Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 12, 2023, 7:35 a.m.	Sept. 12, 2023, 7:40 a.m.

Size	593.4KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`35951704bf97c135fec65cca9bc2e1c1`
SHA256	`932a29dcd8b778f2e7c509b3ef9d732632edc266596bea3ed351803dc08cd5af`
CRC32	`E06AFA6F`
ssdeep	`12288:Sgm/Sduud+GG2zwcb9ZSNpLen7CgAHWfRdaA:Sg1duud+G0u9ANJM7CCJ`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file NSIS_Installer - Null Soft Installer PE_Header_Zero - PE File Signature IsPE32 - (no description)

igucc.exe "C:\Users\test22\AppData\Local\Temp\igucc.exe"
1680

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 12, 2023, 7:35 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 55 00 00 00 00 00 00 00 bb 79 01 44 59 1c exception.instruction: lgdt ptr [ebp] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0xc2fad23 registers.esp: 61272472 registers.edi: 203676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 17 6c e0 37 2d 42 cc 7b cd 9f f5 5e 5d 9b 2b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc2fad58 registers.esp: 61272472 registers.edi: 203676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 0e f7 ae aa bb 76 07 a5 b9 a3 2a 31 d1 7b 36 exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc313a2e registers.esp: 61272464 registers.edi: 203676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 33385 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 1e 1e 00 00 00 00 00 00 9a 7d f9 51 ca 06 exception.instruction: lidt ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc313a60 registers.esp: 61272464 registers.edi: 203676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 30 e8 fe 4f e4 97 15 6e 80 a8 48 ca 59 62 c3 exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc313a94 registers.esp: 61272464 registers.edi: 203676 registers.eax: 46868 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 37 4c 9d 4e 90 83 05 21 50 ad 58 9d 32 b4 0a exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc313ad4 registers.esp: 61272432 registers.edi: 19676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 71 09 7f 5f 3c 72 34 39 a3 5e 81 07 3f 80 b0 81 exception.instruction: jno 0xc313b25 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0xc313b1a registers.esp: 61272428 registers.edi: 203676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 61272424	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 18 88 00 00 00 00 00 00 aa 91 c9 d0 ed 94 exception.instruction: lidt ptr [eax] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc313b4f registers.esp: 61272432 registers.edi: 203676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 16 9b 00 00 00 00 00 00 91 0a 15 0e 8f c6 exception.instruction: lgdt ptr [esi] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0xc313b7f registers.esp: 61272428 registers.edi: 203676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 3e 5f 0c bc 56 c5 c3 94 2a 9c 52 9b b4 2e cd exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc313bc3 registers.esp: 61272424 registers.edi: 203676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 51399 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 66 0f c7 32 00 00 00 00 00 00 92 5d af e0 6f 66 exception.instruction: vmclear qword ptr [edx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0xc313bdd registers.esp: 61272428 registers.edi: 203676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7f 03 79 5a b6 d4 19 a4 a7 ba a1 0f 51 84 5b 36 exception.instruction: jg 0xc313c1f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0xc313c1a registers.esp: 61272420 registers.edi: 203676 registers.eax: 61272416 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 13 96 00 00 00 00 00 00 9a 59 aa 0d d8 2c exception.instruction: lgdt ptr [ebx] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0xc313c54 registers.esp: 61272428 registers.edi: 2135550451 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 30 30 ee 94 87 41 92 08 53 97 e8 1d a9 27 0a exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc313c88 registers.esp: 61272424 registers.edi: 160631721 registers.eax: 22797 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 09 23 ad 39 b2 69 94 2e 19 bc d1 e8 cf 3f 67 exception.instruction: mov dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc313cc6 registers.esp: 61272424 registers.edi: 1093371826 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 28423	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 97 ba 06 5a 3f 5b 22 ff dd 9e f6 62 28 aa 79 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc313cff registers.esp: 61272428 registers.edi: 7602286 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc c0 ac 8e 9e 88 29 87 1e 1d a1 9c 7d b3 ba e2 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc313d16 registers.esp: 61272424 registers.edi: 203676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 204451044	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 71 0a 11 cb d7 38 cc 01 b6 ea 9a 98 f7 b7 8f 05 exception.instruction: jno 0xc313d78 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0xc313d6c registers.esp: 61272416 registers.edi: 203676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 61272412 registers.ecx: 256	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 5b da 84 a6 80 69 4a b6 c0 ac cf 8e 81 0b be exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc313d88 registers.esp: 61272424 registers.edi: 203676 registers.eax: 6650328 registers.ebp: 61272476 registers.edx: 204447744 registers.ebx: 204447744 registers.esi: 2005865610 registers.ecx: 61272424	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 70 eb 9d 56 4a 70 8e 70 f9 a7 3c a6 4e 1f a8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc313ddd registers.esp: 61272436 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 2567368597 registers.esi: 2005865610 registers.ecx: 4	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc a6 11 69 37 a0 57 c9 92 94 80 34 d0 95 cc 05 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc313e0d registers.esp: 61272432 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 2567368597 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 05 8c e6 0f a8 0f 85 3a 94 83 7f 67 68 b8 bd exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc313e1b registers.esp: 61272432 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 2567368597 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 7f 0b d7 03 a3 93 e8 8f 6f bc a4 00 6f c6 d8 5c exception.instruction: jg 0xc313e5c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0xc313e4f registers.esp: 61272420 registers.edi: 256 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 2567368597 registers.esi: 61272416 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 79 28 5d a2 9a df 47 82 0c 5c a5 8d 99 7b 92 3b exception.instruction: jns 0xc313ed8 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0xc313eae registers.esp: 61272420 registers.edi: 61272416 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 2567368597 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 45 b2 7a 52 4a 32 cd 48 47 bf 03 44 c7 21 fe exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc313ee7 registers.esp: 61272428 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 2567368597 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 1a 41 00 00 00 00 00 00 a2 17 9c 34 d8 79 exception.instruction: lidt ptr [edx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc313f1f registers.esp: 61272428 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 2567368597 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 00 14 24 00 00 00 00 00 00 ac 1a 24 dc cb 83 exception.instruction: lldt word ptr [esp] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0xc313f4b registers.esp: 61272428 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 2567368597 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 0e 58 62 17 79 0f e5 94 90 9f 2c cc b2 5e d5 exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc313f8d registers.esp: 61272424 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272476 registers.esi: 10280 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 0b 06 32 f2 48 1c d4 e7 1e bc 82 b8 b8 14 1d exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc313fd5 registers.esp: 61272424 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 63589 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 10 bd d6 6d 91 00 44 8c 80 a7 c3 c8 78 73 97 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc314012 registers.esp: 61272428 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272476 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 5d 00 00 00 00 00 00 00 94 57 83 0a a0 5f exception.instruction: lidt ptr [ebp] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc31403b registers.esp: 61272428 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272476 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 30 7e 00 00 00 00 00 00 90 6f 24 64 41 4a exception.instruction: lmsw word ptr [eax] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0xc31405f registers.esp: 61272428 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272800 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 94 2b 13 66 9f 08 3c c5 dd be 0a 67 86 15 5b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc31407d registers.esp: 61272428 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272800 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 79 f4 1e a9 00 64 24 f0 ef 91 89 b1 f0 cd 7a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc3140ad registers.esp: 61272428 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272800 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 17 28 9e 52 5f 5e 5f bd a4 a0 95 33 b1 7f fe exception.instruction: mov dword ptr [edi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc3140e6 registers.esp: 61272424 registers.edi: 34521 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272800 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 f2 49 00 00 00 00 00 00 a6 a1 49 33 2e 9d exception.instruction: lmsw dx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0xc314116 registers.esp: 61272424 registers.edi: 61272800 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272800 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 84 66 da 75 52 af 93 ae 93 98 11 eb 86 99 21 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc314144 registers.esp: 61272424 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272800 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 1e 03 0d be 45 bc de ce ab 92 8c 45 1d 96 d1 exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc314178 registers.esp: 61272420 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272800 registers.esi: 17065 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 75 29 7f a2 83 f9 a0 ca cb 26 a1 dd a0 56 d5 19 exception.instruction: jne 0xc3141dc exception.exception_code: 0x80000004 exception.symbol: exception.address: 0xc3141b1 registers.esp: 61272416 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272800 registers.esi: 61272412 registers.ecx: 256	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 c4 28 00 00 00 00 00 00 ab de 01 97 0f bf exception.instruction: vmxoff exception.exception_code: 0xc000001d exception.symbol: exception.address: 0xc3141e9 registers.esp: 61272424 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272800 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 16 50 5e 1e f9 de 74 79 6f bb 01 69 26 56 c6 exception.instruction: mov dword ptr [esi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc314225 registers.esp: 61272416 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272800 registers.esi: 35142 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 06 f1 ec 31 03 8f 09 e0 a4 bb ca df be df 5b exception.instruction: mov dword ptr [esi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc31428e registers.esp: 61272416 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272800 registers.esi: 55169 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 03 fa 86 09 bc 8d 51 d5 3f aa f8 b6 6f 00 3e exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc3142ec registers.esp: 61272416 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 64398 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 3a 61 b1 b0 6f fb 3b 6d 0d 80 c2 86 01 5a 81 exception.instruction: mov dword ptr [edx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc31432d registers.esp: 61272416 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 11031 registers.ebx: 61272800 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 07 b6 83 06 45 d1 90 01 b4 a6 e9 05 50 29 59 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc31436d registers.esp: 61272416 registers.edi: 46101 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 1834258938 registers.ebx: 61272800 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 71 0f ce 99 00 a7 ab 61 4a a4 aa 43 cd fd f9 47 exception.instruction: jno 0xc3143c0 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0xc3143af registers.esp: 61272412 registers.edi: 203676 registers.eax: 256 registers.ebp: 61272476 registers.edx: 1834258938 registers.ebx: 61272800 registers.esi: 2005865610 registers.ecx: 61272408	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 12 b2 9a 71 c2 58 8d 78 c6 ad de 3f 45 d1 ba exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc3143f1 registers.esp: 61272416 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 23761 registers.ebx: 61272800 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 89 0e 91 68 ae d0 d5 15 2f 05 bb 10 cb cd f8 41 exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc314427 registers.esp: 61272416 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 1580622520 registers.ebx: 61272800 registers.esi: 4678 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: 0f 01 f0 fe 00 00 00 00 00 00 98 8b b0 f2 34 6a exception.instruction: lmsw ax exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0xc314463 registers.esp: 61272420 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 1197665661 registers.ebx: 61272800 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:35 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa exception.instruction_r: cc 53 09 34 59 2e a0 61 c6 66 aa 03 c6 62 16 a7 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0xc314487 registers.esp: 61272420 registers.edi: 203676 registers.eax: 2005662384 registers.ebp: 61272476 registers.edx: 2005623258 registers.ebx: 61272804 registers.esi: 2005865610 registers.ecx: 182	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 12, 2023, 7:35 a.m.	process_identifier: 1680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x741c5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 12, 2023, 7:35 a.m.	process_identifier: 1680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fe5000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 12, 2023, 7:35 a.m.	process_identifier: 1680 region_size: 74727424 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x085b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Temp\nsfC2DF.tmp\System.dll
file	C:\Users\test22\AppData\Local\Temp\nsfC2DF.tmp\nsExec.dll

Creates hidden or system file (6 events)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW Sept. 12, 2023, 7:35 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\Slacker.sch filepath: C:\Users\test22\AppData\Local\Temp\Slacker.sch		0	0
SetFileAttributesW Sept. 12, 2023, 7:35 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\Slacker.sch filepath: C:\Users\test22\AppData\Local\Temp\Slacker.sch		0	0
SetFileAttributesW Sept. 12, 2023, 7:35 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\Slacker.sch filepath: C:\Users\test22\AppData\Local\Temp\Slacker.sch		0	0
SetFileAttributesW Sept. 12, 2023, 7:35 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\Slacker.sch filepath: C:\Users\test22\AppData\Local\Temp\Slacker.sch		0	0
SetFileAttributesW Sept. 12, 2023, 7:35 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\Slacker.sch filepath: C:\Users\test22\AppData\Local\Temp\Slacker.sch		0	0
SetFileAttributesW Sept. 12, 2023, 7:35 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\Slacker.sch filepath: C:\Users\test22\AppData\Local\Temp\Slacker.sch		0	0

Creates a shortcut to an executable file (2 events)

file	C:\Users\test22\AppData\Roaming\oppositioners\skallesmkkerne\Dissimiliationens\Mints129.lnk
file	C:\Users\test22\AppData\Local\Temp\discussional\croquises\intermixtly\sportsbegivenhederne.lnk

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\nsfC2DF.tmp\nsExec.dll
file	C:\Users\test22\AppData\Local\Temp\nsfC2DF.tmp\System.dll

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Sept. 12, 2023, 7:36 a.m.	tid: 2128 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 34 AntiVirus engines on VirusTotal as malicious (34 events)

Bkav	W32.AIDetectMalware
FireEye	Generic.mg.35951704bf97c135
McAfee	Artemis!35951704BF97
Malwarebytes	Trojan.GuLoader
Sangfor	Trojan.Win32.Makoob.Vt7a
K7AntiVirus	Riskware ( 00584baa1 )
Alibaba	Trojan:Win32/Makoob.cca81575
K7GW	Riskware ( 00584baa1 )
Cyren	W32/Ninjector.KR.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	NSIS/Injector.ASH
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Makoob.gen
BitDefender	Trojan.GenericKD.69227913
Avast	Win32:Evo-gen [Trj]
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Injector.myvsw
McAfee-GW-Edition	BehavesLike.Win32.Generic.hh
Ikarus	Trojan.NSIS.Guloader
Webroot	W32.Malware.Gen
Avira	TR/Injector.myvsw
Gridinsoft	Spy.Win32.AzorUlt.bot
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan.Win32.Makoob.gen
Google	Detected
MAX	malware (ai score=80)
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDIKZ
SentinelOne	Static AI - Suspicious PE
AVG	Win32:Evo-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (W)

igucc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All