, 2023, 7:58 p.m.	tid: 2148 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 29 AntiVirus engines on VirusTotal as malicious (29 events)

Lionic	Trojan.Win32.Sybici.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.67464071
FireEye	Generic.mg.f40e1a15f9369651
ALYac	Trojan.GenericKD.67464071
Cylance	unsafe
VIPRE	Trojan.GenericKD.67464071
Sangfor	Trojan.Win32.Gencbl.V4mj
CrowdStrike	win/malicious_confidence_70% (W)
Cyren	W64/ABTrojan.AWLW-2814
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenCBL.DVX
Kaspersky	Trojan-Proxy.Win32.Sybici.vl
BitDefender	Trojan.GenericKD.67464071
Sophos	Mal/Generic-S
McAfee-GW-Edition	Artemis!Trojan
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.GenericKD.67464071 (B)
Ikarus	Trojan.Win32.Generic
Antiy-AVL	Trojan/Win32.GenCBL
Arcabit	Trojan.Generic.D4056B87
ZoneAlarm	Trojan-Proxy.Win32.Sybici.vl
GData	Trojan.GenericKD.67464071
Google	Detected
MAX	malware (ai score=83)
Panda	Trj/Chgt.AD
Tencent	Win32.Trojan.FalseSign.Qcnw
Fortinet	W32/GenCBL.DVX!tr
DeepInstinct	MALICIOUS

64.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All