Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 23, 2023, 8:06 p.m.	Sept. 23, 2023, 8:09 p.m.

Size	6.4MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`8a6554c54d9040abfbbaa853c9abce67`
SHA256	`acdbcef3bcab8f9a42871c9d85702ab267995726d8874ba5b837c7dfe2222dad`
CRC32	`492895E8`
ssdeep	`196608:3ezOWEWgS5TZmOT94Ii4F8t5QBPYymcbk:3fW75TpT94Iz8t5QBQymcbk`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE64 - (no description)

gate4.exe "C:\Users\test22\AppData\Local\Temp\gate4.exe"
1028

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section
section	.7zip0
section	.themida
section	.7zip1
section	.7zip2
section	.7zip3

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d gate4+0x678066 @ 0x13ff98066 gate4+0x6a7996 @ 0x13ffc7996 HeapWalk-0x1ce0 kernel32+0x0 @ 0x76fc0000 0x1cfb38 0x1cfb38 0x1cfb38 EqualDomainSid+0x1d0 SetFileInformationByHandle-0x90 kernelbase+0x3a9b0 @ 0x7fefdc2a9b0 gate4+0x4b72ec @ 0x13fdd72ec exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefdbfa49d registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1
__exception__ Sept. 23, 2023, 7:59 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1897520 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 32 registers.rsp: 1899432 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1899352 registers.rdi: 2003748129 registers.rax: 2002969514 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 14609 events)

Time & API	Arguments	Return
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000010000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000011000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000012000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000013000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000014000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000015000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000016000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000017000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000018000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000019000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000020000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000021000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000022000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000023000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000024000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000025000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000026000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000027000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000028000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000029000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000030000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000031000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000032000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000033000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000034000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000035000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000036000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000037000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000038000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000039000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000040000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000041000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x0065c600', u'virtual_address': u'0x00908000', u'entropy': 7.920174116950264, u'name': u'.7zip3', u'virtual_size': u'0x0065c44c'}

entropy

7.92017411695

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00014000', u'virtual_address': u'0x00f66000', u'entropy': 6.824815489090797, u'name': u'.rsrc', u'virtual_size': u'0x00027a9c'}

entropy

6.82481548909

description

A section with a high entropy has been found

entropy

0.999772554966

description

Overall entropy of this PE file is high

DEP was bypassed by marking part of the stack executable by the process gate4.exe (8 events)

Time & API	Arguments	Return
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000001cc000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000001cd000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000001ce000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:58 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000001cf000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:59 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000001cc000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:59 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000001cd000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:59 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000001ce000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Sept. 23, 2023, 7:59 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000001cf000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Sept. 23, 2023, 7:59 p.m.	tid: 1096 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)

Lionic	Trojan.Win32.Scar.4!c
Elastic	malicious (high confidence)
Malwarebytes	Generic.Malware/Suspicious
Sangfor	Trojan.Win32.Agent.V6yi
CrowdStrike	win/malicious_confidence_70% (W)
Cyren	W64/ABRisk.RMOZ-5375
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Packed.VMProtect.R suspicious
APEX	Malicious
Kaspersky	Trojan.Win32.Scar.tqlz
Avast	InjectorX-gen [Trj]
McAfee-GW-Edition	Artemis!Trojan
Sophos	Generic Reputation PUA (PUA)
Ikarus	PUA.Generic
Gridinsoft	Malware.Win64.Gen.bot
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	UDS:Trojan.Win32.Scar.tqlz
Google	Detected
Cylance	unsafe
Rising	Trojan.Scar!8.33F (CLOUD)
MaxSecure	Trojan.Malware.300983.susgen
AVG	InjectorX-gen [Trj]
DeepInstinct	MALICIOUS

gate4.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All