Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 31, 2024, 7:25 a.m.	July 31, 2024, 7:27 a.m.

Size	2.5MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9cccb9b47686e3ab460cbee74196ba25`
SHA256	`ebf19a3268b7a3f1411517f4aeb2b0253b4ca853df1c2360e1307febba25e0b4`
CRC32	`3B476AD9`
ssdeep	`49152://hjQWL7OJTkKnLJt0rAo4dnBRsmuKA59iSufNAtSdPPgAsCY3/Oh:XhjQ0OJ3D0rAnBa1iAYdTjYW`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) EnigmaProtector_IN - EnigmaProtector

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
880

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA July 31, 2024, 7:25 a.m.	computer_name: TEST22-PC	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

One or more processes crashed (38 events)

Time & API	Arguments	Status
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd0fb0 0x7ebd0e60 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686684 registers.edi: 49967344 registers.eax: 0 registers.ebp: 2686712 registers.edx: 2 registers.ebx: 2101442250 registers.esi: 42164224 registers.ecx: 83703428	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd0fb0 0x7ebd0e60 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686684 registers.edi: 2686684 registers.eax: 0 registers.ebp: 2686712 registers.edx: 2 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686720	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd0fb0 0x7ebd0e60 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686684 registers.edi: 2686684 registers.eax: 0 registers.ebp: 2686712 registers.edx: 2 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686720	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd0fb0 0x7ebd0e60 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686684 registers.edi: 2686684 registers.eax: 0 registers.ebp: 2686712 registers.edx: 2 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686720	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd0fb0 0x7ebd0e60 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686684 registers.edi: 2686684 registers.eax: 0 registers.ebp: 2686712 registers.edx: 0 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686720	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd0fb0 0x7ebd0e60 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686684 registers.edi: 2686684 registers.eax: 0 registers.ebp: 2686712 registers.edx: 0 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686720	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd0fb0 0x7ebd0e60 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686684 registers.edi: 2686684 registers.eax: 0 registers.ebp: 2686712 registers.edx: 2 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686720	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd1b50 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 43387560 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 37969920 registers.esi: 42164224 registers.ecx: 42164224	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd1b50 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd1b50 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd1b50 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd1fd0 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 43387560 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 37969920 registers.esi: 42164224 registers.ecx: 146564125	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd1fd0 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd1fd0 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd1fd0 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd1fd0 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd1fd0 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2120 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 43387560 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 37969920 registers.esi: 42164224 registers.ecx: 2686576	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2120 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2120 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2120 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2120 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2630 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 43387560 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 0 registers.esi: 42164224 registers.ecx: 888872768	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2630 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2630 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2630 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2630 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2630 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2630 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2630 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2870 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 43387560 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 0 registers.esi: 42164224 registers.ecx: 3895525124	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2870 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2870 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2870 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2870 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2870 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127923 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2870 0x7ebd1790 exception.instruction_r: 0f 0b e8 b1 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: ud2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 38933640 exception.address: 0x2921488 registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 2 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1
__exception__ July 31, 2024, 7:25 a.m.	stacktrace: 0x7ebd2870 0x7ebd1790 exception.instruction_r: f7 f0 e8 dc 4d 01 00 33 c0 5a 59 59 64 89 10 eb exception.instruction: div eax exception.module: random.exe exception.exception_code: 0xc0000094 exception.offset: 38933597 exception.address: 0x292145d registers.esp: 2686556 registers.edi: 2686556 registers.eax: 0 registers.ebp: 2686584 registers.edx: 0 registers.ebx: 43127966 registers.esi: 0 registers.ecx: 2686592	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 95 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04c30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 32768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04c34000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04c3c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04c5c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 196608 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04c60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04c90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 32768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04c94000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04c9c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ca0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ca4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ca8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cac000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cb0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cb4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cb8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cbc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cc4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cc8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ccc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cd0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cd4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cd8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cdc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ce0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ce4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ce8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cf0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cf4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cf8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cfc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d04000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d08000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d0c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d14000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d18000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d1c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d24000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d28000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d2c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d64000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d68000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d6c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 7:25 a.m.	process_identifier: 880 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04d74000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (6 events)

section

{u'size_of_data': u'0x00024200', u'virtual_address': u'0x00001000', u'entropy': 7.997626733933261, u'name': u'', u'virtual_size': u'0x0002b000'}

entropy

7.99762673393

description