Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 29, 2023, 5:33 p.m.	June 29, 2023, 5:35 p.m.

Size	508.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`7f6e2a0959481ac955ffa5c591a1e25e`
SHA256	`4781b5ca739a280c011844dabab8fb008340ad82efa70486edc34e8de8a10946`
CRC32	`BE8ED334`
ssdeep	`12288:9FKBG73lOUG2H7zS8zjDMpOltJJCSJEM1oPa7XK:BrlMa7zbzPMWJJVv11a`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library NSIS_Installer - Null Soft Installer PE_Header_Zero - PE File Signature IsPE32 - (no description)

wikipedia.exe "C:\Users\test22\AppData\Local\Temp\wikipedia.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 29, 2023, 5:33 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 5d bf f9 96 ca 79 67 4c 05 80 b6 1b d9 42 4d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5e5b6d3 registers.esp: 58716784 registers.edi: 128504 registers.eax: 5992920 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 98938880 registers.esi: 16384 registers.ecx: 98940559	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b 43 8f d4 2c 03 82 32 c4 00 5b 56 8b b5 ba exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e5b6fa registers.esp: 58716780 registers.edi: 128504 registers.eax: 5992920 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 45968 registers.esi: 16384 registers.ecx: 98940559	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 42 5a 7d 5c a8 ed 8b 4a b7 e8 70 c6 00 00 89 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5e5b70d registers.esp: 58716780 registers.edi: 128504 registers.eax: 5992920 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 98940559	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 02 43 13 4d 0b c7 82 8b e8 00 38 f5 5f 39 c3 exception.instruction: jl 0x5e67db4 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e67db0 registers.esp: 58716736 registers.edi: 58716732 registers.eax: 256 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 98940559	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1f 5f 73 88 67 da 06 7e c0 30 bc 4e c8 b8 5b exception.instruction: mov dword ptr [edi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e67dd9 registers.esp: 58716740 registers.edi: 46881 registers.eax: 5992920 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 98940559	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 4f 9a 80 5a 1e c5 57 bf 03 e4 f2 2d 81 f7 ea exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5e67e25 registers.esp: 58716736 registers.edi: 128504 registers.eax: 5992920 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 98940559	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 37 59 28 58 02 3d 11 da b0 f0 1b da 87 71 b3 exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e67e44 registers.esp: 58716732 registers.edi: 21719 registers.eax: 5992920 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 98940559	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 02 40 48 16 f6 7e 00 38 ec 59 38 e5 5b 53 bb exception.instruction: jno 0x5e67e90 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e67e8c registers.esp: 58716728 registers.edi: 128504 registers.eax: 553345391 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 58716724	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 70 07 42 47 d5 1f e6 77 86 00 f6 c5 d4 5e 66 85 exception.instruction: jo 0x5e67ebf exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e67eb6 registers.esp: 58716728 registers.edi: 128504 registers.eax: 553345391 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 256 registers.esi: 58716724 registers.ecx: 98940559	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 75 02 4e c1 6b 00 84 ec 58 85 cb 5a 50 8b 85 87 exception.instruction: jne 0x5e67ef8 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e67ef4 registers.esp: 58716728 registers.edi: 128504 registers.eax: 58716724 registers.ebp: 58716784 registers.edx: 256 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 98940559	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 4d 40 45 a3 56 be 29 0b a7 85 81 c6 c1 3c 98 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5e67f07 registers.esp: 58716732 registers.edi: 128504 registers.eax: 5992920 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 98940559	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 70 0a 5d 4b 89 a7 04 ed 3a 2d 61 02 18 27 71 e0 exception.instruction: jo 0x5e67f3f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e67f33 registers.esp: 58716724 registers.edi: 128504 registers.eax: 5992920 registers.ebp: 58716784 registers.edx: 58716720 registers.ebx: 98938880 registers.esi: 256 registers.ecx: 98940559	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1e 41 86 76 9d 33 0b 00 5e 52 ba e8 1c a2 c6 exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e67f74 registers.esp: 58716728 registers.edi: 128504 registers.eax: 5992920 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 98938880 registers.esi: 43941 registers.ecx: 58716732	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 32 5c b5 bc 86 32 eb 30 84 db fc ce a9 9a 55 exception.instruction: mov dword ptr [edx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e67f96 registers.esp: 58716728 registers.edi: 128504 registers.eax: 5992920 registers.ebp: 58716784 registers.edx: 11884 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 58716732	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 70 06 59 a4 62 9f 3b f4 13 da c1 00 52 4b bc c3 exception.instruction: jo 0x5e67fef exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e67fe7 registers.esp: 58716724 registers.edi: 58716720 registers.eax: 1995635376 registers.ebp: 58716784 registers.edx: 1995596250 registers.ebx: 3056545589 registers.esi: 256 registers.ecx: 4262328486	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7a 07 58 0b 26 ac 63 bd 32 ae 2c 1c 13 97 db 00 exception.instruction: jp 0x5e68061 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68058 registers.esp: 58716736 registers.edi: 58716732 registers.eax: 1995635376 registers.ebp: 58716784 registers.edx: 1995596250 registers.ebx: 3586733035 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 03 5c 97 17 8d f8 57 39 48 c1 d7 05 4e 36 57 exception.instruction: jno 0x5e6809c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68097 registers.esp: 58716736 registers.edi: 58716732 registers.eax: 1995635376 registers.ebp: 58716784 registers.edx: 256 registers.ebx: 4 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 43 3b 66 44 17 e6 df 2a 6f d1 68 ed fb 0d 22 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5e680c6 registers.esp: 58716740 registers.edi: 128504 registers.eax: 1995635376 registers.ebp: 58716784 registers.edx: 1995596250 registers.ebx: 3056545589 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 5d 2e 27 19 9b da f3 6c ad d6 06 85 bf 50 f7 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5e680e4 registers.esp: 58716736 registers.edi: 128504 registers.eax: 1995635376 registers.ebp: 58716784 registers.edx: 1995596250 registers.ebx: 3056545589 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 01 4f db bc 68 00 59 01 c3 8b 85 4f 02 00 00 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e6813a registers.esp: 58716732 registers.edi: 128504 registers.eax: 324 registers.ebp: 58716784 registers.edx: 1995596250 registers.ebx: 58716784 registers.esi: 1995838602 registers.ecx: 53128	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 05 45 97 8f fb 7b fb 38 7c 45 30 00 eb 0e d0 exception.instruction: jno 0x5e68178 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68171 registers.esp: 58716728 registers.edi: 58716724 registers.eax: 1995635376 registers.ebp: 58716784 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 78 02 43 5a e5 aa cf 2e 97 01 00 84 d0 5b 84 ca exception.instruction: js 0x5e681e5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e681e1 registers.esp: 58716720 registers.edi: 128504 registers.eax: 1995635376 registers.ebp: 58716784 registers.edx: 1995596250 registers.ebx: 58716716 registers.esi: 256 registers.ecx: 182	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 00 41 b4 3a 4e 82 a1 00 58 81 b5 48 01 00 00 exception.instruction: mov dword ptr [eax], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e6821c registers.esp: 58716724 registers.edi: 128504 registers.eax: 22292 registers.ebp: 58716784 registers.edx: 1995596250 registers.ebx: 58717108 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 09 41 36 6d b8 ba dc 00 59 81 c3 0b 63 f0 07 exception.instruction: mov dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e68258 registers.esp: 58716724 registers.edi: 128504 registers.eax: 1995635376 registers.ebp: 58716784 registers.edx: 1995596250 registers.ebx: 58717108 registers.esi: 1995838602 registers.ecx: 36286	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 32 44 ef 8a 04 d6 73 58 91 d2 00 5a 89 85 d3 exception.instruction: mov dword ptr [edx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e68286 registers.esp: 58716724 registers.edi: 128504 registers.eax: 1995635376 registers.ebp: 58716784 registers.edx: 16723 registers.ebx: 58717112 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 36 5c 8e 92 3e 8f 87 b6 1d 85 43 99 ea 21 dd exception.instruction: mov dword ptr [esi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e682b9 registers.esp: 58716724 registers.edi: 128504 registers.eax: 58717112 registers.ebp: 58716784 registers.edx: 1995596250 registers.ebx: 58717112 registers.esi: 50457 registers.ecx: 182	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 06 42 16 7e 14 dd 9c fa 00 f6 c7 be 5a 66 f7 exception.instruction: jbe 0x5e6830c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68304 registers.esp: 58716716 registers.edi: 128504 registers.eax: 256 registers.ebp: 58716784 registers.edx: 58716712 registers.ebx: 58717112 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 72 06 58 c6 c1 fa c9 48 7b b6 88 42 8f 97 8e 00 exception.instruction: jb 0x5e68351 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68349 registers.esp: 58716712 registers.edi: 58716708 registers.eax: 1995635376 registers.ebp: 58716784 registers.edx: 256 registers.ebx: 58717112 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 59 f5 b2 7b 10 a2 63 fe 36 4d 0e 7b 95 0f 3d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5e68365 registers.esp: 58716744 registers.edi: 128504 registers.eax: 0 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 98992997	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 10 42 c6 21 d5 1d 03 20 00 58 61 83 bd 60 01 exception.instruction: mov dword ptr [eax], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e68391 registers.esp: 58716740 registers.edi: 128504 registers.eax: 37750 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 98992997	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 5d b2 6f 44 96 0f 64 9e ea b5 db a7 34 07 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e683ef registers.esp: 58716768 registers.edi: 128504 registers.eax: 4 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 6578 registers.esi: 1995838602 registers.ecx: 98940559	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 05 40 1e 83 2c a2 00 38 f5 58 84 fe 5b b8 d1 exception.instruction: jnp 0x5e6844e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68447 registers.esp: 58716764 registers.edi: 128504 registers.eax: 58716760 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 111542276	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 0e 5f 2e e8 97 09 2d 22 de fe 10 41 97 d6 1c exception.instruction: jno 0x5e684a1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68491 registers.esp: 58716764 registers.edi: 128504 registers.eax: 2727 registers.ebp: 58716784 registers.edx: 256 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 58716760	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 5d b2 6f 44 96 0f 64 9e ea b5 db a7 34 07 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e683ef registers.esp: 58716768 registers.edi: 128504 registers.eax: 8 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 6578 registers.esi: 1995838602 registers.ecx: 111542276	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 05 40 1e 83 2c a2 00 38 f5 58 84 fe 5b b8 d1 exception.instruction: jnp 0x5e6844e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68447 registers.esp: 58716764 registers.edi: 128504 registers.eax: 58716760 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 111542280	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 0e 5f 2e e8 97 09 2d 22 de fe 10 41 97 d6 1c exception.instruction: jno 0x5e684a1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68491 registers.esp: 58716764 registers.edi: 128504 registers.eax: 2727 registers.ebp: 58716784 registers.edx: 256 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 58716760	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 5d b2 6f 44 96 0f 64 9e ea b5 db a7 34 07 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e683ef registers.esp: 58716768 registers.edi: 128504 registers.eax: 12 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 6578 registers.esi: 1995838602 registers.ecx: 111542280	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 05 40 1e 83 2c a2 00 38 f5 58 84 fe 5b b8 d1 exception.instruction: jnp 0x5e6844e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68447 registers.esp: 58716764 registers.edi: 128504 registers.eax: 58716760 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 111542284	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 0e 5f 2e e8 97 09 2d 22 de fe 10 41 97 d6 1c exception.instruction: jno 0x5e684a1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68491 registers.esp: 58716764 registers.edi: 128504 registers.eax: 2727 registers.ebp: 58716784 registers.edx: 256 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 58716760	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 5d b2 6f 44 96 0f 64 9e ea b5 db a7 34 07 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e683ef registers.esp: 58716768 registers.edi: 128504 registers.eax: 16 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 6578 registers.esi: 1995838602 registers.ecx: 111542284	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 05 40 1e 83 2c a2 00 38 f5 58 84 fe 5b b8 d1 exception.instruction: jnp 0x5e6844e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68447 registers.esp: 58716764 registers.edi: 128504 registers.eax: 58716760 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 111542288	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 0e 5f 2e e8 97 09 2d 22 de fe 10 41 97 d6 1c exception.instruction: jno 0x5e684a1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68491 registers.esp: 58716764 registers.edi: 128504 registers.eax: 2727 registers.ebp: 58716784 registers.edx: 256 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 58716760	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 5d b2 6f 44 96 0f 64 9e ea b5 db a7 34 07 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e683ef registers.esp: 58716768 registers.edi: 128504 registers.eax: 20 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 6578 registers.esi: 1995838602 registers.ecx: 111542288	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 05 40 1e 83 2c a2 00 38 f5 58 84 fe 5b b8 d1 exception.instruction: jnp 0x5e6844e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68447 registers.esp: 58716764 registers.edi: 128504 registers.eax: 58716760 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 111542292	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 0e 5f 2e e8 97 09 2d 22 de fe 10 41 97 d6 1c exception.instruction: jno 0x5e684a1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68491 registers.esp: 58716764 registers.edi: 128504 registers.eax: 2727 registers.ebp: 58716784 registers.edx: 256 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 58716760	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 5d b2 6f 44 96 0f 64 9e ea b5 db a7 34 07 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e683ef registers.esp: 58716768 registers.edi: 128504 registers.eax: 24 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 6578 registers.esi: 1995838602 registers.ecx: 111542292	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 05 40 1e 83 2c a2 00 38 f5 58 84 fe 5b b8 d1 exception.instruction: jnp 0x5e6844e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68447 registers.esp: 58716764 registers.edi: 128504 registers.eax: 58716760 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 111542296	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 0e 5f 2e e8 97 09 2d 22 de fe 10 41 97 d6 1c exception.instruction: jno 0x5e684a1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68491 registers.esp: 58716764 registers.edi: 128504 registers.eax: 2727 registers.ebp: 58716784 registers.edx: 256 registers.ebx: 98938880 registers.esi: 1995838602 registers.ecx: 58716760	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 5d b2 6f 44 96 0f 64 9e ea b5 db a7 34 07 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5e683ef registers.esp: 58716768 registers.edi: 128504 registers.eax: 28 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 6578 registers.esi: 1995838602 registers.ecx: 111542296	1
__exception__ June 29, 2023, 5:33 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 05 40 1e 83 2c a2 00 38 f5 58 84 fe 5b b8 d1 exception.instruction: jnp 0x5e6844e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5e68447 registers.esp: 58716764 registers.edi: 128504 registers.eax: 58716760 registers.ebp: 58716784 registers.edx: 98938880 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 111542300	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 29, 2023, 5:33 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 29, 2023, 5:33 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 29, 2023, 5:33 p.m.	process_identifier: 2552 region_size: 52514816 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03840000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsf7CC.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsf7CC.tmp\System.dll

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00044a00', u'virtual_address': u'0x0005e000', u'entropy': 6.800710339910504, u'name': u'.rsrc', u'virtual_size': u'0x000449d0'}

entropy

6.80071033991

description

A section with a high entropy has been found

entropy

0.8955954323

description

Overall entropy of this PE file is high

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 29, 2023, 5:34 p.m.	tid: 2656 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Makoob.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Loader.1568
Cynet	Malicious (score: 100)
McAfee	Artemis!7F6E2A095948
Malwarebytes	Trojan.GuLoader
Sangfor	Trojan.Win32.Injector.V8r5
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	Trojan:Win32/Injector.88bbce47
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.dc8c9b
Arcabit	Trojan.Nemesis.D610B
Cyren	W32/Injector.NLSU-5664
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	NSIS/Injector.ASH
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Makoob.gen
BitDefender	Gen:Variant.Nemesis.24843
MicroWorld-eScan	Gen:Variant.Nemesis.24843
Avast	FileRepMalware [Misc]
Emsisoft	Gen:Variant.Nemesis.24843 (B)
VIPRE	Gen:Variant.Nemesis.24843
McAfee-GW-Edition	BehavesLike.Win32.Browser.hc
FireEye	Generic.mg.7f6e2a0959481ac9
Sophos	Mal/Generic-S
Ikarus	Trojan.NSIS.Agent
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan.Win32.Makoob.gen
GData	Gen:Variant.Nemesis.24843
Google	Detected
AhnLab-V3	Downloader/Win.GuLoader.C5447018
ALYac	Gen:Variant.Nemesis.24843
MAX	malware (ai score=88)
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H0DFT23
Rising	Trojan.Injector/NSIS!1.E690 (CLASSIC)
Fortinet	NSIS/Injector.2982!tr
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_70% (W)

wikipedia.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All