Summary | ZeroBOX

kobee.exe

Suspicious_Script_Bin NSIS UPX Malicious Library PE File DLL PE32
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 9, 2023, 9:07 a.m. Aug. 9, 2023, 9:10 a.m.
Size 476.4KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 f9523a569eaa47e6ce6dc10c9b07117b
SHA256 2e97f4d6bf16c0c918f48301129830bf11639ac0090c6eb937b126345fcc2185
CRC32 033575C7
ssdeep 6144:AmOPUVI5v8AiOEUi4+9Ret/+qw0iTOMeH/ThI3E8pEu77jKsU4kyvzvDlMh/BlUn:n+8dOluU/+qw0XBb4vvzTks5Mh7wo+
Yara
  • UPX_Zero - UPX packed file
  • NSIS_Installer - Null Soft Installer
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
section .ndata
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 7f 15 69 aa 7c bc 72 a8 e6 e8 f0 53 d5 eb 8d cd
exception.instruction: jg 0x50948b4
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x509489d
registers.esp: 1629816
registers.edi: 212220
registers.eax: 256
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 84492288
registers.esi: 2005865610
registers.ecx: 1629812
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 1b 78 9d 48 14 1d 32 6e 22 63 14 b0 ef eb 53
exception.instruction: mov dword ptr [ebx], ebx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50948f2
registers.esp: 1629820
registers.edi: 212220
registers.eax: 9117736
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 32647
registers.esi: 2005865610
registers.ecx: 3727432577
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 08 c5 f6 c2 ab d0 ea a7 2f af ab 92 c7 8a 8b
exception.instruction: mov dword ptr [eax], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x509493f
registers.esp: 1629820
registers.edi: 212220
registers.eax: 7098
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 84492288
registers.esi: 2005865610
registers.ecx: 2095792990
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 0f 00 da e9 00 00 00 00 00 00 00 00 00 ed 2c af
exception.instruction: ltr dx
exception.exception_code: 0xc0000096
exception.symbol:
exception.address: 0x50adf7b
registers.esp: 1629816
registers.edi: 212220
registers.eax: 9117736
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 84492288
registers.esi: 2005865610
registers.ecx: 84494383
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 79 07 9f 6e a0 a2 37 cb 5c b9 9a fd a6 c0 68 2f
exception.instruction: jns 0x50adfd6
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x50adfcd
registers.esp: 1629804
registers.edi: 256
registers.eax: 1629800
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 84492288
registers.esi: 2005865610
registers.ecx: 84494383
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 75 05 af 2c 45 40 9d d0 20 93 03 b2 26 c8 93 5a
exception.instruction: jne 0x50ae02c
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x50ae025
registers.esp: 1629776
registers.edi: 212220
registers.eax: 9117736
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 84492288
registers.esi: 1629772
registers.ecx: 256
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 30 ea 06 01 ef 8e 2b 98 b7 fa 62 40 c2 a9 3b
exception.instruction: mov dword ptr [eax], esi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae071
registers.esp: 1629776
registers.edi: 212220
registers.eax: 43926
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 84492288
registers.esi: 2005865610
registers.ecx: 84494383
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 7e 11 09 de 96 40 fd fd b9 7c 5c 47 2e fa 98 ac
exception.instruction: jle 0x50ae0cd
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x50ae0ba
registers.esp: 1629768
registers.edi: 212220
registers.eax: 9117736
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 1629764
registers.esi: 2005865610
registers.ecx: 256
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 37 6d fc 0a fe cb 60 49 c4 ad f4 40 fa 4f ab
exception.instruction: mov dword ptr [edi], esi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae104
registers.esp: 1629772
registers.edi: 10406
registers.eax: 9117736
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 84492288
registers.esi: 2005865610
registers.ecx: 84494383
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 0f 01 55 00 00 00 00 00 00 00 00 00 00 ee b0 6d
exception.instruction: lgdt ptr [ebp]
exception.exception_code: 0xc0000096
exception.symbol:
exception.address: 0x50ae130
registers.esp: 1629776
registers.edi: 212220
registers.eax: 9117736
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 84492288
registers.esi: 2005865610
registers.ecx: 84494383
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 0f 00 d8 b4 00 00 00 00 00 00 00 00 00 ec a5 3e
exception.instruction: ltr ax
exception.exception_code: 0xc0000096
exception.symbol:
exception.address: 0x50ae16b
registers.esp: 1629776
registers.edi: 212220
registers.eax: 9117736
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 84492288
registers.esi: 2005865610
registers.ecx: 1679323708
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc fb 36 a7 7c 25 83 a7 67 d3 e5 4e 15 c9 a8 de
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae1a3
registers.esp: 1629776
registers.edi: 212220
registers.eax: 9117736
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 84492288
registers.esi: 2005865610
registers.ecx: 1045811174
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 09 f1 1b 10 c2 0d b5 ca 93 38 30 17 ed 27 cd
exception.instruction: mov dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae1d8
registers.esp: 1629772
registers.edi: 212220
registers.eax: 9117736
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 84492288
registers.esi: 2005865610
registers.ecx: 30091
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 0f 00 17 6c 00 00 00 00 00 00 00 00 00 fd 0a 55
exception.instruction: lldt word ptr [edi]
exception.exception_code: 0xc0000096
exception.symbol:
exception.address: 0x50ae213
registers.esp: 1629772
registers.edi: 212220
registers.eax: 9117736
registers.ebp: 1629824
registers.edx: 84492288
registers.ebx: 84492288
registers.esi: 2005865610
registers.ecx: 84494383
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 0f 01 c2 ff 00 00 00 00 00 00 00 00 00 f5 f9 8a
exception.instruction: vmlaunch
exception.exception_code: 0xc000001d
exception.symbol:
exception.address: 0x50ae23d
registers.esp: 1629772
registers.edi: 212220
registers.eax: 9117736
registers.ebp: 1629824
registers.edx: 4019925233
registers.ebx: 84492288
registers.esi: 2005865610
registers.ecx: 1629772
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 0f c7 36 de 00 00 00 00 00 00 00 00 00 f3 c8 08
exception.instruction: vmptrld qword ptr [esi]
exception.exception_code: 0xc000001d
exception.symbol:
exception.address: 0x50ae26d
registers.esp: 1629772
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 4017924885
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 06 31 15 45 88 9d 29 75 85 a9 87 1c f2 79 52
exception.instruction: mov dword ptr [esi], eax
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae2c3
registers.esp: 1629768
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 4017924885
registers.esi: 55450
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc 0a 79 80 65 88 c8 f6 04 ab f3 af d0 fe 23 60
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae2f6
registers.esp: 1629772
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 4017924885
registers.esi: 1284713744
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc e8 8d 58 a7 f9 37 71 ff ec 7e 63 25 f1 a1 62
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae31c
registers.esp: 1629772
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 4017924885
registers.esi: 1019621445
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc 2c 8a 8a a1 33 df 42 f9 cf 01 a3 0d c4 f5 fe
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae351
registers.esp: 1629772
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 4017924885
registers.esi: 12
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 74 10 f0 7b ce 78 47 bc d5 b2 72 bc d4 f6 40 51
exception.instruction: je 0x50ae3ad
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x50ae39b
registers.esp: 1629776
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 4017924885
registers.esi: 256
registers.ecx: 1629772
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 06 6c ec 65 49 0f 7b f0 65 ac 72 30 cd 26 b5
exception.instruction: mov dword ptr [esi], eax
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae3f6
registers.esp: 1629776
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 4017924885
registers.esi: 61329
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 19 2a 22 3f 0f 35 2e 41 5c bb 6a f0 eb 12 bf
exception.instruction: mov dword ptr [ecx], ebx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae42a
registers.esp: 1629776
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 4017924885
registers.esi: 2005865610
registers.ecx: 47120
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 0f 01 13 f1 00 00 00 00 00 00 00 00 00 eb 41 57
exception.instruction: lgdt ptr [ebx]
exception.exception_code: 0xc0000096
exception.symbol:
exception.address: 0x50ae460
registers.esp: 1629780
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 4017924885
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc d7 66 e1 2b b9 7f 91 5e c2 a4 1d 49 f7 39 f2
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae49c
registers.esp: 1629780
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 4017924885
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 7a 1e 93 fa 85 82 24 ee dc 4d 65 50 6e f1 53 fc
exception.instruction: jp 0x50ae518
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x50ae4f8
registers.esp: 1629768
registers.edi: 212220
registers.eax: 1629764
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 4017924885
registers.esi: 256
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 74 05 f3 fc 42 72 7b 3a ad c2 a6 fe 26 cf 0f 18
exception.instruction: je 0x50ae55e
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x50ae557
registers.esp: 1629768
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 256
registers.ebx: 1629764
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 75 16 e8 ee 84 95 8e 08 cc e0 f9 14 5f c4 23 8d
exception.instruction: jne 0x50ae5b3
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x50ae59b
registers.esp: 1629768
registers.edi: 1629764
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 4017924885
registers.esi: 256
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 78 05 68 5e 46 19 1f 34 c5 b3 e7 7e 5e c0 4e 7b
exception.instruction: js 0x50ae5e1
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x50ae5da
registers.esp: 1629768
registers.edi: 212220
registers.eax: 256
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1629824
registers.esi: 1629764
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 3e a9 11 e5 b7 cc 54 a6 76 98 58 5c cd c5 e7
exception.instruction: mov dword ptr [esi], edi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae616
registers.esp: 1629772
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1629824
registers.esi: 38778
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc eb b5 bf 57 59 0f 01 51 56 e7 af 08 fc 77 a1
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae635
registers.esp: 1629776
registers.edi: 459457865
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1629824
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc f0 a6 4b 9d 12 83 ab fb 80 d4 a2 09 fe ab 18
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae65d
registers.esp: 1629776
registers.edi: 900314243
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1629824
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 7f 0a cf 9c b1 a5 08 7a 99 0a c1 b4 c3 c2 56 50
exception.instruction: jg 0x50ae6aa
exception.exception_code: 0x80000004
exception.symbol:
exception.address: 0x50ae69e
registers.esp: 1629768
registers.edi: 900314243
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1629764
registers.esi: 256
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 17 fd e9 4a f7 95 5e 6a 75 c6 0a d1 ee 67 58
exception.instruction: mov dword ptr [edi], edx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae6df
registers.esp: 1629772
registers.edi: 29661
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1629824
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 0f 01 13 59 00 00 00 00 00 00 00 00 00 f8 4c aa
exception.instruction: lgdt ptr [ebx]
exception.exception_code: 0xc0000096
exception.symbol:
exception.address: 0x50ae718
registers.esp: 1629776
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630148
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc b3 a7 da df 33 c4 a9 0b 5b f5 3e e0 c1 c7 bf
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae744
registers.esp: 1629776
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630148
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 0f 09 e1 e5 00 00 00 00 00 00 00 00 00 c7 12 b2
exception.instruction: wbinvd
exception.exception_code: 0xc0000096
exception.symbol:
exception.address: 0x50ae766
registers.esp: 1629772
registers.edi: 1630148
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630148
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc 17 84 f9 b9 66 9c c2 a2 87 87 06 6e f8 9d eb
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae785
registers.esp: 1629772
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630148
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc 9a ff 5e fa f6 6f f4 7d 8d 37 ef 8f c6 96 58
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae7bc
registers.esp: 1629772
registers.edi: 24422781
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630148
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc d2 65 d3 4a 62 55 fd 6d cc 8b e2 7b ef 9a d6
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae7da
registers.esp: 1629772
registers.edi: 2064835291
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630148
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc df 5d 7f b2 07 fb b6 d5 20 19 62 c4 f3 58 d5
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae811
registers.esp: 1629772
registers.edi: 0
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630148
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 30 52 44 db 9b 4b e5 7f 6f f4 15 33 f5 11 05
exception.instruction: mov dword ptr [eax], esi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae85f
registers.esp: 1629764
registers.edi: 212220
registers.eax: 52331
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630148
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: f3 0f c7 37 00 00 00 00 00 00 00 00 00 c0 57 c7
exception.instruction: vmxon qword ptr [edi]
exception.exception_code: 0xc000001d
exception.symbol:
exception.address: 0x50ae88b
registers.esp: 1629768
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630148
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 18 3b 85 26 b7 46 02 1e 59 7b 9f 93 f2 7a ef
exception.instruction: mov dword ptr [eax], ebx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae8d7
registers.esp: 1629764
registers.edi: 212220
registers.eax: 15032
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630148
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 0f 00 10 02 00 00 00 00 00 00 00 00 00 fc 5e c4
exception.instruction: lldt word ptr [eax]
exception.exception_code: 0xc0000096
exception.symbol:
exception.address: 0x50ae90e
registers.esp: 1629768
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630148
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 02 78 d4 ed 4b e8 ac 14 98 dc 0f 93 ff e4 34
exception.instruction: mov dword ptr [edx], eax
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae942
registers.esp: 1629764
registers.edi: 212220
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 32197
registers.ebx: 1630148
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 16 0f d6 68 a2 0c da dd 6e 0e cc 54 ca 35 27
exception.instruction: mov dword ptr [esi], edx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae98a
registers.esp: 1629764
registers.edi: 212220
registers.eax: 1630152
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630152
registers.esi: 17082
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: cc af 28 b3 62 76 74 97 3e bb c9 21 62 fa 8b 23
exception.instruction: int3
exception.exception_code: 0x80000003
exception.symbol:
exception.address: 0x50ae9a0
registers.esp: 1629764
registers.edi: 212220
registers.eax: 1630152
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630152
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 18 40 1c 72 1c a8 67 42 e2 19 01 36 cb 6e ee
exception.instruction: mov dword ptr [eax], ebx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50ae9e4
registers.esp: 1629756
registers.edi: 212220
registers.eax: 48036
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630152
registers.esi: 2005865610
registers.ecx: 182
1 0 0

__exception__

stacktrace:
DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa

exception.instruction_r: 89 3f 6d dd 1c f9 b2 85 cd 2a 14 43 bd f3 48 f6
exception.instruction: mov dword ptr [edi], edi
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x50aea0c
registers.esp: 1629756
registers.edi: 6023
registers.eax: 2005662384
registers.ebp: 1629824
registers.edx: 2005623258
registers.ebx: 1630152
registers.esi: 2005865610
registers.ecx: 182
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 1132
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10004000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 1132
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x10004000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1132
region_size: 40001536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04290000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\nscC465.tmp\System.dll
Time & API Arguments Status Return Repeated

SetFileAttributesW

file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\Users\test22\AppData\Roaming\Femkmperes\toksiners\thenars.ber
filepath: C:\Users\test22\AppData\Roaming\Femkmperes\toksiners\thenars.ber
0 0

SetFileAttributesW

file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\ProgramData\Femkmperes\toksiners\thenars.ber
filepath: C:\ProgramData\Femkmperes\toksiners\thenars.ber
0 0

SetFileAttributesW

file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\ProgramData\Femkmperes\toksiners\thenars.ber
filepath: C:\ProgramData\Femkmperes\toksiners\thenars.ber
0 0

SetFileAttributesW

file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\ProgramData\Femkmperes\toksiners\thenars.ber
filepath: C:\ProgramData\Femkmperes\toksiners\thenars.ber
0 0

SetFileAttributesW

file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\ProgramData\Femkmperes\toksiners\thenars.ber
filepath: C:\ProgramData\Femkmperes\toksiners\thenars.ber
0 0

SetFileAttributesW

file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: C:\ProgramData\Femkmperes\toksiners\thenars.ber
filepath: C:\ProgramData\Femkmperes\toksiners\thenars.ber
0 0
file C:\Users\test22\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\celene\Ddskn\aftest.lnk
file C:\Users\test22\omformatere\tridecene\sybarits\frinummer.lnk
file C:\Users\test22\AppData\Local\Temp\nscC465.tmp\System.dll
Time & API Arguments Status Return Repeated

__anomaly__

tid: 776
message: Encountered 65537 exceptions, quitting.
subcategory: exception
function_name:
1 0 0
Bkav W32.AIDetectMalware
MicroWorld-eScan Trojan.GenericKD.68583611
FireEye Trojan.GenericKD.68583611
Cylance unsafe
Sangfor Trojan.Win32.Makoob.Vw2e
K7AntiVirus Trojan ( 0059035d1 )
Alibaba Trojan:Win32/Makoob.1aafdc9f
K7GW Trojan ( 0059035d1 )
Cyren W32/Agent.GXE.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 NSIS/Injector.ASH
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan.Win32.Makoob.gen
BitDefender Trojan.GenericKD.68583611
Avast Win32:Evo-gen [Trj]
Tencent Win32.Trojan.FalseSign.Vwhl
Emsisoft Trojan.GenericKD.68583611 (B)
F-Secure Trojan.TR/AD.NsisInject.sdjto
DrWeb Trojan.Loader.1675
TrendMicro Trojan.Win32.GULOADER.YXDHHZ
McAfee-GW-Edition Artemis!Trojan
Sophos Mal/Generic-S
Ikarus Trojan.NSIS.Agent
Avira TR/AD.NsisInject.sdjto
Gridinsoft Trojan.Win32.GuLoader.bot
Microsoft Trojan:Win32/Casdet!rfn
ZoneAlarm HEUR:Trojan.Win32.Makoob.gen
GData Trojan.GenericKD.68583611
Google Detected
AhnLab-V3 Downloader/Win.GuLoader.C5438038
McAfee RDN/Generic Downloader.x
MAX malware (ai score=84)
Malwarebytes Crypt.Trojan.MSIL.DDS
Panda Trj/Chgt.AD
TrendMicro-HouseCall Trojan.Win32.GULOADER.YXDHHZ
Fortinet W32/ASH!tr
AVG Win32:Evo-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)