Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 21, 2024, 1:49 p.m.	Sept. 21, 2024, 2:06 p.m.

Size	2.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b5466eeb2b35e47ffc7230ec00d6d4c6`
SHA256	`f310f508de6011bb8066c1dd58e22e2d3b9e15b9d2f830d53095b8c97e0d56e4`
CRC32	`4E7140B2`
ssdeep	`24576:QiPRbIS/5RdsipWx2CxjST/hx0Kdq2DCo1EVbjn30H5Ku2P9Sayd+yvdj9+QbGg6:QeR8S/5/I+bhx0nLoGB3iSPMTX9Ui`
Yara	themida_packer - themida packer CryptBot_IN - CryptBot PE_Header_Zero - PE File Signature IsPE32 - (no description)

game.exe "C:\Users\test22\AppData\Local\Temp\game.exe"
1072

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.215.113.103	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49161 -> 185.215.113.103:80	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Sept. 21, 2024, 1:49 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameA Sept. 21, 2024, 1:49 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 21, 2024, 1:49 p.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 21, 2024, 1:49 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.rsrc
section	.idata
section	wwmsfwdc
section	ahmwdope
section	.taggant

One or more processes crashed (50 out of 123 events)

Time & API	Arguments	Status
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb 60 bd 14 00 22 ef e9 00 02 00 00 b7 a8 45 17 exception.symbol: game+0x241c90 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 2366608 exception.address: 0x14f1c90 registers.esp: 1506000 registers.edi: 0 registers.eax: 1506016 registers.ebp: 1506016 registers.edx: 1506008 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 32 00 00 00 51 b9 2b 53 bf 5b e9 exception.symbol: game+0x242cae exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 2370734 exception.address: 0x14f2cae registers.esp: 1505968 registers.edi: 0 registers.eax: 32610 registers.ebp: 4011982868 registers.edx: 1506008 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 21995414	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 68 e1 27 9a 22 89 1c 24 89 14 exception.symbol: game+0x242da7 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 2370983 exception.address: 0x14f2da7 registers.esp: 1505968 registers.edi: 0 registers.eax: 32610 registers.ebp: 4011982868 registers.edx: 235753 registers.ebx: 4294938324 registers.esi: 0 registers.ecx: 21995414	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 50 56 50 b8 3f a6 fb 72 e9 d5 ff ff ff 29 0c exception.symbol: game+0x2435d9 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 2373081 exception.address: 0x14f35d9 registers.esp: 1505964 registers.edi: 0 registers.eax: 32056 registers.ebp: 4011982868 registers.edx: 102597102 registers.ebx: 138901305 registers.esi: 21967750 registers.ecx: 21995414	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 31 ff 52 56 89 e6 81 c6 04 00 00 00 e9 0a 00 exception.symbol: game+0x243d31 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 2374961 exception.address: 0x14f3d31 registers.esp: 1505968 registers.edi: 0 registers.eax: 32056 registers.ebp: 4011982868 registers.edx: 102597102 registers.ebx: 138901305 registers.esi: 21999806 registers.ecx: 21995414	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 57 e9 c2 00 00 00 81 e7 bb 86 f5 3f 47 81 ef exception.symbol: game+0x2434ff exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 2372863 exception.address: 0x14f34ff registers.esp: 1505968 registers.edi: 4294938064 registers.eax: 32056 registers.ebp: 4011982868 registers.edx: 102597102 registers.ebx: 138901305 registers.esi: 21999806 registers.ecx: 1259	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 56 89 3c 24 89 1c 24 89 04 24 50 52 ba c8 1b exception.symbol: game+0x3a82f7 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3834615 exception.address: 0x16582f7 registers.esp: 1505968 registers.edi: 22002518 registers.eax: 30442 registers.ebp: 4011982868 registers.edx: 21954593 registers.ebx: 2347008 registers.esi: 23459016 registers.ecx: 776208384	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 55 e9 fd fa ff ff 58 57 ff 74 24 04 5f 8f 04 exception.symbol: game+0x3a85e4 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3835364 exception.address: 0x16585e4 registers.esp: 1505968 registers.edi: 4294939760 registers.eax: 1031821160 registers.ebp: 4011982868 registers.edx: 21954593 registers.ebx: 2347008 registers.esi: 23459016 registers.ecx: 776208384	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 51 c7 04 24 67 f9 f5 64 89 14 24 89 3c 24 55 exception.symbol: game+0x3adf29 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3858217 exception.address: 0x165df29 registers.esp: 1505964 registers.edi: 8497 registers.eax: 29230 registers.ebp: 4011982868 registers.edx: 23452728 registers.ebx: 23450139 registers.esi: 0 registers.ecx: 96	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 56 89 2c 24 e9 8a 00 00 00 89 3c 24 bf 2e 77 exception.symbol: game+0x3ae34f exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3859279 exception.address: 0x165e34f registers.esp: 1505968 registers.edi: 8497 registers.eax: 29230 registers.ebp: 4011982868 registers.edx: 23481958 registers.ebx: 50665 registers.esi: 4294940408 registers.ecx: 96	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 57 bf c6 2c 5f 7f e9 5c fb ff ff 68 97 d8 34 exception.symbol: game+0x3b37f7 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3880951 exception.address: 0x16637f7 registers.esp: 1505968 registers.edi: 23478021 registers.eax: 32406 registers.ebp: 4011982868 registers.edx: 1259 registers.ebx: 50665 registers.esi: 0 registers.ecx: 1971442156	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 68 91 48 10 56 89 34 24 exception.symbol: game+0x3bbcbf exception.instruction: in eax, dx exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3914943 exception.address: 0x166bcbf registers.esp: 1505960 registers.edi: 23478021 registers.eax: 1447909480 registers.ebp: 4011982868 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 23489929 registers.ecx: 20	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: game+0x3b9ef6 exception.address: 0x1669ef6 exception.module: game.exe exception.exception_code: 0xc000001d exception.offset: 3907318 registers.esp: 1505960 registers.edi: 23478021 registers.eax: 1 registers.ebp: 4011982868 registers.edx: 22104 registers.ebx: 0 registers.esi: 23489929 registers.ecx: 20	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 b7 30 2d 12 01 exception.symbol: game+0x3bb510 exception.instruction: in eax, dx exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3912976 exception.address: 0x166b510 registers.esp: 1505960 registers.edi: 23478021 registers.eax: 1447909480 registers.ebp: 4011982868 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 23489929 registers.ecx: 10	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: cd 01 eb 00 0f 80 05 00 00 00 66 81 c2 19 87 66 exception.symbol: game+0x3bf65a exception.instruction: int 1 exception.module: game.exe exception.exception_code: 0xc0000005 exception.offset: 3929690 exception.address: 0x166f65a registers.esp: 1505928 registers.edi: 0 registers.eax: 1505928 registers.ebp: 4011982868 registers.edx: 261432320 registers.ebx: 23525292 registers.esi: 23524904 registers.ecx: 261432320	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 55 56 be 4c 7c bb 7f 89 f5 e9 ca fe ff ff 29 exception.symbol: game+0x3c03f3 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3933171 exception.address: 0x16703f3 registers.esp: 1505964 registers.edi: 23478021 registers.eax: 30273 registers.ebp: 4011982868 registers.edx: 538484742 registers.ebx: 2514812 registers.esi: 23526093 registers.ecx: 23478021	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 57 c7 04 24 fc b8 23 18 89 34 24 c7 04 24 ff exception.symbol: game+0x3c00ed exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3932397 exception.address: 0x16700ed registers.esp: 1505968 registers.edi: 23478021 registers.eax: 30273 registers.ebp: 4011982868 registers.edx: 538484742 registers.ebx: 2514812 registers.esi: 23556366 registers.ecx: 23478021	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 af b0 a2 21 ff 34 24 ff 34 24 5b exception.symbol: game+0x3bfb81 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3931009 exception.address: 0x166fb81 registers.esp: 1505968 registers.edi: 23478021 registers.eax: 6379 registers.ebp: 4011982868 registers.edx: 538484742 registers.ebx: 2514812 registers.esi: 23556366 registers.ecx: 4294939820	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 52 89 34 24 89 1c 24 83 ec 04 e9 5c fa ff ff exception.symbol: game+0x3c7932 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3963186 exception.address: 0x1677932 registers.esp: 1505968 registers.edi: 23478021 registers.eax: 27162 registers.ebp: 4011982868 registers.edx: 1209294592 registers.ebx: 564310191 registers.esi: 23583318 registers.ecx: 23539789	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb e9 1b 00 00 00 89 d5 ff 34 24 e9 59 00 00 00 exception.symbol: game+0x3c7acc exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3963596 exception.address: 0x1677acc registers.esp: 1505968 registers.edi: 23478021 registers.eax: 27162 registers.ebp: 4011982868 registers.edx: 1209294592 registers.ebx: 3909414019 registers.esi: 23559038 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb e9 4f 04 00 00 81 c7 04 00 00 00 e9 8a fc ff exception.symbol: game+0x3d039d exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3998621 exception.address: 0x168039d registers.esp: 1505964 registers.edi: 21955374 registers.eax: 30696 registers.ebp: 4011982868 registers.edx: 6 registers.ebx: 2515034 registers.esi: 1971262480 registers.ecx: 23591680	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb e9 44 f5 ff ff 8b 0c 24 81 c4 04 00 00 00 68 exception.symbol: game+0x3d07ac exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3999660 exception.address: 0x16807ac registers.esp: 1505968 registers.edi: 21955374 registers.eax: 30696 registers.ebp: 4011982868 registers.edx: 6 registers.ebx: 2515034 registers.esi: 1971262480 registers.ecx: 23622376	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 57 e9 21 0a 00 00 50 b8 75 7d 9f 7c e9 b0 02 exception.symbol: game+0x3cfde3 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3997155 exception.address: 0x167fde3 registers.esp: 1505968 registers.edi: 4294940080 registers.eax: 30696 registers.ebp: 4011982868 registers.edx: 6 registers.ebx: 27912529 registers.esi: 1971262480 registers.ecx: 23622376	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb e9 7c 01 00 00 ff 04 24 81 2c 24 91 84 4e 3d exception.symbol: game+0x3d3c16 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4013078 exception.address: 0x1683c16 registers.esp: 1505964 registers.edi: 23607594 registers.eax: 30391 registers.ebp: 4011982868 registers.edx: 627075121 registers.ebx: 27912529 registers.esi: 1971262480 registers.ecx: 627075121	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 55 e9 51 01 00 00 81 ee 6e c3 9a 77 01 f0 5e exception.symbol: game+0x3d3a6c exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4012652 exception.address: 0x1683a6c registers.esp: 1505968 registers.edi: 23610525 registers.eax: 30391 registers.ebp: 4011982868 registers.edx: 0 registers.ebx: 27912529 registers.esi: 262633 registers.ecx: 627075121	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 57 53 89 14 24 e9 1f 08 00 00 8b 14 24 83 c4 exception.symbol: game+0x3d6ca3 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4025507 exception.address: 0x1686ca3 registers.esp: 1505956 registers.edi: 23610525 registers.eax: 32211 registers.ebp: 4011982868 registers.edx: 1446305488 registers.ebx: 611340875 registers.esi: 23620169 registers.ecx: 627075121	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 50 56 68 37 9a fd 67 8b 34 24 81 c4 04 00 00 exception.symbol: game+0x3d72c2 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4027074 exception.address: 0x16872c2 registers.esp: 1505960 registers.edi: 23610525 registers.eax: 607453008 registers.ebp: 4011982868 registers.edx: 1446305488 registers.ebx: 611340875 registers.esi: 23622972 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 9b 04 00 00 5b e9 5a 02 00 00 56 exception.symbol: game+0x3e76de exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4093662 exception.address: 0x16976de registers.esp: 1505960 registers.edi: 1605030752 registers.eax: 1459645024 registers.ebp: 4011982868 registers.edx: 0 registers.ebx: 2153842072 registers.esi: 3737519937 registers.ecx: 23691626	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 68 00 d2 6a 72 e9 00 00 00 00 89 2c 24 57 c7 exception.symbol: game+0x3fbc90 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4177040 exception.address: 0x16abc90 registers.esp: 1505928 registers.edi: 23773420 registers.eax: 30010 registers.ebp: 4011982868 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 357775145 registers.ecx: 3817427799	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 31 db e9 51 01 00 00 29 fe 81 ee 9a 89 7d 7f exception.symbol: game+0x3fc327 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4178727 exception.address: 0x16ac327 registers.esp: 1505928 registers.edi: 23773420 registers.eax: 26314 registers.ebp: 4011982868 registers.edx: 2130566132 registers.ebx: 243854012 registers.esi: 23800082 registers.ecx: 3817427799	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 56 89 e6 e9 b5 02 00 00 87 34 24 5c e9 50 01 exception.symbol: game+0x3fc4d2 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4179154 exception.address: 0x16ac4d2 registers.esp: 1505928 registers.edi: 23773420 registers.eax: 26314 registers.ebp: 4011982868 registers.edx: 1392536160 registers.ebx: 4294943572 registers.esi: 23800082 registers.ecx: 3817427799	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 50 b8 44 ba df 5d e9 7a fe ff ff 51 b9 96 25 exception.symbol: game+0x3fd68a exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4183690 exception.address: 0x16ad68a registers.esp: 1505924 registers.edi: 23777120 registers.eax: 30748 registers.ebp: 4011982868 registers.edx: 1926299173 registers.ebx: 23777571 registers.esi: 23776387 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 e9 61 00 00 00 81 c3 56 46 exception.symbol: game+0x3fd449 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4183113 exception.address: 0x16ad449 registers.esp: 1505928 registers.edi: 23777120 registers.eax: 17623376 registers.ebp: 4011982868 registers.edx: 1926299173 registers.ebx: 23808319 registers.esi: 4294939524 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb e9 ce fd ff ff 81 eb fb 5d 76 6b 81 eb 63 5a exception.symbol: game+0x3fe341 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4186945 exception.address: 0x16ae341 registers.esp: 1505928 registers.edi: 23777120 registers.eax: 32294 registers.ebp: 4011982868 registers.edx: 1926299173 registers.ebx: 67742745 registers.esi: 23813225 registers.ecx: 412823409	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 53 e9 00 00 00 00 89 04 24 89 e0 83 ec 04 89 exception.symbol: game+0x3fe78a exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4188042 exception.address: 0x16ae78a registers.esp: 1505928 registers.edi: 23777120 registers.eax: 32294 registers.ebp: 4011982868 registers.edx: 604277073 registers.ebx: 4294937844 registers.esi: 23813225 registers.ecx: 412823409	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 81 ee 27 99 2a 75 03 34 24 e9 4b 00 00 00 81 exception.symbol: game+0x404949 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4213065 exception.address: 0x16b4949 registers.esp: 1505924 registers.edi: 23777120 registers.eax: 32752 registers.ebp: 4011982868 registers.edx: 23798505 registers.ebx: 21966671 registers.esi: 23806426 registers.ecx: 1969225870	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb e9 e8 01 00 00 55 bd 04 00 00 00 01 6c 24 04 exception.symbol: game+0x4044fd exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4211965 exception.address: 0x16b44fd registers.esp: 1505928 registers.edi: 23777120 registers.eax: 32752 registers.ebp: 4011982868 registers.edx: 23798505 registers.ebx: 21966671 registers.esi: 23839178 registers.ecx: 1969225870	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 53 89 04 24 e9 a6 fc ff ff 8b 3c 24 52 54 5a exception.symbol: game+0x4048fd exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4212989 exception.address: 0x16b48fd registers.esp: 1505928 registers.edi: 23777120 registers.eax: 32752 registers.ebp: 4011982868 registers.edx: 23798505 registers.ebx: 0 registers.esi: 23809406 registers.ecx: 1474398545	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 56 c7 04 24 53 52 57 7b c1 2c 24 01 e9 18 05 exception.symbol: game+0x404fc1 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4214721 exception.address: 0x16b4fc1 registers.esp: 1505928 registers.edi: 23777120 registers.eax: 30467 registers.ebp: 4011982868 registers.edx: 23798505 registers.ebx: 157417 registers.esi: 4294939700 registers.ecx: 23840247	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 56 e9 35 f7 ff ff 59 87 1c 24 5c 89 04 24 52 exception.symbol: game+0x40732c exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4223788 exception.address: 0x16b732c registers.esp: 1505928 registers.edi: 23814393 registers.eax: 33063 registers.ebp: 4011982868 registers.edx: 23837109 registers.ebx: 23849664 registers.esi: 1237833747 registers.ecx: 27904	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 52 55 e9 d6 00 00 00 01 5c 24 04 8b 1c 24 83 exception.symbol: game+0x407236 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4223542 exception.address: 0x16b7236 registers.esp: 1505928 registers.edi: 606898512 registers.eax: 33063 registers.ebp: 4011982868 registers.edx: 23837109 registers.ebx: 23849664 registers.esi: 1237833747 registers.ecx: 4294937424	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 55 e9 ad 01 00 00 83 c4 04 81 e9 80 66 ff 3f exception.symbol: game+0x40c98f exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4245903 exception.address: 0x16bc98f registers.esp: 1505924 registers.edi: 606898512 registers.eax: 27803 registers.ebp: 4011982868 registers.edx: 2130566132 registers.ebx: 2147483650 registers.esi: 23821616 registers.ecx: 23841049	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 51 89 e1 57 e9 c7 01 00 00 89 04 24 e9 1c 02 exception.symbol: game+0x40cc84 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4246660 exception.address: 0x16bcc84 registers.esp: 1505928 registers.edi: 0 registers.eax: 27803 registers.ebp: 4011982868 registers.edx: 2130566132 registers.ebx: 2147483650 registers.esi: 322689 registers.ecx: 23843608	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 52 50 e9 4c 01 00 00 58 c1 eb 01 e9 32 00 00 exception.symbol: game+0x42391e exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4339998 exception.address: 0x16d391e registers.esp: 1505928 registers.edi: 23936450 registers.eax: 30922 registers.ebp: 4011982868 registers.edx: 3102146664 registers.ebx: 23916733 registers.esi: 8634348 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 56 be 71 d0 ff 5f f7 de e9 a2 ff ff ff 81 c1 exception.symbol: game+0x42b64c exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4372044 exception.address: 0x16db64c registers.esp: 1505924 registers.edi: 23952377 registers.eax: 29923 registers.ebp: 4011982868 registers.edx: 23964317 registers.ebx: 4017061847 registers.esi: 32570798 registers.ecx: 776208384	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb e9 16 03 00 00 bd f7 3b ae a1 01 ef e9 f0 02 exception.symbol: game+0x42adf1 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4369905 exception.address: 0x16dadf1 registers.esp: 1505928 registers.edi: 4294940620 registers.eax: 29923 registers.ebp: 4011982868 registers.edx: 23994240 registers.ebx: 4017061847 registers.esi: 1750945877 registers.ecx: 776208384	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb e9 5c ff ff ff 81 e1 00 62 be 37 c1 e9 01 52 exception.symbol: game+0x4348d5 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4409557 exception.address: 0x16e48d5 registers.esp: 1505924 registers.edi: 23639030 registers.eax: 28505 registers.ebp: 4011982868 registers.edx: 49132 registers.ebx: 23981233 registers.esi: 24003596 registers.ecx: 2130566127	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 68 dc df 09 20 89 3c 24 e9 00 00 00 00 c7 04 exception.symbol: game+0x434615 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4408853 exception.address: 0x16e4615 registers.esp: 1505928 registers.edi: 23639030 registers.eax: 28505 registers.ebp: 4011982868 registers.edx: 1293183056 registers.ebx: 23981233 registers.esi: 24006429 registers.ecx: 0	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 50 b8 93 8d 5f 4f 48 f7 d0 2d c6 a4 f7 63 f7 exception.symbol: game+0x4397f7 exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4429815 exception.address: 0x16e97f7 registers.esp: 1505924 registers.edi: 24023079 registers.eax: 27893 registers.ebp: 4011982868 registers.edx: 108 registers.ebx: 4035411680 registers.esi: 3979098922 registers.ecx: 109	1
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: fb 51 c7 04 24 67 b0 73 67 81 34 24 e7 0b 90 37 exception.symbol: game+0x43990e exception.instruction: sti exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 4430094 exception.address: 0x16e990e registers.esp: 1505928 registers.edi: 24050972 registers.eax: 27893 registers.ebp: 4011982868 registers.edx: 108 registers.ebx: 4035411680 registers.esi: 3979098922 registers.ecx: 109	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 events)

suspicious_features	GET method with no useragent header, Connection to IP address				suspicious_request	GET http://185.215.113.103/
suspicious_features	POST method with no referer header, POST method with no useragent header, Connection to IP address				suspicious_request	POST http://185.215.113.103/e2b1563c6670f193.php

Performs some HTTP requests (2 events)

request	GET http://185.215.113.103/
request	POST http://185.215.113.103/e2b1563c6670f193.php

Sends data using the HTTP POST Method (1 event)

request

POST http://185.215.113.103/e2b1563c6670f193.php

Allocates read-write-execute memory (usually to unpack itself) (13 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7793f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 81920 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x012b1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00930000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bd0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 21, 2024, 1:49 p.m.	process_identifier: 1072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008e0000 allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00013a00', u'virtual_address': u'0x00001000', u'entropy': 7.973512705004271, u'name': u' \\x00 ', u'virtual_size': u'0x0023d000'}

entropy

7.973512705

description

A section with a high entropy has been found

Expresses interest in specific running processes (1 event)

process

system

Communicates with host for which no DNS query was performed (1 event)

host

185.215.113.103

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 21, 2024, 1:49 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 21, 2024, 1:49 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 68 91 48 10 56 89 34 24 exception.symbol: game+0x3bbcbf exception.instruction: in eax, dx exception.module: game.exe exception.exception_code: 0xc0000096 exception.offset: 3914943 exception.address: 0x166bcbf registers.esp: 1505960 registers.edi: 23478021 registers.eax: 1447909480 registers.ebp: 4011982868 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 23489929 registers.ecx: 20	1	0	0

File has been identified by 36 AntiVirus engines on VirusTotal as malicious (36 events)

Bkav	W32.AIDetectMalware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.vh
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.561776
CrowdStrike	win/malicious_confidence_100% (D)
BitDefender	Gen:Variant.Zusy.561776
Arcabit	Trojan.Zusy.D89270
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
Kaspersky	HEUR:Trojan.MSIL.Generic
MicroWorld-eScan	Gen:Variant.Zusy.561776
Emsisoft	Gen:Variant.Zusy.561776 (B)
F-Secure	Trojan.TR/Crypt.TPM.Gen
McAfeeD	Real Protect-LS!B5466EEB2B35
Trapmine	malicious.high.ml.score
CTX	exe.unknown.zusy
Sophos	Mal/Stealc-A
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.b5466eeb2b35e47f
Google	Detected
Avira	TR/Crypt.TPM.Gen
Kingsoft	malware.kb.b.998
Gridinsoft	Trojan.Heur!.032120A1
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan.MSIL.Generic
GData	Gen:Variant.Zusy.561776
VBA32	TScope.Malware-Cryptor.SB
DeepInstinct	MALICIOUS
Malwarebytes	Spyware.Stealc
Ikarus	Trojan.Win32.Themida
Zoner	Probably Heur.ExeHeaderL
AVG	Win32:PWSX-gen [Trj]

game.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All