Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 21, 2024, 9:06 a.m.	Sept. 21, 2024, 9:16 a.m.

Size	2.7MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a5b724154ef3434013666c4f5ab0ac17`
SHA256	`3a31cc22829750508f76063b4daf9031cc77f1a3d18443bc49c2c500ae9295f7`
CRC32	`F0E56867`
ssdeep	`49152:/rAqAqqMDVG6E0KMwUKMxMT5gx5x2snhVe0c:/0qAlMDVFvwU5atgxGyVe`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description)

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
2572

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.215.113.103	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49165 -> 185.215.113.103:80	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Sept. 21, 2024, 9:06 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameA Sept. 21, 2024, 9:06 a.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 21, 2024, 9:06 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 21, 2024, 9:06 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.rsrc
section	.idata
section	eipxxebs
section	bjocshqu
section	.taggant

One or more processes crashed (50 out of 117 events)

Time & API	Arguments	Status
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: fb 60 bd 14 00 26 ef e9 00 02 00 00 61 1a 84 d1 exception.symbol: random+0x241c0c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2366476 exception.address: 0x1531c0c registers.esp: 3276516 registers.edi: 0 registers.eax: 3276532 registers.ebp: 3276532 registers.edx: 3276524 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 68 12 11 06 7f 89 2c 24 52 ba 35 71 fd 1d e9 exception.symbol: random+0x242292 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2368146 exception.address: 0x1532292 registers.esp: 3276484 registers.edi: 0 registers.eax: 32775 registers.ebp: 4012245012 registers.edx: 3276524 registers.ebx: 4294937488 registers.esi: 605849936 registers.ecx: 22257606	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 81 c6 a7 25 bc 7d 51 89 14 24 ba e8 d3 3c 7f exception.symbol: random+0x243713 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2373395 exception.address: 0x1533713 registers.esp: 3276480 registers.edi: 0 registers.eax: 32595 registers.ebp: 4012245012 registers.edx: 3276524 registers.ebx: 396447634 registers.esi: 22228242 registers.ecx: 2013222849	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 34 24 c7 04 24 30 f9 df 7f c1 24 exception.symbol: random+0x2433cf exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2372559 exception.address: 0x15333cf registers.esp: 3276484 registers.edi: 242921 registers.eax: 4294937944 registers.ebp: 4012245012 registers.edx: 3276524 registers.ebx: 396447634 registers.esi: 22260837 registers.ecx: 2013222849	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 50 e9 00 00 00 00 b8 4d 42 9f 5f 81 c3 c4 e1 exception.symbol: random+0x3b3b61 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3881825 exception.address: 0x16a3b61 registers.esp: 3276480 registers.edi: 22264583 registers.eax: 28124 registers.ebp: 4012245012 registers.edx: 22218105 registers.ebx: 23735947 registers.esi: 23735489 registers.ecx: 2125398016	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 50 54 e9 8b 01 00 00 5d 31 ea 5d 55 bd 75 2b exception.symbol: random+0x3b2f48 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3878728 exception.address: 0x16a2f48 registers.esp: 3276484 registers.edi: 22264583 registers.eax: 28124 registers.ebp: 4012245012 registers.edx: 22218105 registers.ebx: 23764071 registers.esi: 23735489 registers.ecx: 2125398016	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 2c 24 50 57 bf a6 8b 79 1d b8 ea exception.symbol: random+0x3b35bb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3880379 exception.address: 0x16a35bb registers.esp: 3276484 registers.edi: 4294942484 registers.eax: 2207629928 registers.ebp: 4012245012 registers.edx: 22218105 registers.ebx: 23764071 registers.esi: 23735489 registers.ecx: 2125398016	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb e9 6b 01 00 00 55 bd 67 ac 1a 50 29 6c 24 04 exception.symbol: random+0x3b9c18 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3906584 exception.address: 0x16a9c18 registers.esp: 3276480 registers.edi: 20220 registers.eax: 29759 registers.ebp: 4012245012 registers.edx: 95 registers.ebx: 23758696 registers.esi: 23762987 registers.ecx: 22236645	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb e9 06 07 00 00 5a f7 d2 81 ec 04 00 00 00 89 exception.symbol: random+0x3b994d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3905869 exception.address: 0x16a994d registers.esp: 3276484 registers.edi: 20220 registers.eax: 59734 registers.ebp: 4012245012 registers.edx: 95 registers.ebx: 23758696 registers.esi: 23792746 registers.ecx: 4294939956	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 68 82 7e 9c 33 89 04 24 b8 65 62 bf 5f ba 34 exception.symbol: random+0x3ba71f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3909407 exception.address: 0x16aa71f registers.esp: 3276484 registers.edi: 20220 registers.eax: 31888 registers.ebp: 4012245012 registers.edx: 95 registers.ebx: 720068162 registers.esi: 23792746 registers.ecx: 23797705	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 14 24 c7 04 24 08 b4 fa 7f 81 04 exception.symbol: random+0x3ba5c9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3909065 exception.address: 0x16aa5c9 registers.esp: 3276484 registers.edi: 20220 registers.eax: 1259 registers.ebp: 4012245012 registers.edx: 0 registers.ebx: 720068162 registers.esi: 23792746 registers.ecx: 23768773	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 e9 12 01 00 00 51 f7 14 exception.symbol: random+0x3c5e97 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3956375 exception.address: 0x16b5e97 registers.esp: 3276476 registers.edi: 5516704 registers.eax: 1447909480 registers.ebp: 4012245012 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 23797997 registers.ecx: 20	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x3c2703 exception.address: 0x16b2703 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 3942147 registers.esp: 3276476 registers.edi: 5516704 registers.eax: 1 registers.ebp: 4012245012 registers.edx: 22104 registers.ebx: 0 registers.esi: 23797997 registers.ecx: 20	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 86 3c 2d 12 01 exception.symbol: random+0x3c4e8d exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3952269 exception.address: 0x16b4e8d registers.esp: 3276476 registers.edi: 5516704 registers.eax: 1447909480 registers.ebp: 4012245012 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 23797997 registers.ecx: 10	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 0f b7 d0 81 c2 a0 7b e7 60 64 8f 05 exception.symbol: random+0x3ca97a exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 3975546 exception.address: 0x16ba97a registers.esp: 3276444 registers.edi: 0 registers.eax: 3276444 registers.ebp: 4012245012 registers.edx: 5505024 registers.ebx: 23833259 registers.esi: 1614927004 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 1c 24 bb c5 e1 f5 3d 50 e9 1d fe exception.symbol: random+0x3cafce exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3977166 exception.address: 0x16bafce registers.esp: 3276480 registers.edi: 5516704 registers.eax: 31490 registers.ebp: 4012245012 registers.edx: 23833342 registers.ebx: 19261702 registers.esi: 23833324 registers.ecx: 23833826	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 00 00 00 00 89 34 24 c7 04 24 f0 exception.symbol: random+0x3cb6af exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3978927 exception.address: 0x16bb6af registers.esp: 3276484 registers.edi: 5516704 registers.eax: 6379 registers.ebp: 4012245012 registers.edx: 4294938472 registers.ebx: 19261702 registers.esi: 23833324 registers.ecx: 23865316	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 31 c0 ff 34 07 ff 34 24 ff 34 24 8b 1c 24 83 exception.symbol: random+0x3da4a3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4039843 exception.address: 0x16ca4a3 registers.esp: 3276484 registers.edi: 23929778 registers.eax: 32710 registers.ebp: 4012245012 registers.edx: 6 registers.ebx: 19261924 registers.esi: 1968968720 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb e9 e8 fc ff ff ff 34 24 8b 1c 24 83 c4 04 57 exception.symbol: random+0x3dafc0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4042688 exception.address: 0x16cafc0 registers.esp: 3276484 registers.edi: 23929778 registers.eax: 4294937712 registers.ebp: 4012245012 registers.edx: 6 registers.ebx: 299241 registers.esi: 1968968720 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb e9 1d 04 00 00 81 c4 04 00 00 00 5d 05 fa 5b exception.symbol: random+0x3df977 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4061559 exception.address: 0x16cf977 registers.esp: 3276472 registers.edi: 23929778 registers.eax: 31049 registers.ebp: 4012245012 registers.edx: 6 registers.ebx: 23916834 registers.esi: 1968968720 registers.ecx: 6	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 68 b5 e9 cf 1e 89 0c 24 c7 04 24 dc ba ad 66 exception.symbol: random+0x3dfd39 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4062521 exception.address: 0x16cfd39 registers.esp: 3276476 registers.edi: 23929778 registers.eax: 31049 registers.ebp: 4012245012 registers.edx: 6 registers.ebx: 23947883 registers.esi: 1968968720 registers.ecx: 6	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 34 24 c7 04 24 f8 e1 d3 exception.symbol: random+0x3df302 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4059906 exception.address: 0x16cf302 registers.esp: 3276476 registers.edi: 607422803 registers.eax: 31049 registers.ebp: 4012245012 registers.edx: 6 registers.ebx: 23947883 registers.esi: 1968968720 registers.ecx: 4294939696	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 68 6c 7e 80 7e 89 04 24 b8 19 16 df 6f e9 a7 exception.symbol: random+0x3e1ab9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4070073 exception.address: 0x16d1ab9 registers.esp: 3276472 registers.edi: 607422803 registers.eax: 27013 registers.ebp: 4012245012 registers.edx: 23925999 registers.ebx: 23947883 registers.esi: 1968968720 registers.ecx: 1655064067	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb e9 9c 00 00 00 57 e9 0f fd ff ff 68 62 b5 6b exception.symbol: random+0x3e1c54 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4070484 exception.address: 0x16d1c54 registers.esp: 3276476 registers.edi: 2179369302 registers.eax: 27013 registers.ebp: 4012245012 registers.edx: 23953012 registers.ebx: 23947883 registers.esi: 4294943116 registers.ecx: 1655064067	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 89 14 24 c7 04 24 exception.symbol: random+0x3e2373 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4072307 exception.address: 0x16d2373 registers.esp: 3276476 registers.edi: 2179369302 registers.eax: 30165 registers.ebp: 4012245012 registers.edx: 23959218 registers.ebx: 459076847 registers.esi: 4294943116 registers.ecx: 1068077582	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 68 e6 69 cd 13 89 1c 24 c7 04 24 f1 e0 57 41 exception.symbol: random+0x3e2529 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4072745 exception.address: 0x16d2529 registers.esp: 3276476 registers.edi: 0 registers.eax: 30165 registers.ebp: 4012245012 registers.edx: 23932114 registers.ebx: 459076847 registers.esi: 4294943116 registers.ecx: 2169526098	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 68 c9 11 dd 06 ff 34 24 58 52 c7 04 24 63 0b exception.symbol: random+0x406eba exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4222650 exception.address: 0x16f6eba registers.esp: 3276444 registers.edi: 4294941388 registers.eax: 28885 registers.ebp: 4012245012 registers.edx: 24107659 registers.ebx: 14080 registers.esi: 24147762 registers.ecx: 2179107154	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 14 24 89 3c 24 89 14 24 51 c7 04 exception.symbol: random+0x408f69 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4231017 exception.address: 0x16f8f69 registers.esp: 3276444 registers.edi: 4294941388 registers.eax: 31714 registers.ebp: 4012245012 registers.edx: 24091384 registers.ebx: 0 registers.esi: 37692 registers.ecx: 59733	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 68 c4 98 c6 7b 89 0c 24 c7 04 24 3e fc 3f 6f exception.symbol: random+0x40a66b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4236907 exception.address: 0x16fa66b registers.esp: 3276444 registers.edi: 4294941388 registers.eax: 32290 registers.ebp: 4012245012 registers.edx: 24091384 registers.ebx: 24123929 registers.esi: 37692 registers.ecx: 1413632139	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 2c 24 e9 84 07 00 00 81 c4 04 00 exception.symbol: random+0x409e56 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4234838 exception.address: 0x16f9e56 registers.esp: 3276444 registers.edi: 0 registers.eax: 32290 registers.ebp: 4012245012 registers.edx: 3384217440 registers.ebx: 24094965 registers.esi: 37692 registers.ecx: 1413632139	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 52 ba 5f 56 fc 3d 29 d6 5a 81 ee 4e bc ff 3e exception.symbol: random+0x40b991 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4241809 exception.address: 0x16fb991 registers.esp: 3276440 registers.edi: 24097508 registers.eax: 27136 registers.ebp: 4012245012 registers.edx: 76 registers.ebx: 0 registers.esi: 24097798 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 55 89 1c 24 89 14 24 c7 04 24 3d 2d eb 53 e9 exception.symbol: random+0x40bbab exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4242347 exception.address: 0x16fbbab registers.esp: 3276444 registers.edi: 24097508 registers.eax: 27136 registers.ebp: 4012245012 registers.edx: 76 registers.ebx: 0 registers.esi: 24124934 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 66 e4 bf 3f 81 34 24 ad dd c9 60 exception.symbol: random+0x40bdf5 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4242933 exception.address: 0x16fbdf5 registers.esp: 3276444 registers.edi: 4294943108 registers.eax: 27136 registers.ebp: 4012245012 registers.edx: 76 registers.ebx: 44777 registers.esi: 24124934 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 81 e9 88 19 bf 66 e9 3e f9 ff ff 5b 89 c3 58 exception.symbol: random+0x410497 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4261015 exception.address: 0x1700497 registers.esp: 3276440 registers.edi: 4294943108 registers.eax: 29845 registers.ebp: 4012245012 registers.edx: 0 registers.ebx: 22232098 registers.esi: 24124934 registers.ecx: 24116049	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 56 89 0c 24 b9 fc 47 f7 76 53 51 57 bf d3 65 exception.symbol: random+0x41014f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4260175 exception.address: 0x170014f registers.esp: 3276444 registers.edi: 4294943108 registers.eax: 29845 registers.ebp: 4012245012 registers.edx: 0 registers.ebx: 22232098 registers.esi: 24124934 registers.ecx: 24145894	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 34 24 be e2 f6 b7 6e f7 de e9 81 exception.symbol: random+0x4101ad exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4260269 exception.address: 0x17001ad registers.esp: 3276444 registers.edi: 24811 registers.eax: 29845 registers.ebp: 4012245012 registers.edx: 4294940436 registers.ebx: 22232098 registers.esi: 24124934 registers.ecx: 24145894	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 81 c7 cf 97 f7 2b 52 ba 0a a3 eb 44 c1 ea 05 exception.symbol: random+0x412599 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4269465 exception.address: 0x1702599 registers.esp: 3276440 registers.edi: 24126437 registers.eax: 28780 registers.ebp: 4012245012 registers.edx: 1324911049 registers.ebx: 1378353294 registers.esi: 24124934 registers.ecx: 737829164	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 68 08 2c ca 40 89 2c 24 e9 d3 00 00 00 31 1c exception.symbol: random+0x412b71 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4270961 exception.address: 0x1702b71 registers.esp: 3276444 registers.edi: 24155217 registers.eax: 28780 registers.ebp: 4012245012 registers.edx: 157417 registers.ebx: 1378353294 registers.esi: 4294941344 registers.ecx: 737829164	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 51 83 ec 04 89 04 24 b8 b3 cb 47 7f f7 d0 52 exception.symbol: random+0x4159aa exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4282794 exception.address: 0x17059aa registers.esp: 3276444 registers.edi: 6416726 registers.eax: 25899 registers.ebp: 4012245012 registers.edx: 24164579 registers.ebx: 4294944244 registers.esi: 24137170 registers.ecx: 1923332807	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 51 b9 9f fa ff 7e 81 f1 10 29 f3 79 c1 e9 04 exception.symbol: random+0x416504 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4285700 exception.address: 0x1706504 registers.esp: 3276444 registers.edi: 604292946 registers.eax: 33195 registers.ebp: 4012245012 registers.edx: 1265320350 registers.ebx: 24174955 registers.esi: 24137170 registers.ecx: 4294937580	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb e9 ce 00 00 00 89 e6 81 c6 04 00 00 00 81 c6 exception.symbol: random+0x42fb3a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4389690 exception.address: 0x171fb3a registers.esp: 3276444 registers.edi: 24223414 registers.eax: 24273685 registers.ebp: 4012245012 registers.edx: 2130566132 registers.ebx: 1971716070 registers.esi: 3784968 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 e9 aa 00 00 00 05 37 e7 7d exception.symbol: random+0x42f943 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4389187 exception.address: 0x171f943 registers.esp: 3276444 registers.edi: 3490818920 registers.eax: 24273685 registers.ebp: 4012245012 registers.edx: 2130566132 registers.ebx: 1971716070 registers.esi: 4294941640 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb e9 b7 fd ff ff 8b 04 24 83 c4 04 f7 d6 e9 3d exception.symbol: random+0x43058a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4392330 exception.address: 0x172058a registers.esp: 3276440 registers.edi: 3490818920 registers.eax: 27245 registers.ebp: 4012245012 registers.edx: 2130566132 registers.ebx: 2127279 registers.esi: 4294941640 registers.ecx: 24248263	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 29 f6 ff 34 31 e9 8f fd ff ff ba 08 11 f1 c0 exception.symbol: random+0x4302c0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4391616 exception.address: 0x17202c0 registers.esp: 3276444 registers.edi: 3490818920 registers.eax: 27245 registers.ebp: 4012245012 registers.edx: 2130566132 registers.ebx: 2127279 registers.esi: 4294941640 registers.ecx: 24275508	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb bb 5a ca 17 10 50 55 bd 9b 4e fb 46 81 c5 43 exception.symbol: random+0x4309bf exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4393407 exception.address: 0x17209bf registers.esp: 3276444 registers.edi: 3490818920 registers.eax: 27245 registers.ebp: 4012245012 registers.edx: 2130566132 registers.ebx: 2179369302 registers.esi: 4294942644 registers.ecx: 24275508	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 56 51 57 bf fc 9a 8c 5a e9 1d 00 00 00 31 c3 exception.symbol: random+0x439833 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4429875 exception.address: 0x1729833 registers.esp: 3276444 registers.edi: 24263995 registers.eax: 31039 registers.ebp: 4012245012 registers.edx: 0 registers.ebx: 24287427 registers.esi: 4294942644 registers.ecx: 1239383	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 29 ff ff 34 39 e9 78 05 00 00 31 fa e9 8d 02 exception.symbol: random+0x439e3c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4431420 exception.address: 0x1729e3c registers.esp: 3276444 registers.edi: 24263995 registers.eax: 29190 registers.ebp: 4012245012 registers.edx: 1687345226 registers.ebx: 1291341266 registers.esi: 4294942644 registers.ecx: 24316838	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 51 89 04 24 e9 4f 01 00 00 01 4c 24 04 59 e9 exception.symbol: random+0x439ed6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4431574 exception.address: 0x1729ed6 registers.esp: 3276444 registers.edi: 4294940732 registers.eax: 29190 registers.ebp: 4012245012 registers.edx: 1687345226 registers.ebx: 1291341266 registers.esi: 133886824 registers.ecx: 24316838	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 56 89 0c 24 e9 68 01 00 00 01 c6 81 c6 76 ba exception.symbol: random+0x450901 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4524289 exception.address: 0x1740901 registers.esp: 3276444 registers.edi: 0 registers.eax: 30074 registers.ebp: 4012245012 registers.edx: 98601296 registers.ebx: 24350202 registers.esi: 24382755 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: fb 68 9a e7 49 78 89 2c 24 51 b9 63 4b f5 5d 89 exception.symbol: random+0x4628fb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 4598011 exception.address: 0x17528fb registers.esp: 3276440 registers.edi: 24115764 registers.eax: 31227 registers.ebp: 4012245012 registers.edx: 24453808 registers.ebx: 133120 registers.esi: 24115762 registers.ecx: 3738837507	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 events)

suspicious_features	GET method with no useragent header, Connection to IP address				suspicious_request	GET http://185.215.113.103/
suspicious_features	POST method with no referer header, POST method with no useragent header, Connection to IP address				suspicious_request	POST http://185.215.113.103/e2b1563c6670f193.php

Performs some HTTP requests (2 events)

request	GET http://185.215.113.103/
request	POST http://185.215.113.103/e2b1563c6670f193.php

Sends data using the HTTP POST Method (1 event)

request

POST http://185.215.113.103/e2b1563c6670f193.php

Allocates read-write-execute memory (usually to unpack itself) (14 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 81920 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x012f1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00990000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00cb0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 9:06 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b0000 allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00013c00', u'virtual_address': u'0x00001000', u'entropy': 7.965944991338126, u'name': u' \\x00 ', u'virtual_size': u'0x0023d000'}

entropy

7.96594499134

description

A section with a high entropy has been found

Expresses interest in specific running processes (1 event)

process

system

Communicates with host for which no DNS query was performed (1 event)

host

185.215.113.103

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 21, 2024, 9:06 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 21, 2024, 9:06 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 e9 12 01 00 00 51 f7 14 exception.symbol: random+0x3c5e97 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3956375 exception.address: 0x16b5e97 registers.esp: 3276476 registers.edi: 5516704 registers.eax: 1447909480 registers.ebp: 4012245012 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 23797997 registers.ecx: 20	1	0	0

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Amadey.j!c
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Variant.Zusy.561776
CAT-QuickHeal	TrojanRansom.Crusis
Skyhigh	BehavesLike.Win32.Generic.vh
ALYac	Gen:Variant.Zusy.561776
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.561776
Sangfor	Ransom.Win32.Crusis.Vzs8
CrowdStrike	win/malicious_confidence_90% (D)
BitDefender	Gen:Variant.Zusy.561776
K7GW	Trojan ( 00585f781 )
K7AntiVirus	Trojan ( 00585f781 )
Arcabit	Trojan.Zusy.D89270
VirIT	Trojan.Win32.Genus.WKT
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan-Ransom.Win32.Crusis.gen
Alibaba	Ransom:Win32/Amadey.4d475a3a
NANO-Antivirus	Trojan.Win32.TPM.krxfla
Rising	Stealer.Convagent!8.1326D (TFE:2:Otn13WP5JJL)
Emsisoft	Gen:Variant.Zusy.561776 (B)
F-Secure	Trojan.TR/Crypt.TPM.Gen
TrendMicro	Trojan.Win32.AMADEY.YXEIRZ
McAfeeD	Real Protect-LS!A5B724154EF3
Trapmine	malicious.high.ml.score
CTX	exe.trojan.amadey
Sophos	Mal/Stealc-A
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.a5b724154ef34340
Google	Detected
Avira	TR/Crypt.TPM.Gen
Kingsoft	Win32.HeurC.KVMH008.a
Gridinsoft	Trojan.Win32.Amadey.tr
Xcitium	Malware@#2inhv171gro26
Microsoft	Trojan:Win32/Amadey.HNS!MTB
ViRobot	Trojan.Win.Z.Tedy.2828800
ZoneAlarm	HEUR:Trojan-Ransom.Win32.Crusis.gen
GData	Gen:Variant.Zusy.561776
AhnLab-V3	Trojan/Win.Generic.C5671488
McAfee	Artemis!A5B724154EF3
DeepInstinct	MALICIOUS
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	Spyware.Stealc
Ikarus	Trojan.Win32.Themida

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All