Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 2, 2023, 9:52 a.m.	Aug. 2, 2023, 10:05 a.m.

Size	467.8KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`00b0d25748447094c22e11aaa1f8d0a0`
SHA256	`df5fe9a0ba7f10d92cb21521aaa7850da19e7b3cfee35c2387dfe5d28e3480b3`
CRC32	`175CFD41`
ssdeep	`12288:s7LABZYQkCRwMn6dL/BlCDRe0XKCIeekY7FlV:EinAtl4R0yeBDV`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

wininit.exe "C:\Users\test22\AppData\Local\Temp\wininit.exe"
2564

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 2, 2023, 9:52 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc de 4f db ca 49 a0 24 a0 3c f0 9b 37 24 1f 93 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5c9fe86 registers.esp: 54720332 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 12 bb 04 db 0e 10 a4 3d 2c 26 bc 65 52 58 b8 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5c9fecc registers.esp: 54720328 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 17900 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 40 4f a3 4d 7c 56 d5 e4 53 1b a5 84 bd 00 e7 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5c9ff09 registers.esp: 54720332 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 19 40 0c 8b 98 e7 e1 cf c7 20 cd 59 68 46 7f exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc68c9 registers.esp: 54720324 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 12422	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7a 15 84 e4 2b bf f6 0b 6a 81 e0 63 06 c1 ec 40 exception.instruction: jp 0x5cc692b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5cc6914 registers.esp: 54720320 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 256 registers.ebx: 97120256 registers.esi: 54720316 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 29 dc a0 d3 f1 fc a3 01 91 bf 11 8a d4 77 be exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc695d registers.esp: 54720328 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 10 cf ba fe 34 e4 ce 0b 10 80 e0 59 57 34 79 exception.instruction: jl 0x5cc69ba exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5cc69a8 registers.esp: 54720288 registers.edi: 316800 registers.eax: 256 registers.ebp: 54720336 registers.edx: 54720284 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 37 f9 23 00 3c 33 7a 2b 23 46 8d 13 9f 29 c0 exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc69ee registers.esp: 54720292 registers.edi: 29155 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 0f 01 1b da 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lidt ptr [ebx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc6a13 registers.esp: 54720292 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 13 a7 2d de d8 05 24 3a 75 2f 03 ce ab af 3b exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc6a54 registers.esp: 54720288 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 36017 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 40 28 a4 84 27 a0 25 94 95 4e 6a 65 10 e4 48 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc6a80 registers.esp: 54720292 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 0f 01 39 c2 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: invlpg byte ptr [ecx] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x5cc6aa2 registers.esp: 54720288 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 0f 00 17 75 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lldt word ptr [edi] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x5cc6ac3 registers.esp: 54720288 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 22 3b c4 8b 6f df 68 a2 01 9b 3e 2f c8 32 3e exception.instruction: jle 0x5cc6b4c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5cc6b28 registers.esp: 54720280 registers.edi: 256 registers.eax: 54720276 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 0f 01 13 e3 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lgdt ptr [ebx] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x5cc6b5c registers.esp: 54720288 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 9e 5d db 13 74 00 68 0f 48 fe e9 f1 cb 8e 07 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc6b7a registers.esp: 54720288 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc ac c6 7e e2 5a 2d 4d 32 7c 7c f5 d4 05 df 89 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc6baa registers.esp: 54720288 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 22 77 50 a1 23 4c 83 d4 a2 67 b1 05 46 fd 8e exception.instruction: jbe 0x5cc6c24 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5cc6c00 registers.esp: 54720276 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 256 registers.esi: 54720272 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 99 e5 3a 95 f3 20 c1 6d a5 5e 72 de fd be d0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc6c3f registers.esp: 54720284 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc e2 71 32 11 8a 76 9c b6 c3 a0 c8 cf f7 9c e6 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc6c77 registers.esp: 54720284 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 97123916	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 39 ce e8 69 bc 8b 25 00 1f 27 df 59 93 9c 6f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc6ca5 registers.esp: 54720284 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 97120256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 54720284	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 16 19 57 2d ba 6c 7f a7 64 ca af 5c de 82 70 exception.instruction: jl 0x5cc6d07 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5cc6cef registers.esp: 54720276 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 256 registers.ebx: 97120256 registers.esi: 1995838602 registers.ecx: 54720272	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0e d1 65 fe 2a 71 a0 9e a7 a7 eb 29 e2 cc 3b exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc6d37 registers.esp: 54720280 registers.edi: 316800 registers.eax: 5878576 registers.ebp: 54720336 registers.edx: 768900121 registers.ebx: 97120256 registers.esi: 16938 registers.ecx: 54720284	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7a 1d 58 5f 7a 39 fc f5 2e 34 a1 d0 f2 9b e2 3f exception.instruction: jp 0x5cc6da6 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5cc6d87 registers.esp: 54720276 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 256 registers.ebx: 2148751733 registers.esi: 54720272 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1a 7a 50 10 13 1c 97 4c 39 ac 64 70 26 47 24 exception.instruction: mov dword ptr [edx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc6dd3 registers.esp: 54720280 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 3830 registers.ebx: 2148751733 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 09 6f b3 5d 4e 28 0f e4 86 27 80 86 26 81 c4 exception.instruction: mov dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc6e2a registers.esp: 54720280 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 2148751733 registers.esi: 1995838602 registers.ecx: 29014	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 08 8d 94 3d 04 0c 88 f6 68 e7 b0 ad de e6 15 exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc6e7c registers.esp: 54720280 registers.edi: 316800 registers.eax: 31979 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 2148751733 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 61 76 9e aa db 3a 0d c6 6b ce 84 94 c7 92 b5 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc6eaf registers.esp: 54720284 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 2148751733 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 0f 01 12 07 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lgdt ptr [edx] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x5cc6ed9 registers.esp: 54720284 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 2148751733 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 11 3b fa 27 33 91 1e 5d 48 d0 48 5d b7 c9 5b exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc6fa6 registers.esp: 54720292 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 2148751733 registers.esi: 1995838602 registers.ecx: 58764	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 0f 32 07 a7 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: rdmsr exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x5cc6fdc registers.esp: 54720296 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 2148751733 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 37 9f 68 7f 72 81 05 68 cc e9 78 75 90 f7 6c exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc702c registers.esp: 54720288 registers.edi: 14527 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 2148751733 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 0f 01 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lidt ptr [ebp] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc7052 registers.esp: 54720292 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 2148751733 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 0f 01 f1 c5 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lmsw cx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x5cc7081 registers.esp: 54720292 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 2148751733 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: f4 33 71 21 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: hlt exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x5cc70c8 registers.esp: 54720292 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 2148751733 registers.esi: 507779013 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc eb 0a be 13 fb 7f f4 bf 46 d8 7d 44 4f 2b 2d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc70f5 registers.esp: 54720292 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 2148751733 registers.esi: 12288 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 0f c2 8f ef 7b e3 ab c1 59 d8 d7 71 70 dd e1 exception.instruction: jbe 0x5cc7146 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5cc7135 registers.esp: 54720284 registers.edi: 54720280 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 256 registers.ebx: 2148751733 registers.esi: 12288 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc b6 84 e8 6c 48 b3 d3 9a 21 44 1d 4c 50 0c b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc7160 registers.esp: 54720288 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 2148751733 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 72 15 ee 61 43 3d c7 cf d0 27 0d 48 ac c7 c5 3b exception.instruction: jb 0x5cc71c3 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5cc71ac registers.esp: 54720280 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 54720276 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 01 46 cc 48 ca d6 67 ca 4d f4 a0 fb 8b a1 4b exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc7210 registers.esp: 54720284 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 54720660 registers.esi: 1995838602 registers.ecx: 56818	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 25 7d ef 47 ba 34 a3 3d 83 34 1a 6b 3b bb a7 exception.instruction: ja 0x5cc7289 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5cc7262 registers.esp: 54720280 registers.edi: 54720276 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 54720660 registers.esi: 256 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 13 35 63 66 83 27 3f eb 5f b5 4e 9b 65 71 d6 exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc72b8 registers.esp: 54720284 registers.edi: 316800 registers.eax: 54720660 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 3058 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc d1 e2 aa ad 49 03 6b 3c 56 ac 25 bf 30 81 48 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc72e3 registers.esp: 54720284 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 54720660 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc 1d 75 25 4f f4 d7 97 76 45 8f 42 cb 08 e0 de exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc730a registers.esp: 54720284 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 54720660 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 38 6b 51 69 2e 67 98 77 ed bc 9c cb fc cf 4f exception.instruction: mov dword ptr [eax], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc7349 registers.esp: 54720280 registers.edi: 316800 registers.eax: 59375 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 54720660 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc e2 20 4a a4 55 85 01 d7 2e c2 62 47 8d 6f 9e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5cc7374 registers.esp: 54720280 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 54720660 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 74 1a 02 59 9b 55 a6 b3 a1 1f 05 34 1a eb 35 b7 exception.instruction: je 0x5cc73e4 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5cc73c8 registers.esp: 54720272 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 54720268 registers.esi: 256 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 30 e3 2d ee 26 5b 39 a4 06 a0 76 ed 6f e8 7c exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc741a registers.esp: 54720276 registers.edi: 316800 registers.eax: 61155 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 54720660 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 03 a8 db 50 26 85 23 30 62 8a d6 61 61 dd 1f exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5cc7455 registers.esp: 54720276 registers.edi: 316800 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 52564 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 2, 2023, 9:53 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 74 19 25 c1 52 d3 f9 8a 98 22 93 73 4e de 2e 9a exception.instruction: je 0x5cc74c0 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5cc74a5 registers.esp: 54720272 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 54720336 registers.edx: 1995596250 registers.ebx: 54720268 registers.esi: 1995838602 registers.ecx: 182	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Aug. 2, 2023, 9:52 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 2, 2023, 9:52 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 2, 2023, 9:52 a.m.	process_identifier: 2564 region_size: 79572992 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03dd0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nstF1A4.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nstF1A4.tmp\System.dll

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Aug. 2, 2023, 9:54 a.m.	tid: 2652 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 32 AntiVirus engines on VirusTotal as malicious (32 events)

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Trojan.GenericKD.68469640
FireEye	Trojan.GenericKD.68469640
Malwarebytes	Trojan.GuLoader.NSIS
Sangfor	Trojan.Win32.Agent.V3wq
K7GW	Trojan ( 005a955c1 )
CrowdStrike	win/malicious_confidence_90% (W)
Cyren	W32/ABRisk.OVGF-7641
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	NSIS/Injector.BZR
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Trojan.GenericKD.68469640
Avast	FileRepMalware [Misc]
Sophos	Mal/Generic-S
TrendMicro	Trojan.Win32.GULOADER.YXDHAZ
McAfee-GW-Edition	Artemis!Trojan
Trapmine	suspicious.low.ml.score
Emsisoft	Trojan.GenericKD.68469640 (B)
Webroot	W32.Trojan.Casdet
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Trojan.GenericKD.68469640
Google	Detected
McAfee	RDN/Generic.dx
MAX	malware (ai score=86)
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDHAZ
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS

wininit.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All