Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 28, 2023, 10:21 a.m.	July 28, 2023, 10:30 a.m.

Size	406.9KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`52911cc84b7dae18ea666f124700b68e`
SHA256	`25800eafa614ee6686374943e2c018b62a4207a8d58e60fb25fc615089192732`
CRC32	`36A75C5B`
ssdeep	`6144:PBe337n8xkABZYQk886f30tln8UAyangdMl3GC7RAWkQkORh6a0uXwXFGCu:I7LABZYQk8vfLDgdMlLRdK7Flu`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

wininit.exe "C:\Users\test22\AppData\Local\Temp\wininit.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 28, 2023, 10:21 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 0c 2e 78 44 0c 00 67 d2 07 85 0d a3 04 91 f0 exception.instruction: ja 0x4653577 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4653569 registers.esp: 56031048 registers.edi: 246324 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 56031044 registers.esi: 256 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 73 05 2f 06 fa 50 b4 11 9e 17 bb 0c 24 6f 58 80 exception.instruction: jae 0x46535a9 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x46535a2 registers.esp: 56031048 registers.edi: 246324 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 56031044 registers.esi: 256 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 08 34 ec 7f 31 92 31 f7 78 d0 86 00 58 b9 72 exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x46535df registers.esp: 56031052 registers.edi: 246324 registers.eax: 42427 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 73 04 31 39 be 76 04 00 57 bf 3e 00 00 00 81 ff exception.instruction: jae 0x4653619 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4653613 registers.esp: 56031048 registers.edi: 246324 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 256 registers.ecx: 56031044	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 0f 2a 5a 9f 79 27 d9 07 76 67 b2 b9 e5 d2 98 exception.instruction: jl 0x4653674 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4653663 registers.esp: 56031048 registers.edi: 256 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 56031044	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 3e 29 34 e3 8e 51 34 80 41 29 95 18 df 62 00 exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x465369a registers.esp: 56031052 registers.edi: 246324 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 64115 registers.ecx: 1794519210	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 38 3e 31 76 7e 00 58 51 8b 8d 47 02 00 00 e8 exception.instruction: mov dword ptr [eax], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x46536c6 registers.esp: 56031052 registers.edi: 246324 registers.eax: 38823 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 16384	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 39 2c c0 78 fd e9 23 b6 79 7d 21 7c fd c8 af exception.instruction: mov dword ptr [ecx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x46700d2 registers.esp: 56031012 registers.edi: 246324 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 39790	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 3d 9a 93 81 c1 a3 04 26 3d 51 8b 8d 52 02 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x46700ff registers.esp: 56031016 registers.edi: 246324 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 3269065673	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 33 6d b6 90 c7 d4 fb 2d 2d 56 be fa 2b 66 85 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4670110 registers.esp: 56031012 registers.edi: 246324 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 73 03 34 70 a5 51 e3 91 c2 f4 7f 2c 00 66 85 c9 exception.instruction: jae 0x4670146 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4670141 registers.esp: 56031004 registers.edi: 246324 registers.eax: 56031000 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 256 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 30 ac 54 0c 1e 70 1a 45 35 fb 9a 17 45 cc 3f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4670165 registers.esp: 56031012 registers.edi: 246324 registers.eax: 4272017984 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 3f ce 39 43 64 cc 30 e0 a9 79 cb 77 75 a6 35 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4670173 registers.esp: 56031012 registers.edi: 246324 registers.eax: 3149285563 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 30 e0 a9 79 cb 77 75 a6 35 df 48 da bb 51 b9 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4670179 registers.esp: 56031012 registers.edi: 246324 registers.eax: 3149285563 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 01 3f 3e 9b 00 59 50 8b 85 cb 01 00 00 57 bf exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x467019f registers.esp: 56031008 registers.edi: 246324 registers.eax: 7077988 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 5447	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 07 30 d5 d6 e0 ba 2f 00 5f 52 ba af 3e cd 8d exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x46701bf registers.esp: 56031004 registers.edi: 13964 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 04 30 bc 68 25 39 50 00 80 fe bc 58 38 fc 5a exception.instruction: ja 0x46701f1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x46701eb registers.esp: 56031000 registers.edi: 246324 registers.eax: 56030996 registers.ebp: 56031056 registers.edx: 256 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 12 2e 06 2b c9 a5 b1 44 ae 80 24 dc a7 7d d2 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4670213 registers.esp: 56031004 registers.edi: 246324 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 11234 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 70 03 2f 87 14 10 53 be 3c b6 3e 1c f6 5f f1 d9 exception.instruction: jo 0x467025d exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4670258 registers.esp: 56030996 registers.edi: 56030992 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 256 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0b 2e a1 69 52 ff f0 af 64 5c 88 8f 8c 48 0f exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4670286 registers.esp: 56031000 registers.edi: 246324 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 61009 registers.esi: 1995838602 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 28 68 ad cf 79 22 51 54 68 75 9a e6 de 37 42 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x46702a5 registers.esp: 56031004 registers.edi: 246324 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 73741585	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 02 28 22 14 d2 29 46 c2 1b 18 3c ea 53 2d 96 exception.instruction: jle 0x4670334 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4670330 registers.esp: 56030996 registers.edi: 246324 registers.eax: 56030992 registers.ebp: 56031056 registers.edx: 256 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 56031004	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 11 2b 15 bd 40 26 81 f4 38 af 2b a4 0a b4 99 exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4670359 registers.esp: 56031000 registers.edi: 246324 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 73740288 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 10702	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1f 32 dc 49 29 aa 0a f2 a3 00 5f e8 ac 98 01 exception.instruction: mov dword ptr [edi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x467038f registers.esp: 56031000 registers.edi: 49754 registers.eax: 5470480 registers.ebp: 56031056 registers.edx: 591789508 registers.ebx: 73740288 registers.esi: 1995838602 registers.ecx: 56031004	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 35 f6 06 b5 ee 76 a4 cb 8f 00 5b 81 c4 18 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x46703b2 registers.esp: 56031000 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 34327 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0e 2c d4 7c 7f 28 e1 3c 60 3a 3b 0f 8a 22 9b exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x46703dd registers.esp: 56031012 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 1433274627 registers.esi: 28264 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 08 29 85 26 42 a2 7b c6 9f ad f1 be cb ca 00 exception.instruction: jl 0x4670423 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4670419 registers.esp: 56031004 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 256 registers.ebx: 56031000 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 32 8d dd fb 93 6a b0 04 e4 7d 57 bf 4a c7 9f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4670436 registers.esp: 56031012 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 1433274627 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 72 0b 2a bf 2b a0 ec 51 30 e2 34 ea 8d 98 d5 0b exception.instruction: jb 0x467046a exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x467045d registers.esp: 56031004 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 1433274627 registers.esi: 1995838602 registers.ecx: 56031000	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 19 35 2d e4 3c 43 ad a8 c4 0f 00 59 cc 36 45 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x467049d registers.esp: 56031008 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 1433274627 registers.esi: 1995838602 registers.ecx: 49033	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 36 45 46 bb 40 b3 5e 17 30 a5 f0 78 58 ed 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x46704aa registers.esp: 56031012 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 1433274627 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 07 33 e7 5d 40 d2 93 3e 00 39 d0 5a 80 f9 c7 exception.instruction: jbe 0x46704e4 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x46704db registers.esp: 56031004 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 56031000 registers.ebx: 1433274627 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 17 2f a1 c0 e7 e5 a2 8e a1 d0 eb 5e 44 0e c3 exception.instruction: mov dword ptr [edi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x467050a registers.esp: 56031008 registers.edi: 50770 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 1433274627 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 36 63 19 15 f4 1d 9a 5d af 6d 85 6d a5 c5 89 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4670521 registers.esp: 56031012 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 1433274627 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 34 73 35 e0 44 ea cf 7d 57 82 85 95 bb 94 7d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4670536 registers.esp: 56031012 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 1433274627 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 03 2a 87 c3 14 a7 68 a3 75 44 1a 9c b7 f4 9a exception.instruction: jno 0x4670574 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x467056f registers.esp: 56031004 registers.edi: 246324 registers.eax: 56031000 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 79 02 2c 9f 10 b2 76 e2 29 dd 19 83 ca 22 ba f0 exception.instruction: jns 0x46705ab exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x46705a7 registers.esp: 56031004 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 165576084 registers.esi: 256 registers.ecx: 56031000	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1a 2d 0e ad c8 6a 6b 4d e7 91 d5 b1 08 29 72 exception.instruction: mov dword ptr [edx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x46705ea registers.esp: 56031008 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 6424 registers.ebx: 3729157126 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 78 04 28 25 f8 7a 17 aa a8 7c 51 51 f3 a6 d1 4c exception.instruction: js 0x467062a exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4670624 registers.esp: 56031004 registers.edi: 56031000 registers.eax: 256 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 12288 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 2d d1 8c 1c b1 7c 39 44 bd 33 85 71 0c 4f 3f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4670645 registers.esp: 56031008 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 1433274627 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 3d c2 21 89 eb 52 ba 03 40 0d 16 81 f2 cf 7d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4670659 registers.esp: 56031008 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 1433274627 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 78 04 2f e6 8f cb 93 5e 10 30 95 bb 67 5a 1e fe exception.instruction: js 0x4670681 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x467067b registers.esp: 56031000 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 256 registers.ebx: 56031056 registers.esi: 56030996 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 01 2f 97 79 b9 3d 8d a6 f2 2e 0b f8 99 ab 9c exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x46706b0 registers.esp: 56031004 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 56031056 registers.esi: 1995838602 registers.ecx: 579	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 33 98 35 f6 d7 54 c1 16 74 51 b9 2e ae 91 bb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x46706cc registers.esp: 56031008 registers.edi: 254522125 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 56031056 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 74 05 29 2b 28 2e bf c0 db f7 91 28 40 24 fb 00 exception.instruction: je 0x4670704 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x46706fd registers.esp: 56031000 registers.edi: 56030996 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 56031056 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0b 35 f6 7d a6 60 48 20 bf 4c 00 5b 81 ef bb exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4670734 registers.esp: 56031004 registers.edi: 4266854399 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 40084 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 03 31 c2 05 87 60 00 38 ca 5e 66 81 fe 4d 9d exception.instruction: jnp 0x467076d exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4670768 registers.esp: 56031000 registers.edi: 324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 56030996 registers.ecx: 182	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7a 09 37 25 43 21 a5 e9 f5 12 f3 89 08 00 84 c3 exception.instruction: jp 0x46707ad exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x46707a2 registers.esp: 56031000 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 56031380 registers.esi: 56030996 registers.ecx: 256	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 11 2a e8 ae 69 29 8e 2b fe c1 0a 6b 33 43 a8 exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x46707df registers.esp: 56031004 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 56031380 registers.esi: 1995838602 registers.ecx: 6984	1
__exception__ July 28, 2023, 10:22 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 74 02 3e 24 23 63 00 85 c1 5e 38 f5 59 89 bd dc exception.instruction: je 0x467081e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x467081a registers.esp: 56031000 registers.edi: 246324 registers.eax: 1995635376 registers.ebp: 56031056 registers.edx: 1995596250 registers.ebx: 56031380 registers.esi: 56030996 registers.ecx: 256	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 28, 2023, 10:21 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 28, 2023, 10:21 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 28, 2023, 10:21 a.m.	process_identifier: 2556 region_size: 36397056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03f10000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsaF2BD.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsaF2BD.tmp\System.dll

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ July 28, 2023, 10:22 a.m.	tid: 2656 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Trojan.GenericKD.68383663
FireEye	Trojan.GenericKD.68383663
Malwarebytes	Trojan.GuLoader
Arcabit	Trojan.Generic.D41373AF
Symantec	Packed.NSISPacker!g14
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Guloader.gen
BitDefender	Trojan.GenericKD.68383663
Emsisoft	Trojan.GenericKD.68383663 (B)
TrendMicro	Trojan.Win32.GULOADER.YXDG1Z
McAfee-GW-Edition	Artemis!Trojan
Trapmine	suspicious.low.ml.score
MAX	malware (ai score=82)
Gridinsoft	Trojan.Win32.GuLoader.bot
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	HEUR:Trojan.Win32.Guloader.gen
GData	Trojan.GenericKD.68383663
McAfee	Artemis!52911CC84B7D
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDG1Z
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (W)

wininit.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All