Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 2, 2023, 4:56 p.m.	Aug. 2, 2023, 5:05 p.m.

Size	8.4MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`768200a76def472e675539094047bed9`
SHA256	`79ff7ea339f95a557cec5e39d944118af6c105c29736e448d5aad60368eae5af`
CRC32	`B066D1F1`
ssdeep	`196608:feGA0JQYKTrkAXQx6S7Ou1vtYgeW8PQeKLS0MJ9z88O/b3:f3A0JQYKr6tNPYgvRLkHKj3`
Yara	UPX_Zero - UPX packed file Admin_Tool_IN_Zero - Admin Tool Sysinternals IsPE64 - (no description) PE_Header_Zero - PE File Signature themida_packer - themida packer

rdpcllp.exe "C:\Users\test22\AppData\Local\Temp\rdpcllp.exe"
2564

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section
section	.themida
section	.boot

The file contains an unknown PE resource name possibly indicative of a packer (6 events)

resource name	AFX_DIALOG_LAYOUT
resource name	AVI
resource name	FILE
resource name	PNG
resource name	SHADER
resource name	SVG

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4fa49d rdpcllp+0xc31ff0 @ 0x140061ff0 rdpcllp+0xc097ec @ 0x1400397ec HeapWalk-0x1ce0 kernel32+0x0 @ 0x76c10000 0x2ffcd8 0x2ffcd8 0x2ffcd8 0x4ffed4 0x4d3131 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa 0x4fc51076d814aa exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefd4fa49d registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3144944 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 3144952 registers.rdi: 5366857728 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: RtlRestoreContext+0x293 __chkstk-0x1fe ntdll+0x50bd2 @ 0x76d80bd2 exception.instruction_r: 48 cf 48 83 ec 30 4c 8b c4 48 81 ec d0 04 00 00 exception.symbol: RtlRestoreContext+0x293 __chkstk-0x1fe ntdll+0x50bd2 exception.instruction: iretq exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 330706 exception.address: 0x76d80bd2 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1
__exception__ Aug. 2, 2023, 4:49 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 3143120 registers.rsi: 0 registers.r10: 0 registers.rbx: 5367070763 registers.rsp: 3145032 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1993721121 registers.rdi: 0 registers.rax: 1992930251 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 2, 2023, 4:49 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e27000 process_handle: 0xffffffffffffffff	1	0	0
NtProtectVirtualMemory Aug. 2, 2023, 4:49 p.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d80000 process_handle: 0xffffffffffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (8 events)

section

{u'size_of_data': u'0x0000d400', u'virtual_address': u'0x00001000', u'entropy': 7.978561099912624, u'name': u' ', u'virtual_size': u'0x0001ebb0'}

entropy

7.97856109991

description