Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 5, 2024, 3:37 p.m.	Aug. 5, 2024, 3:45 p.m.

Size	3.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f9e341ea64be4ee1007755cd909aaa8c`
SHA256	`8a415b9465a573bf7fdfeb18fc3abe3c5ab53536dfe9d144fe768f180d077cce`
CRC32	`FFEEA683`
ssdeep	`98304:OSk8RkSxK7Ftb7hT3t0rKpk9OPgcatu6WQUAg5cBgpML:OeRLxWFtb7hT3irKp+/b06sXepL`
Yara	PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques themida_packer - themida packer IsPE32 - (no description)

66ade58a5e39e_tgertert.exe "C:\Users\test22\AppData\Local\Temp\66ade58a5e39e_tgertert.exe"
2556
- schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\jewkkwnf\jewkkwnf.exe" /tn "jewkkwnf HR" /sc HOURLY /rl HIGHEST
  2708
- schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\jewkkwnf\jewkkwnf.exe" /tn "jewkkwnf LG" /sc ONLOGON /rl HIGHEST
  2772
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
125.253.92.50	Active	Moloch
77.105.164.24	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 77.105.164.24:50505 -> 192.168.56.101:49162	2046266	ET MALWARE [ANY.RUN] RisePro TCP (Token)	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 77.105.164.24:50505	2049060	ET MALWARE RisePro TCP Heartbeat Packet	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 77.105.164.24:50505	2046269	ET MALWARE [ANY.RUN] RisePro TCP (Activity)	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Queries for the computername (4 events)

Time & API	Arguments	Status	Return
GetComputerNameW Aug. 5, 2024, 3:37 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 5, 2024, 3:37 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 5, 2024, 3:37 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 5, 2024, 3:37 p.m.	computer_name: TEST22-PC	1	1

Command line console output was observed (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Aug. 5, 2024, 3:37 p.m.	buffer: SUCCESS: The scheduled task "jewkkwnf HR" has successfully been created. console_handle: 0x00000007	1	1	0
WriteConsoleW Aug. 5, 2024, 3:37 p.m.	buffer: SUCCESS: The scheduled task "jewkkwnf LG" has successfully been created. console_handle: 0x00000007	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 5, 2024, 3:37 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section
section	.themida
section	.boot

One or more processes crashed (3 events)

Time & API	Arguments	Status
__exception__ Aug. 5, 2024, 3:37 p.m.	stacktrace: 66ade58a5e39e_tgertert+0x6c37fb @ 0xf637fb 66ade58a5e39e_tgertert+0x6ca855 @ 0xf6a855 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc e9 a9 8d 43 8b 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 4586736 registers.edi: 10186752 registers.eax: 4586736 registers.ebp: 4586816 registers.edx: 2130566132 registers.ebx: 32 registers.esi: 1995994155 registers.ecx: 2111832064	1
__exception__ Aug. 5, 2024, 3:37 p.m.	stacktrace: exception.instruction_r: ed e9 32 40 ff ff c3 e9 85 1b ff ff b8 00 0a 00 exception.symbol: 66ade58a5e39e_tgertert+0x717d47 exception.instruction: in eax, dx exception.module: 66ade58a5e39e_tgertert.exe exception.exception_code: 0xc0000096 exception.offset: 7437639 exception.address: 0xfb7d47 registers.esp: 4586856 registers.edi: 14517727 registers.eax: 1750617430 registers.ebp: 10186752 registers.edx: 2130532438 registers.ebx: 2147483650 registers.esi: 13366612 registers.ecx: 20	1
__exception__ Aug. 5, 2024, 3:37 p.m.	stacktrace: exception.instruction_r: ed e9 ec eb fe ff 91 af 5c 51 08 88 b5 ff ff b8 exception.symbol: 66ade58a5e39e_tgertert+0x70508d exception.instruction: in eax, dx exception.module: 66ade58a5e39e_tgertert.exe exception.exception_code: 0xc0000096 exception.offset: 7360653 exception.address: 0xfa508d registers.esp: 4586856 registers.edi: 14517727 registers.eax: 1447909480 registers.ebp: 10186752 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13366612 registers.ecx: 10	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 94 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75981000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75981000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c7000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7563f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7598b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7598b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75988000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75988000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755ec000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75988000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75988000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755e3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755e8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7563e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755e5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755dc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755dc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755ec000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755ed000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 5, 2024, 3:37 p.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597c000 process_handle: 0xffffffff	1

Checks whether any human activity is being performed by constantly checking whether the foreground window changed

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNNT.lnk

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNNT.lnk

Creates a suspicious process (2 events)

cmdline	schtasks /create /f /RU "test22" /tr "C:\ProgramData\jewkkwnf\jewkkwnf.exe" /tn "jewkkwnf LG" /sc ONLOGON /rl HIGHEST
cmdline	schtasks /create /f /RU "test22" /tr "C:\ProgramData\jewkkwnf\jewkkwnf.exe" /tn "jewkkwnf HR" /sc HOURLY /rl HIGHEST

A process created a hidden window (2 events)

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW Aug. 5, 2024, 3:37 p.m.	thread_identifier: 2712 thread_handle: 0x000000f0 process_identifier: 2708 current_directory: filepath: track: 1 command_line: schtasks /create /f /RU "test22" /tr "C:\ProgramData\jewkkwnf\jewkkwnf.exe" /tn "jewkkwnf HR" /sc HOURLY /rl HIGHEST filepath_r: stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 0 process_handle: 0x000000fc	1	1	0
CreateProcessInternalW Aug. 5, 2024, 3:37 p.m.	thread_identifier: 2776 thread_handle: 0x00000264 process_identifier: 2772 current_directory: filepath: track: 1 command_line: schtasks /create /f /RU "test22" /tr "C:\ProgramData\jewkkwnf\jewkkwnf.exe" /tn "jewkkwnf LG" /sc ONLOGON /rl HIGHEST filepath_r: stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 0 process_handle: 0x0000026c	1	1	0

The binary likely contains encrypted or compressed data indicative of a packer (7 events)

section

{u'size_of_data': u'0x00030a00', u'virtual_address': u'0x00001000', u'entropy': 7.979416114671904, u'name': u' ', u'virtual_size': u'0x0006dbdb'}

entropy

7.97941611467

description