Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 12, 2023, 7:40 a.m.	Sept. 12, 2023, 7:45 a.m.

Size	584.8KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`919f4ad18943cbfbaa1d5f4555b37808`
SHA256	`2ba4c247d71613b4016efe1c667d197f37636d0fcc22685c8fdf75eae66b460e`
CRC32	`A159886A`
ssdeep	`6144:SgORa6xKTuuuqjL7IMLeSMGeBLe33NIjJLo0SdWl0KB8VIiUgYQ7efXg8pY:Sgm/SMGe9sWJzSdWv8VIJQcpY`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file NSIS_Installer - Null Soft Installer PE_Header_Zero - PE File Signature IsPE32 - (no description)

igucc.exe "C:\Users\test22\AppData\Local\Temp\igucc.exe"
2544

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.156.174.115	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 12, 2023, 7:40 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 74 1d 6e e7 be 59 0d 65 dd 10 2d 4a 8a 33 e2 22 exception.instruction: je 0x9f7ac16 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f7abf7 registers.esp: 65532304 registers.edi: 256 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 65532300 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 74 02 dd 43 f8 2c df 16 d6 74 5e 56 68 08 4f f3 exception.instruction: je 0x9f7ac5f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f7ac5b registers.esp: 65532304 registers.edi: 256 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 65532300 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 00 20 e5 6b 24 43 18 13 cc d2 b4 82 0d 2c 5d exception.instruction: mov dword ptr [eax], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9f7ac9d registers.esp: 65532308 registers.edi: 195480 registers.eax: 44735 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 58 61 69 1c 0e 7c b7 08 e6 ac 11 9f 18 df e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f7acbf registers.esp: 65532312 registers.edi: 195480 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 77 1b 9f a0 80 09 95 d9 8b fc 8d e1 b8 3e 7a 40 exception.instruction: ja 0x9f9297b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f9295e registers.esp: 65532300 registers.edi: 256 registers.eax: 65532296 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 01 18 e1 00 00 00 00 00 00 00 00 00 37 c7 b9 exception.instruction: lidt ptr [eax] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9f929a8 registers.esp: 65532272 registers.edi: 195480 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 01 02 4f f4 a4 84 4a f3 73 75 33 4b 26 41 a3 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9f929e1 registers.esp: 65532268 registers.edi: 195480 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 22020	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 00 48 bb 78 e2 0a 74 b4 40 a2 31 5e 0b 66 f7 exception.instruction: mov dword ptr [eax], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9f92a23 registers.esp: 65532268 registers.edi: 195480 registers.eax: 60927 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7b 08 d3 b4 ba 2c 43 6f a3 b9 b1 5a 06 06 46 cb exception.instruction: jnp 0x9f92a73 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f92a69 registers.esp: 65532264 registers.edi: 256 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 65532260	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 3a ab a6 98 8c 37 dc 36 66 b8 9c 27 06 1d 70 exception.instruction: mov dword ptr [edx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9f92aa9 registers.esp: 65532268 registers.edi: 195480 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 1953 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 00 df f4 00 00 00 00 00 00 00 00 00 36 c5 75 exception.instruction: ltr di exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x9f92ac0 registers.esp: 65532268 registers.edi: 195480 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 09 5d 05 00 00 00 00 00 00 00 00 00 35 eb 0a exception.instruction: wbinvd exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x9f92aef registers.esp: 65532268 registers.edi: 195480 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc cd 85 81 77 35 db 2d 89 9f 03 83 48 0a df 66 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f92b18 registers.esp: 65532268 registers.edi: 195480 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 57 eb dd ac e7 51 e3 24 97 b6 35 4e 3b 21 b0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f92b35 registers.esp: 65532268 registers.edi: 195480 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 42 4a 6a e0 46 bd 15 d9 e0 aa 98 26 0e 72 fc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f92b6c registers.esp: 65532268 registers.edi: 195480 registers.eax: 646295568 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 73 21 6e 78 dc ab 85 98 08 86 5d 4c 64 3a ab 51 exception.instruction: jae 0x9f92bcf exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f92bac registers.esp: 65532260 registers.edi: 195480 registers.eax: 2261101297 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 256 registers.ecx: 65532256	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 02 ec e2 97 30 6b c7 55 cb 4d 5d ef 25 7d 91 exception.instruction: mov dword ptr [edx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9f92c09 registers.esp: 65532264 registers.edi: 195480 registers.eax: 2261101297 registers.ebp: 65532316 registers.edx: 6892 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f c7 37 37 00 00 00 00 00 00 00 00 00 0b 81 5f exception.instruction: vmptrld qword ptr [edi] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x9f92c41 registers.esp: 65532268 registers.edi: 195480 registers.eax: 1298599590 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 79 2b 20 8b d3 f5 88 5e d9 08 a0 19 64 26 e3 c6 exception.instruction: jns 0x9f92cb7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f92c8a registers.esp: 65532260 registers.edi: 195480 registers.eax: 7602286 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 256 registers.ecx: 65532256	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 01 89 cc 9b ed 2c 55 63 57 53 59 b9 30 d5 bb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f92cc3 registers.esp: 65532264 registers.edi: 195480 registers.eax: 7602286 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 01 f1 6a 00 00 00 00 00 00 00 00 00 0f 49 ca exception.instruction: lmsw cx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x9f92cf0 registers.esp: 65532264 registers.edi: 195480 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: f3 0f c7 36 00 00 00 00 00 00 00 00 00 33 9f d0 exception.instruction: vmxon qword ptr [esi] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x9f92d08 registers.esp: 65532264 registers.edi: 195480 registers.eax: 6476504 registers.ebp: 65532316 registers.edx: 167223296 registers.ebx: 167223296 registers.esi: 1995838602 registers.ecx: 167226277	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 77 05 77 8a a9 2c 80 d8 c3 fb 9e 97 9e 06 c8 15 exception.instruction: ja 0x9f92d5b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f92d54 registers.esp: 65532256 registers.edi: 256 registers.eax: 65532252 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 1242961047 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 01 1f 15 00 00 00 00 00 00 00 00 00 0b 27 04 exception.instruction: lidt ptr [edi] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9f92d6c registers.esp: 65532264 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 1242961047 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 42 70 54 41 76 5d 74 b1 4d 3b 51 bc 3a 0f fb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f92d94 registers.esp: 65532276 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 1242961047 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 3e 29 18 9f 33 34 92 46 39 a4 67 cc 33 4e bf exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9f92df9 registers.esp: 65532268 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 1242961047 registers.esi: 8876 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 01 f1 14 00 00 00 00 00 00 00 00 00 39 fa b1 exception.instruction: lmsw cx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x9f92e1e registers.esp: 65532272 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 1242961047 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 37 26 d5 0e 90 4e e4 e6 de bd d9 d3 01 b8 f7 exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9f92e77 registers.esp: 65532264 registers.edi: 61390 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 1242961047 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 00 da 1f 00 00 00 00 00 00 00 00 00 3f d4 01 exception.instruction: ltr dx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x9f92e95 registers.esp: 65532268 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 1242961047 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc ff b9 67 5f ff 2f 98 30 95 61 e6 d1 06 b9 6f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f92ebd registers.esp: 65532268 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 1242961047 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 8a e1 9c 3e 91 5d 97 fe 61 c6 ef 9b 31 dd 9e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f92edc registers.esp: 65532268 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532640 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 71 a3 44 94 cc 8d 5b 3c 65 8f 01 52 3d 2c e1 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f92f11 registers.esp: 65532264 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532640 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc ac 46 56 79 45 3e e1 23 60 03 cf 72 3f 2e 85 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f92f3b registers.esp: 65532264 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532640 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7a 19 9a 82 f0 f6 83 38 f7 43 cf 91 68 09 78 bc exception.instruction: jp 0x9f92fab exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f92f90 registers.esp: 65532256 registers.edi: 65532252 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 256 registers.ebx: 65532640 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc e8 83 56 fb 0c c9 93 95 13 49 12 4b 0f 3b ad exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f92fbb registers.esp: 65532264 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 3977463167 registers.ebx: 65532640 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7a 0d e9 d7 41 35 39 fa ec 4d 09 51 f6 07 03 a1 exception.instruction: jp 0x9f93010 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f93001 registers.esp: 65532256 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 0 registers.ebx: 65532640 registers.esi: 65532252 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 39 21 81 75 fe d4 31 9c c7 2a df 2b 04 9a 6e exception.instruction: mov dword ptr [ecx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9f93041 registers.esp: 65532256 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532640 registers.esi: 1995838602 registers.ecx: 58358	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 6e 26 31 15 3e ed d8 8c 5f c0 eb 10 03 3d 28 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f9307d registers.esp: 65532260 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532640 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 66 0f c7 33 00 00 00 00 00 00 00 00 00 0d 8c fc exception.instruction: vmclear qword ptr [ebx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x9f93091 registers.esp: 65532260 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532640 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 71 22 28 96 4f 08 67 c2 89 2a 2d 86 99 3f cc 41 exception.instruction: jno 0x9f93105 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f930e1 registers.esp: 65532252 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532640 registers.esi: 65532248 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 70 13 73 8e 1c ed 39 6d 70 2c 51 22 52 32 87 b3 exception.instruction: jo 0x9f93155 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f93140 registers.esp: 65532252 registers.edi: 65532248 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532640 registers.esi: 256 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 11 4b a2 36 de 71 5b 0b e7 b2 80 bd 32 ef 44 exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9f9318b registers.esp: 65532256 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532640 registers.esi: 1995838602 registers.ecx: 42724	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 66 0f c7 36 00 00 00 00 00 00 00 00 00 3e 97 f5 exception.instruction: vmclear qword ptr [esi] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x9f931b1 registers.esp: 65532260 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532640 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 66 0f c7 36 00 00 00 00 00 00 00 00 00 3e 97 f5 exception.instruction: vmclear qword ptr [esi] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x9f931b1 registers.esp: 65532260 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532641 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 66 0f c7 36 00 00 00 00 00 00 00 00 00 3e 97 f5 exception.instruction: vmclear qword ptr [esi] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x9f931b1 registers.esp: 65532260 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532642 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 01 32 71 00 00 00 00 00 00 00 00 00 01 b0 74 exception.instruction: lmsw word ptr [edx] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x9f931e4 registers.esp: 65532260 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532644 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7c 02 a3 0b 55 24 e8 82 d6 86 27 04 6f 3e 2e 1e exception.instruction: jl 0x9f93221 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f9321d registers.esp: 65532252 registers.edi: 65532248 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 65532644	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 79 04 65 3f 97 dc 1c 01 ee cc 60 ac da 02 95 55 exception.instruction: jns 0x9f9327d exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x9f93277 registers.esp: 65532248 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 256 registers.ebx: 65532644 registers.esi: 1995838602 registers.ecx: 65532244	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc d3 05 7b 71 b6 b5 a1 c7 7e 47 4e d8 09 0d 52 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x9f9329e registers.esp: 65532252 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532644 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Sept. 12, 2023, 7:40 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f c7 3b 25 00 00 00 00 00 00 00 00 00 01 3a 41 exception.instruction: vmptrst qword ptr [ebx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x9f932ca registers.esp: 65532252 registers.edi: 195480 registers.eax: 1995635376 registers.ebp: 65532316 registers.edx: 1995596250 registers.ebx: 65532644 registers.esi: 1995838602 registers.ecx: 182	1

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 12, 2023, 7:40 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732a2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 12, 2023, 7:40 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73925000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 12, 2023, 7:40 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73345000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 12, 2023, 7:40 a.m.	process_identifier: 2544 region_size: 40079360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x088d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Temp\nshEE59.tmp\System.dll
file	C:\Users\test22\AppData\Local\Temp\nshEE59.tmp\nsExec.dll

Creates hidden or system file (6 events)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW Sept. 12, 2023, 7:40 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\Slacker.sch filepath: C:\Users\test22\AppData\Local\Temp\Slacker.sch		0	0
SetFileAttributesW Sept. 12, 2023, 7:40 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\Slacker.sch filepath: C:\Users\test22\AppData\Local\Temp\Slacker.sch		0	0
SetFileAttributesW Sept. 12, 2023, 7:40 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\Slacker.sch filepath: C:\Users\test22\AppData\Local\Temp\Slacker.sch		0	0
SetFileAttributesW Sept. 12, 2023, 7:40 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\Slacker.sch filepath: C:\Users\test22\AppData\Local\Temp\Slacker.sch		0	0
SetFileAttributesW Sept. 12, 2023, 7:40 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\Slacker.sch filepath: C:\Users\test22\AppData\Local\Temp\Slacker.sch		0	0
SetFileAttributesW Sept. 12, 2023, 7:40 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\Slacker.sch filepath: C:\Users\test22\AppData\Local\Temp\Slacker.sch		0	0

Creates a shortcut to an executable file (2 events)

file	C:\Users\test22\AppData\Roaming\oppositioners\skallesmkkerne\Dissimiliationens\Mints129.lnk
file	C:\Users\test22\AppData\Local\Temp\discussional\croquises\intermixtly\sportsbegivenhederne.lnk

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\nshEE59.tmp\nsExec.dll
file	C:\Users\test22\AppData\Local\Temp\nshEE59.tmp\System.dll

Communicates with host for which no DNS query was performed (1 event)

host

185.156.174.115

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Sept. 12, 2023, 7:40 a.m.	tid: 2640 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 24 AntiVirus engines on VirusTotal as malicious (24 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
Cylance	unsafe
CrowdStrike	win/malicious_confidence_70% (W)
K7GW	Riskware ( 00584baa1 )
Cyren	W32/Ninjector.KR.gen!Eldorado
ESET-NOD32	NSIS/Injector.ASH
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Makoob.gen
Avast	FileRepMalware [Trj]
McAfee-GW-Edition	BehavesLike.Win32.Generic.hh
FireEye	Generic.mg.919f4ad18943cbfb
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Gridinsoft	Spy.Win32.AzorUlt.bot
ZoneAlarm	HEUR:Trojan.Win32.Makoob.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
McAfee	Artemis!919F4AD18943
Malwarebytes	Generic.Malware/Suspicious
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDIKZ
Ikarus	Trojan.NSIS.Guloader
AVG	FileRepMalware [Trj]
DeepInstinct	MALICIOUS

igucc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All