popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1.exe

Generic Malware Malicious Library Anti_VM PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Aug. 4, 2024, 1:22 p.m. Aug. 4, 2024, 1:30 p.m.
Size 1.0MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0b3e8cba9ade0b3aa878518d0152fa05
SHA256 6dcb8ef81ffb990d544d6ecd9b6339ed96f0697359cc25c866ae0e5d9dafa639
CRC32 F920F967
ssdeep 24576:vWldzf8sf+fsntZeFJYFWA60GOSBXHkjBIqClDYGgnxI:Ezx+0ntZeFJYFWn0GOTjGrJjg
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
124.220.147.85 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
section ct
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0xffff3f21

exception.instruction_r: cc f7 d3 8b 47 30 f7 d3 8a e4 8b db f7 d2 03 e0
exception.symbol: 1+0x14c033
exception.instruction: int3
exception.module: 1.exe
exception.exception_code: 0x80000003
exception.offset: 1359923
exception.address: 0x54c033
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5554060
registers.ebp: 1638072
registers.edx: 4294967295
registers.ebx: 914056871
registers.esi: 5701775
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0xffff3f21

exception.instruction_r: f7 d3 8a e4 8b db f7 d2 03 e0 66 f7 d0 8d 80 ec
exception.symbol: 1+0x14c039
exception.instruction: not ebx
exception.module: 1.exe
exception.exception_code: 0x80000004
exception.offset: 1359929
exception.address: 0x54c039
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5591192
registers.ebp: 1638072
registers.edx: 4294967295
registers.ebx: 3380910424
registers.esi: 5701775
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0x1af3ebe

exception.instruction_r: cc 66 56 f7 d7 f7 d7 66 5e 8d 9b f9 ff ff ff 52
exception.symbol: 1+0x14a6d1
exception.instruction: int3
exception.module: 1.exe
exception.exception_code: 0x80000003
exception.offset: 1353425
exception.address: 0x54a6d1
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5547542
registers.ebp: 1638068
registers.edx: 4294967295
registers.ebx: 1817469415
registers.esi: 5702625
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0x1af3ebe

exception.instruction_r: f7 d3 f7 d2 9c 9d 55 5d 9c f6 d4 f7 d1 f7 d1 f6
exception.symbol: 1+0x14a719
exception.instruction: not ebx
exception.module: 1.exe
exception.exception_code: 0x80000004
exception.offset: 1353497
exception.address: 0x54a719
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5591192
registers.ebp: 1638068
registers.edx: 4294967295
registers.ebx: 2477497880
registers.esi: 5702625
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0x1af3ebe

exception.instruction_r: cc 52 5a 8b ed f7 d3 66 57 66 5f 8b 47 30 f7 d3
exception.symbol: 1+0x14fd2f
exception.instruction: int3
exception.module: 1.exe
exception.exception_code: 0x80000003
exception.offset: 1375535
exception.address: 0x54fd2f
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5569625
registers.ebp: 1638068
registers.edx: 4294967295
registers.ebx: 763784261
registers.esi: 5702780
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0x1af3ebe

exception.instruction_r: f7 d3 60 87 fb f7 d7 f7 d7 87 fb 61 8d b6 e1 ff
exception.symbol: 1+0x14fd3d
exception.instruction: not ebx
exception.module: 1.exe
exception.exception_code: 0x80000004
exception.offset: 1375549
exception.address: 0x54fd3d
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5591192
registers.ebp: 1638068
registers.edx: 4294967295
registers.ebx: 3531183034
registers.esi: 5702780
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0x93a73dcd

exception.instruction_r: cc 52 5a 8b ed f7 d3 66 57 66 5f 8b 47 30 f7 d3
exception.symbol: 1+0x14fd2f
exception.instruction: int3
exception.module: 1.exe
exception.exception_code: 0x80000003
exception.offset: 1375535
exception.address: 0x54fd2f
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5569625
registers.ebp: 1638064
registers.edx: 4294967295
registers.ebx: 4289621735
registers.esi: 5703017
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0x93a73dcd

exception.instruction_r: f7 d3 60 87 fb f7 d7 f7 d7 87 fb 61 8d b6 e1 ff
exception.symbol: 1+0x14fd3d
exception.instruction: not ebx
exception.module: 1.exe
exception.exception_code: 0x80000004
exception.offset: 1375549
exception.address: 0x54fd3d
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5591192
registers.ebp: 1638064
registers.edx: 4294967295
registers.ebx: 5345560
registers.esi: 5703017
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0xffff3f22

exception.instruction_r: cc 53 8d bf e2 ff ff ff 8d bf 1e 00 00 00 5b 8d
exception.symbol: 1+0x150747
exception.instruction: int3
exception.module: 1.exe
exception.exception_code: 0x80000003
exception.offset: 1378119
exception.address: 0x550747
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5572171
registers.ebp: 1638072
registers.edx: 4294967295
registers.ebx: 349831281
registers.esi: 5703383
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0xffff3f22

exception.instruction_r: f7 d3 66 52 8d 80 eb ff ff ff f6 d6 f6 d6 8d 80
exception.symbol: 1+0x150767
exception.instruction: not ebx
exception.module: 1.exe
exception.exception_code: 0x80000004
exception.offset: 1378151
exception.address: 0x550767
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5591192
registers.ebp: 1638072
registers.edx: 4294967295
registers.ebx: 3945136014
registers.esi: 5703383
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0xffef3f21

exception.instruction_r: cc 51 8a f6 59 8a f6 66 50 8d ad fa ff ff ff 8d
exception.symbol: 1+0x151801
exception.instruction: int3
exception.module: 1.exe
exception.exception_code: 0x80000003
exception.offset: 1382401
exception.address: 0x551801
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5576515
registers.ebp: 1638064
registers.edx: 4294967295
registers.ebx: 3089138304
registers.esi: 5703537
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0xffef3f21

exception.instruction_r: f7 d3 8d ad f9 ff ff ff f6 d7 8d 89 ff ff ff ff
exception.symbol: 1+0x151823
exception.instruction: not ebx
exception.module: 1.exe
exception.exception_code: 0x80000004
exception.offset: 1382435
exception.address: 0x551823
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5591192
registers.ebp: 1638064
registers.edx: 4294967295
registers.ebx: 1205828991
registers.esi: 5703537
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0x311d6925

exception.instruction_r: cc 8b ed f7 d3 66 f7 d6 9c 9d 66 f7 d6 8d 80 f5
exception.symbol: 1+0x150ae0
exception.instruction: int3
exception.module: 1.exe
exception.exception_code: 0x80000003
exception.offset: 1379040
exception.address: 0x550ae0
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5573196
registers.ebp: 1638072
registers.edx: 4294967295
registers.ebx: 3089138358
registers.esi: 5703543
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0x311d6925

exception.instruction_r: f7 d3 9c 9d f7 d2 66 53 66 f7 d0 66 f7 d0 66 f7
exception.symbol: 1+0x150b29
exception.instruction: not ebx
exception.module: 1.exe
exception.exception_code: 0x80000004
exception.offset: 1379113
exception.address: 0x550b29
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5591192
registers.ebp: 1638072
registers.edx: 4294967295
registers.ebx: 1205828937
registers.esi: 5703543
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0xa4d2c73

exception.instruction_r: cc 52 5a 8b ed f7 d3 66 57 66 5f 8b 47 30 f7 d3
exception.symbol: 1+0x14fd2f
exception.instruction: int3
exception.module: 1.exe
exception.exception_code: 0x80000003
exception.offset: 1375535
exception.address: 0x54fd2f
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5569625
registers.ebp: 1638064
registers.edx: 4294967295
registers.ebx: 2356904549
registers.esi: 5703638
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 
0xa4d2c73

exception.instruction_r: f7 d3 60 87 fb f7 d7 f7 d7 87 fb 61 8d b6 e1 ff
exception.symbol: 1+0x14fd3d
exception.instruction: not ebx
exception.module: 1.exe
exception.exception_code: 0x80000004
exception.offset: 1375549
exception.address: 0x54fd3d
registers.esp: 1637728
registers.edi: 1637916
registers.eax: 5591192
registers.ebp: 1638064
registers.edx: 4294967295
registers.ebx: 1938062746
registers.esi: 5703638
registers.ecx: 2005999309
1 0 0

__exception__

 stacktrace: 

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 52 5a 8b ed f7 d3 66 57 66 5f 8b 47 30 f7 d3
        

      
        exception.symbol:
        1+0x14fd2f
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1375535
        

      
        exception.address:
        0x54fd2f
        

      
    
  
    
      
        registers.esp:
        1637724
        

      
        registers.edi:
        1637912
        

      
        registers.eax:
        5569625
        

      
        registers.ebp:
        1638076
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        782270286
        

      
        registers.esi:
        5801264
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 60 87 fb f7 d7 f7 d7 87 fb 61 8d b6 e1 ff
        

      
        exception.symbol:
        1+0x14fd3d
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1375549
        

      
        exception.address:
        0x54fd3d
        

      
    
  
    
      
        registers.esp:
        1637724
        

      
        registers.edi:
        1637912
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638076
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        3512697009
        

      
        registers.esi:
        5801264
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffef3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 8b ed f7 d3 66 f7 d6 9c 9d 66 f7 d6 8d 80 f5
        

      
        exception.symbol:
        1+0x150ae0
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1379040
        

      
        exception.address:
        0x550ae0
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5573196
        

      
        registers.ebp:
        1638044
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        1354504306
        

      
        registers.esi:
        5595005
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffef3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 9c 9d f7 d2 66 53 66 f7 d0 66 f7 d0 66 f7
        

      
        exception.symbol:
        1+0x150b29
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1379113
        

      
        exception.address:
        0x550b29
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638044
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        2940462989
        

      
        registers.esi:
        5595005
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffff3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 53 8d bf e2 ff ff ff 8d bf 1e 00 00 00 5b 8d
        

      
        exception.symbol:
        1+0x150747
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1378119
        

      
        exception.address:
        0x550747
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5572171
        

      
        registers.ebp:
        1638052
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        3243217342
        

      
        registers.esi:
        5595809
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffff3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 66 52 8d 80 eb ff ff ff f6 d6 f6 d6 8d 80
        

      
        exception.symbol:
        1+0x150767
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1378151
        

      
        exception.address:
        0x550767
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638052
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        1051749953
        

      
        registers.esi:
        5595809
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xbd9f3dcc

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 52 5a 8b ed f7 d3 66 57 66 5f 8b 47 30 f7 d3
        

      
        exception.symbol:
        1+0x14fd2f
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1375535
        

      
        exception.address:
        0x54fd2f
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5569625
        

      
        registers.ebp:
        1638052
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        3243217269
        

      
        registers.esi:
        5595815
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xbd9f3dcc

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 60 87 fb f7 d7 f7 d7 87 fb 61 8d b6 e1 ff
        

      
        exception.symbol:
        1+0x14fd3d
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1375549
        

      
        exception.address:
        0x54fd3d
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638052
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        1051750026
        

      
        registers.esi:
        5595815
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 51 8a f6 59 8a f6 66 50 8d ad fa ff ff ff 8d
        

      
        exception.symbol:
        1+0x151801
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1382401
        

      
        exception.address:
        0x551801
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5576515
        

      
        registers.ebp:
        1638056
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        4202236297
        

      
        registers.esi:
        5596214
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 8d ad f9 ff ff ff f6 d7 8d 89 ff ff ff ff
        

      
        exception.symbol:
        1+0x151823
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1382435
        

      
        exception.address:
        0x551823
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638056
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        92730998
        

      
        registers.esi:
        5596214
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 52 5a 8b ed f7 d3 66 57 66 5f 8b 47 30 f7 d3
        

      
        exception.symbol:
        1+0x14fd2f
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1375535
        

      
        exception.address:
        0x54fd2f
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5569625
        

      
        registers.ebp:
        1638060
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        671860982
        

      
        registers.esi:
        5596309
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 60 87 fb f7 d7 f7 d7 87 fb 61 8d b6 e1 ff
        

      
        exception.symbol:
        1+0x14fd3d
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1375549
        

      
        exception.address:
        0x54fd3d
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638060
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        3623106313
        

      
        registers.esi:
        5596309
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0x25c73f9b

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 66 56 f7 d7 f7 d7 66 5e 8d 9b f9 ff ff ff 52
        

      
        exception.symbol:
        1+0x14a6d1
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1353425
        

      
        exception.address:
        0x54a6d1
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5547542
        

      
        registers.ebp:
        1638044
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        450515190
        

      
        registers.esi:
        5596809
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0x25c73f9b

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 f7 d2 9c 9d 55 5d 9c f6 d4 f7 d1 f7 d1 f6
        

      
        exception.symbol:
        1+0x14a719
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1353497
        

      
        exception.address:
        0x54a719
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638044
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        3844452105
        

      
        registers.esi:
        5596809
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffff3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 53 8d bf e2 ff ff ff 8d bf 1e 00 00 00 5b 8d
        

      
        exception.symbol:
        1+0x150747
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1378119
        

      
        exception.address:
        0x550747
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5572171
        

      
        registers.ebp:
        1638048
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        1131943426
        

      
        registers.esi:
        5597006
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffff3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 66 52 8d 80 eb ff ff ff f6 d6 f6 d6 8d 80
        

      
        exception.symbol:
        1+0x150767
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1378151
        

      
        exception.address:
        0x550767
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638048
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        3163023869
        

      
        registers.esi:
        5597006
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffff3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 53 8d bf e2 ff ff ff 8d bf 1e 00 00 00 5b 8d
        

      
        exception.symbol:
        1+0x150747
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1378119
        

      
        exception.address:
        0x550747
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5572171
        

      
        registers.ebp:
        1638052
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        3470449068
        

      
        registers.esi:
        5597185
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffff3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 66 52 8d 80 eb ff ff ff f6 d6 f6 d6 8d 80
        

      
        exception.symbol:
        1+0x150767
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1378151
        

      
        exception.address:
        0x550767
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638052
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        824518227
        

      
        registers.esi:
        5597185
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 66 56 f7 d7 f7 d7 66 5e 8d 9b f9 ff ff ff 52
        

      
        exception.symbol:
        1+0x14a6d1
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1353425
        

      
        exception.address:
        0x54a6d1
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5547542
        

      
        registers.ebp:
        1638060
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        2926227348
        

      
        registers.esi:
        5598058
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 f7 d2 9c 9d 55 5d 9c f6 d4 f7 d1 f7 d1 f6
        

      
        exception.symbol:
        1+0x14a719
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1353497
        

      
        exception.address:
        0x54a719
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638060
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        1368739947
        

      
        registers.esi:
        5598058
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffff3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 66 56 f7 d7 f7 d7 66 5e 8d 9b f9 ff ff ff 52
        

      
        exception.symbol:
        1+0x14a6d1
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1353425
        

      
        exception.address:
        0x54a6d1
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5547542
        

      
        registers.ebp:
        1638048
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        1317721699
        

      
        registers.esi:
        5598884
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffff3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 f7 d2 9c 9d 55 5d 9c f6 d4 f7 d1 f7 d1 f6
        

      
        exception.symbol:
        1+0x14a719
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1353497
        

      
        exception.address:
        0x54a719
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638048
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        2977245596
        

      
        registers.esi:
        5598884
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffef3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc f7 d3 8b 47 30 f7 d3 8a e4 8b db f7 d2 03 e0
        

      
        exception.symbol:
        1+0x14c033
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1359923
        

      
        exception.address:
        0x54c033
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5554060
        

      
        registers.ebp:
        1638044
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        2119744238
        

      
        registers.esi:
        5598944
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffef3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 8a e4 8b db f7 d2 03 e0 66 f7 d0 8d 80 ec
        

      
        exception.symbol:
        1+0x14c039
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1359929
        

      
        exception.address:
        0x54c039
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638044
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        2175223057
        

      
        registers.esi:
        5598944
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0x2a833dcc

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 52 5a 8b ed f7 d3 66 57 66 5f 8b 47 30 f7 d3
        

      
        exception.symbol:
        1+0x14fd2f
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1375535
        

      
        exception.address:
        0x54fd2f
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5569625
        

      
        registers.ebp:
        1638052
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        1009848020
        

      
        registers.esi:
        5599439
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0x2a833dcc

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 60 87 fb f7 d7 f7 d7 87 fb 61 8d b6 e1 ff
        

      
        exception.symbol:
        1+0x14fd3d
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1375549
        

      
        exception.address:
        0x54fd3d
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638052
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        3285119275
        

      
        registers.esi:
        5599439
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xf5f73f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 66 56 f7 d7 f7 d7 66 5e 8d 9b f9 ff ff ff 52
        

      
        exception.symbol:
        1+0x14a6d1
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1353425
        

      
        exception.address:
        0x54a6d1
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5547542
        

      
        registers.ebp:
        1638047
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        2380571457
        

      
        registers.esi:
        5599631
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xf5f73f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 f7 d2 9c 9d 55 5d 9c f6 d4 f7 d1 f7 d1 f6
        

      
        exception.symbol:
        1+0x14a719
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1353497
        

      
        exception.address:
        0x54a719
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638047
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        1914395838
        

      
        registers.esi:
        5599631
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc f7 d3 8b 47 30 f7 d3 8a e4 8b db f7 d2 03 e0
        

      
        exception.symbol:
        1+0x14c033
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1359923
        

      
        exception.address:
        0x54c033
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5554060
        

      
        registers.ebp:
        1638060
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        2380571533
        

      
        registers.esi:
        5599676
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 8a e4 8b db f7 d2 03 e0 66 f7 d0 8d 80 ec
        

      
        exception.symbol:
        1+0x14c039
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1359929
        

      
        exception.address:
        0x54c039
        

      
    
  
    
      
        registers.esp:
        1637708
        

      
        registers.edi:
        1637896
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638060
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        1914395762
        

      
        registers.esi:
        5599676
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffff3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc f7 d3 8b 47 30 f7 d3 8a e4 8b db f7 d2 03 e0
        

      
        exception.symbol:
        1+0x14c033
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1359923
        

      
        exception.address:
        0x54c033
        

      
    
  
    
      
        registers.esp:
        1637728
        

      
        registers.edi:
        1637916
        

      
        registers.eax:
        5554060
        

      
        registers.ebp:
        1638072
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        1788965098
        

      
        registers.esi:
        5704691
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffff3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 8a e4 8b db f7 d2 03 e0 66 f7 d0 8d 80 ec
        

      
        exception.symbol:
        1+0x14c039
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1359929
        

      
        exception.address:
        0x54c039
        

      
    
  
    
      
        registers.esp:
        1637728
        

      
        registers.edi:
        1637916
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1638072
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        2506002197
        

      
        registers.esi:
        5704691
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffff3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        cc 8b ed f7 d3 66 f7 d6 9c 9d 66 f7 d6 8d 80 f5
        

      
        exception.symbol:
        1+0x150ae0
        

      
        exception.instruction:
        int3
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000003
        

      
        exception.offset:
        1379040
        

      
        exception.address:
        0x550ae0
        

      
    
  
    
      
        registers.esp:
        1637640
        

      
        registers.edi:
        1637828
        

      
        registers.eax:
        5573196
        

      
        registers.ebp:
        1637980
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        3979429804
        

      
        registers.esi:
        5730499
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
0xffff3f21

        
      
      
      

    
  
    
      
        exception.instruction_r:
        f7 d3 9c 9d f7 d2 66 53 66 f7 d0 66 f7 d0 66 f7
        

      
        exception.symbol:
        1+0x150b29
        

      
        exception.instruction:
        not ebx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0x80000004
        

      
        exception.offset:
        1379113
        

      
        exception.address:
        0x550b29
        

      
    
  
    
      
        registers.esp:
        1637640
        

      
        registers.edi:
        1637828
        

      
        registers.eax:
        5591192
        

      
        registers.ebp:
        1637980
        

      
        registers.edx:
        4294967295
        

      
        registers.ebx:
        315537491
        

      
        registers.esi:
        5730499
        

      
        registers.ecx:
        2005999309
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1904
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      length:
      
        
          1253376
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x00401000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                            

                                

                                

                                    

  
NtAllocateVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1904
        
      
      
      

    
  
    
      region_size:
      
        
          32768
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      protection:
      
        
          64
        
      
      
        (PAGE_EXECUTE_READWRITE)
      
      

    
  
    
      base_address:
      
        
          0x006f0000
        
      
      
      

    
  
    
      allocation_type:
      
        
          12288
        
      
      
        (MEM_COMMIT|MEM_RESERVE)
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            description
                                            1.exe tried to sleep 341 seconds, actually delayed analysis time by 341 seconds
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
NtProtectVirtualMemory

  
  
    
      
    
  


  
    
      process_identifier:
      
        
          1904
        
      
      
      

    
  
    
      stack_dep_bypass:
      
        
          0
        
      
      
      

    
  
    
      stack_pivoted:
      
        
          0
        
      
      
      

    
  
    
      heap_dep_bypass:
      
        
          1
        
      
      
      

    
  
    
      length:
      
        
          643072
        
      
      
      

    
  
    
      protection:
      
        
          32
        
      
      
        (PAGE_EXECUTE_READ)
      
      

    
  
    
      base_address:
      
        
          0x10001000
        
      
      
      

    
  
    
      process_handle:
      
        
          0xffffffff
        
      
      
      

    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x00000800', u'virtual_address': u'0x00001000', u'entropy': 7.6865602468897976, u'name': u'.text', u'virtual_size': u'0x00131435'}
                                        
                                    
                                        
                                            entropy
                                            7.68656024689
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x00058200', u'virtual_address': u'0x00133000', u'entropy': 7.295067628652974, u'name': u'ct', u'virtual_size': u'0x00059000'}
                                        
                                    
                                        
                                            entropy
                                            7.29506762865
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            section
                                            {u'size_of_data': u'0x000abe00', u'virtual_address': u'0x0018c000', u'entropy': 7.990403066174612, u'name': u'ct', u'virtual_size': u'0x000ad000'}
                                        
                                    
                                        
                                            entropy
                                            7.99040306617
                                        
                                    
                                        
                                            description
                                            A section with a high entropy has been found
                                        
                                    
                                


                            

                        

                            

                                

                                    
                                        
                                    
                                        
                                            entropy
                                            0.972922502334
                                        
                                    
                                        
                                            description
                                            Overall entropy of this PE file is high
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    
                                        
                                            host
                                            124.220.147.85
                                        
                                    
                                        
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    dll
                                    VBoxHook.dll
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    

                                    
                                        

                                            Time & API
                                            Arguments
                                            Status
                                            Return
                                            Repeated
                                        

                                    

                                

                                

                                    

  
__exception__

  
  
    
      
    
  


  
    
      stacktrace:
      
        
          
1+0x166922 @ 0x566922
1+0x173547 @ 0x573547
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

        
      
      
      

    
  
    
      
        exception.instruction_r:
        ed 64 8f 05 00 00 00 00 58 87 5c 24 1c 61 2d 68
        

      
        exception.symbol:
        1+0x13319e
        

      
        exception.instruction:
        in eax, dx
        

      
        exception.module:
        1.exe
        

      
        exception.exception_code:
        0xc0000096
        

      
        exception.offset:
        1257886
        

      
        exception.address:
        0x53319e
        

      
    
  
    
      
        registers.esp:
        1638224
        

      
        registers.edi:
        0
        

      
        registers.eax:
        1447909480
        

      
        registers.ebp:
        1638268
        

      
        registers.edx:
        22104
        

      
        registers.ebx:
        2130567168
        

      
        registers.esi:
        0
        

      
        registers.ecx:
        4063232
        

      
    
  


    
        1
    

0

    
        0
    


                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    Bkav
                                    W32.AIDetectMalware
                                    
                                


                            

                        

                            

                                

                                    Lionic
                                    Trojan.Win32.Generic.lnLK
                                    
                                


                            

                        

                            

                                

                                    Cynet
                                    Malicious (score: 100)
                                    
                                


                            

                        

                            

                                

                                    CAT-QuickHeal
                                    Backdoor.Farfli
                                    
                                


                            

                        

                            

                                

                                    Skyhigh
                                    BehavesLike.Win32.Generic.tc
                                    
                                


                            

                        

                            

                                

                                    ALYac
                                    Gen:Variant.Ulise.338596
                                    
                                


                            

                        

                            

                                

                                    Cylance
                                    Unsafe
                                    
                                


                            

                        

                            

                                

                                    VIPRE
                                    Gen:Variant.Ulise.338596
                                    
                                


                            

                        

                            

                                

                                    Sangfor
                                    Suspicious.Win32.Save.a
                                    
                                


                            

                        

                            

                                

                                    K7AntiVirus
                                    Trojan ( 0043574c1 )
                                    
                                


                            

                        

                            

                                

                                    BitDefender
                                    Trojan.GenericKD.73779140
                                    
                                


                            

                        

                            

                                

                                    K7GW
                                    Trojan ( 0043574c1 )
                                    
                                


                            

                        

                            

                                

                                    Cybereason
                                    malicious.a9ade0
                                    
                                


                            

                        

                            

                                

                                    Symantec
                                    ML.Attribute.HighConfidence
                                    
                                


                            

                        

                            

                                

                                    Elastic
                                    malicious (high confidence)
                                    
                                


                            

                        

                            

                                

                                    ESET-NOD32
                                    a variant of Win32/Packed.VMProtect.LI
                                    
                                


                            

                        

                            

                                

                                    APEX
                                    Malicious
                                    
                                


                            

                        

                            

                                

                                    Avast
                                    Win32:Evo-gen [Trj]
                                    
                                


                            

                        

                            

                                

                                    Kaspersky
                                    Backdoor.Win32.Farfli.cuxb
                                    
                                


                            

                        

                            

                                

                                    Alibaba
                                    Packed:Win32/VMProtect.8699a912
                                    
                                


                            

                        

                            

                                

                                    NANO-Antivirus
                                    Trojan.Win32.Farfli.kqmglo
                                    
                                


                            

                        

                            

                                

                                    MicroWorld-eScan
                                    Trojan.GenericKD.73779140
                                    
                                


                            

                        

                            

                                

                                    Rising
                                    Backdoor.Zegost!8.177 (TFE:5:c4oLjg2aC5B)
                                    
                                


                            

                        

                            

                                

                                    Emsisoft
                                    Trojan.GenericKD.73779140 (B)
                                    
                                


                            

                        

                            

                                

                                    F-Secure
                                    Trojan.TR/AVI.Gh0stCringe.psvbc
                                    
                                


                            

                        

                            

                                

                                    DrWeb
                                    BackDoor.Farfli.131
                                    
                                


                            

                        

                            

                                

                                    BitDefenderTheta
                                    Gen:NN.ZexaF.36810.dv0@aq28Ytck
                                    
                                


                            

                        

                            

                                

                                    McAfeeD
                                    Real Protect-LS!0B3E8CBA9ADE
                                    
                                


                            

                        

                            

                                

                                    Trapmine
                                    malicious.high.ml.score
                                    
                                


                            

                        

                            

                                

                                    FireEye
                                    Generic.mg.0b3e8cba9ade0b3a
                                    
                                


                            

                        

                            

                                

                                    Sophos
                                    Mal/Generic-S
                                    
                                


                            

                        

                            

                                

                                    Ikarus
                                    PUA.VProtect
                                    
                                


                            

                        

                            

                                

                                    Jiangmin
                                    Trojan.Generic.amnmn
                                    
                                


                            

                        

                            

                                

                                    Webroot
                                    Pua.Gen
                                    
                                


                            

                        

                            

                                

                                    Google
                                    Detected
                                    
                                


                            

                        

                            

                                

                                    Avira
                                    TR/AVI.Gh0stCringe.psvbc
                                    
                                


                            

                        

                            

                                

                                    Antiy-AVL
                                    Trojan[Packed]/Win32.VMProtect
                                    
                                


                            

                        

                            

                                

                                    Kingsoft
                                    Win32.HeurC.KVMH008.a
                                    
                                


                            

                        

                            

                                

                                    Gridinsoft
                                    Trojan.Win32.Gen.tr
                                    
                                


                            

                        

                            

                                

                                    Xcitium
                                    Malware@#1ae768no16lui
                                    
                                


                            

                        

                            

                                

                                    Arcabit
                                    Trojan.Ulise.D52AA4
                                    
                                


                            

                        

                            

                                

                                    ViRobot
                                    Trojan.Win.Z.Ulise.1097728
                                    
                                


                            

                        

                            

                                

                                    ZoneAlarm
                                    Backdoor.Win32.Farfli.cuxb
                                    
                                


                            

                        

                            

                                

                                    GData
                                    Trojan.GenericKD.73779140
                                    
                                


                            

                        

                            

                                

                                    Varist
                                    W32/ABApplication.CFEF-7792
                                    
                                


                            

                        

                            

                                

                                    AhnLab-V3
                                    Packed/Vprotect.Exp
                                    
                                


                            

                        

                            

                                

                                    McAfee
                                    Artemis!0B3E8CBA9ADE
                                    
                                


                            

                        

                            

                                

                                    DeepInstinct
                                    MALICIOUS
                                    
                                


                            

                        

                            

                                

                                    Malwarebytes
                                    Generic.Malware.AI.DDS
                                    
                                


                            

                        

                            

                                

                                    TrendMicro-HouseCall
                                    TROJ_GEN.R002H07H224
                                    
                                


                            

                        

                    


                    

                

            
            
        
            


                

                
                

                    

                    

                        
                        

                            

                                

                                    dead_host
                                    192.168.56.103:49163
                                    
                                


                            

                        

                            

                                

                                    dead_host
                                    124.220.147.85:8080
                                    
                                


                            

                        

                            

                                

                                    dead_host
                                    192.168.56.103:49167