Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 28, 2024, 10:43 a.m.	May 28, 2024, 11:19 a.m.

Size	6.3MB
Type	MS-DOS executable, MZ for MS-DOS
MD5	`1306e81bc13677c04abe69a1d2ca4e12`
SHA256	`9cec62fb802376768ad3fc73ef78aa6f2d34ec683696e597536ebe2b5fcb798d`
CRC32	`AA41F202`
ssdeep	`98304:vMlj6Zrx1GIpunUNmw6M47l6xhi91sq0Na3PNSw+i35dbX7MztyszU:EluZrf6nUeNlv91sFA3lEk5dbX7Mz8V`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

AppGate2103v01.exe "C:\Users\test22\AppData\Local\Temp\AppGate2103v01.exe"
1268

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section
section	.themida

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	PNG
resource name	WEVT_TEMPLATE

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdbfa49d appgate2103v01+0xbb21db @ 0x140bb21db appgate2103v01+0xbb21a6 @ 0x140bb21a6 HeapWalk-0x1ce0 kernel32+0x0 @ 0x76fc0000 0x12ff28 0x12ff28 0x12ff28 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefdbfa49d registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1
__exception__ May 27, 2024, 8:42 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1243168 registers.rsi: 2004499152 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244976 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1245000 registers.rdi: 5377421312 registers.rax: 2003627763 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 2225 events)

Time & API	Arguments	Return
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000010000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000011000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000012000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000013000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000014000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000015000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000016000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000017000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000018000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000019000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000020000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000021000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000022000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000023000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000024000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000025000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000026000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000027000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000028000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000029000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000030000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000031000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000032000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000033000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000034000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000035000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000036000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000037000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000038000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000039000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000040000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000041000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00234800', u'virtual_address': u'0x00001000', u'entropy': 7.999921591210801, u'name': u' ', u'virtual_size': u'0x00823000'}

entropy

7.99992159121

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000800', u'virtual_address': u'0x00824000', u'entropy': 7.2759299149865875, u'name': u' ', u'virtual_size': u'0x00000ce8'}

entropy

7.27592991499

description

A section with a high entropy has been found

entropy

0.352107190153

description

Overall entropy of this PE file is high

DEP was bypassed by marking part of the stack executable by the process AppGate2103v01.exe (26 events)

Time & API	Arguments	Return
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000123000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000124000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000125000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000126000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000127000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000128000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000129000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000012a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000012b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000012c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000012d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000012e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000012f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000123000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000124000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000125000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000126000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000127000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000128000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000129000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000012a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000012b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000012c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000012d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000012e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory May 27, 2024, 8:42 a.m.	process_identifier: 1268 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000012f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ May 27, 2024, 8:42 a.m.	tid: 1132 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)

Bkav	W64.AIDetectMalware
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Expiro.vc
Cylance	unsafe
Sangfor	Trojan.Win64.Kryptik.Vrpi
K7AntiVirus	Trojan ( 005b61111 )
BitDefender	Trojan.GenericKD.72905283
K7GW	Trojan ( 005b61111 )
Arcabit	Trojan.Generic.D4587243
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Kryptik.EKH
APEX	Malicious
McAfee	Artemis!1306E81BC136
Avast	Win64:Evo-gen [Trj]
MicroWorld-eScan	Trojan.GenericKD.72905283
Rising	Downloader.Agent!8.B23 (CLOUD)
Emsisoft	Trojan.GenericKD.72905283 (B)
F-Secure	Dropper.DR/AVI.Agent.oqpql
TrendMicro	Trojan.Win64.OPERALOADER.YXEEZZ
McAfeeD	ti!9CEC62FB8023
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.1306e81bc13677c0
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Generic
Google	Detected
Avira	DR/AVI.Agent.oqpql
Antiy-AVL	Trojan/Win64.Kryptik
Kingsoft	Win32.Troj.Undef.a
Gridinsoft	Malware.Win64.PrivateLoader.tr
Microsoft	Trojan:Win32/Znyonm
ViRobot	Trojan.Win.Z.Wacatac.6573568
GData	Win32.Trojan.PrivateLoader.AQF419
AhnLab-V3	Trojan/Win.Generic.R649264
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.MalPack.Themida
Panda	Trj/Chgt.AD
Zoner	Probably Heur.ExeHeaderL
TrendMicro-HouseCall	Trojan.Win64.OPERALOADER.YXEEZZ
MAX	malware (ai score=86)
Fortinet	W64/Kryptik.EKH!tr
AVG	Win64:Evo-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Trojan:Win/Kryptik.EHG

AppGate2103v01.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All