Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 6, 2024, 12:46 p.m.	Oct. 6, 2024, 12:52 p.m.

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3c445725c0d2e80428429f7904bc56bb`
SHA256	`56351e7459235ab7cd48519f69995bdebbd5240add70a1cde2e1ae85a2dd1565`
CRC32	`02A45ACA`
ssdeep	`49152:A/Nkt+JQ6s3pwZfD5YkoQ6ww0o55g66ggBO:Ok+O3qDmi69f6RQ`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description)

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
1460

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 6, 2024, 12:46 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (7 events)

section	\x00
section	.rsrc
section	.idata
section
section	bafbxqwl
section	darwazrc
section	.taggant

One or more processes crashed (50 out of 125 events)

Time & API	Arguments	Status
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: random+0x3210b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3281081 exception.address: 0xe310b9 registers.esp: 4651016 registers.edi: 0 registers.eax: 1 registers.ebp: 4651032 registers.edx: 16633856 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 53 89 3c 24 52 e9 13 01 00 00 fb bb a1 22 36 exception.symbol: random+0x6224b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 401995 exception.address: 0xb7224b registers.esp: 4650984 registers.edi: 1971192040 registers.eax: 12029345 registers.ebp: 4002021396 registers.edx: 11599872 registers.ebx: 1587521275 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb bb a1 22 36 10 57 89 14 24 53 bb b6 ef ca 6b exception.symbol: random+0x62256 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 402006 exception.address: 0xb72256 registers.esp: 4650984 registers.edi: 1971192040 registers.eax: 12003577 registers.ebp: 4002021396 registers.edx: 17819990 registers.ebx: 1587521275 registers.esi: 0 registers.ecx: 1971388416	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb e9 6d 01 00 00 55 e9 1a 04 00 00 f7 14 24 59 exception.symbol: random+0x62cd6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 404694 exception.address: 0xb72cd6 registers.esp: 4650980 registers.edi: 12004025 registers.eax: 26999 registers.ebp: 4002021396 registers.edx: 17819990 registers.ebx: 728131814 registers.esi: 0 registers.ecx: 1971388416	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 52 89 34 24 89 0c 24 c7 04 24 00 00 db 21 89 exception.symbol: random+0x634a9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 406697 exception.address: 0xb734a9 registers.esp: 4650984 registers.edi: 12031024 registers.eax: 26999 registers.ebp: 4002021396 registers.edx: 17819990 registers.ebx: 728131814 registers.esi: 0 registers.ecx: 1971388416	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb b8 75 74 df 2f 50 c7 04 24 00 6c 0f 56 e9 56 exception.symbol: random+0x63678 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 407160 exception.address: 0xb73678 registers.esp: 4650984 registers.edi: 12007252 registers.eax: 240873 registers.ebp: 4002021396 registers.edx: 17819990 registers.ebx: 0 registers.esi: 0 registers.ecx: 1971388416	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb e9 c1 00 00 00 81 eb 01 00 00 00 0f 85 87 fe exception.symbol: random+0x1e8f5c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2002780 exception.address: 0xcf8f5c registers.esp: 4650984 registers.edi: 12040491 registers.eax: 27287 registers.ebp: 4002021396 registers.edx: 2130566132 registers.ebx: 58327930 registers.esi: 13583850 registers.ecx: 13628972	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 56 89 e6 83 ec 04 89 1c 24 e9 b4 06 00 00 be exception.symbol: random+0x1e8f6e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2002798 exception.address: 0xcf8f6e registers.esp: 4650984 registers.edi: 12040491 registers.eax: 27287 registers.ebp: 4002021396 registers.edx: 209129 registers.ebx: 0 registers.esi: 13583850 registers.ecx: 13604592	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 81 c2 7e 6d df 6f 52 89 1c 24 52 ba 13 d3 6c exception.symbol: random+0x1ebaef exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2013935 exception.address: 0xcfbaef registers.esp: 4650980 registers.edi: 3302588939 registers.eax: 25861 registers.ebp: 4002021396 registers.edx: 13612298 registers.ebx: 13609677 registers.esi: 428782434 registers.ecx: 61424	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 68 ab af 99 15 89 2c 24 89 04 24 50 89 e0 05 exception.symbol: random+0x1ebd75 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2014581 exception.address: 0xcfbd75 registers.esp: 4650984 registers.edi: 3302588939 registers.eax: 25861 registers.ebp: 4002021396 registers.edx: 13615275 registers.ebx: 13609677 registers.esi: 3077113192 registers.ecx: 0	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 68 2e 61 30 29 89 0c 24 b9 5b 7f ff 14 29 cf exception.symbol: random+0x1ec945 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2017605 exception.address: 0xcfc945 registers.esp: 4650980 registers.edi: 13615669 registers.eax: 29440 registers.ebp: 4002021396 registers.edx: 13615275 registers.ebx: 13609677 registers.esi: 3077113192 registers.ecx: 1469076799	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 11 8b 75 7f 81 04 24 85 c2 9d 4b exception.symbol: random+0x1ec7cf exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2017231 exception.address: 0xcfc7cf registers.esp: 4650984 registers.edi: 13618345 registers.eax: 0 registers.ebp: 4002021396 registers.edx: 13615275 registers.ebx: 13609677 registers.esi: 134889 registers.ecx: 1469076799	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 55 50 89 e0 e9 f3 bf ff exception.symbol: random+0x1f9833 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2070579 exception.address: 0xd09833 registers.esp: 4650976 registers.edi: 7679608 registers.eax: 1447909480 registers.ebp: 4002021396 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 13648304 registers.ecx: 20	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x1f5fa2 exception.address: 0xd05fa2 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 2056098 registers.esp: 4650976 registers.edi: 7679608 registers.eax: 1 registers.ebp: 4002021396 registers.edx: 22104 registers.ebx: 0 registers.esi: 13648304 registers.ecx: 20	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 41 39 2d 12 01 exception.symbol: random+0x1f5a6b exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2054763 exception.address: 0xd05a6b registers.esp: 4650976 registers.edi: 7679608 registers.eax: 1447909480 registers.ebp: 4002021396 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13648304 registers.ecx: 10	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 81 c7 75 97 ad 19 81 ef 00 c2 97 6f 03 3c 24 exception.symbol: random+0x1fd01c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2084892 exception.address: 0xd0d01c registers.esp: 4650980 registers.edi: 13682715 registers.eax: 30918 registers.ebp: 4002021396 registers.edx: 2130566132 registers.ebx: 33714468 registers.esi: 10 registers.ecx: 752615424	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 53 e9 37 f5 ff ff 5a e9 20 f5 ff ff 89 c8 59 exception.symbol: random+0x1fd330 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2085680 exception.address: 0xd0d330 registers.esp: 4650984 registers.edi: 13713633 registers.eax: 6379 registers.ebp: 4002021396 registers.edx: 2130566132 registers.ebx: 33714468 registers.esi: 4294939360 registers.ecx: 752615424	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: cd 01 eb 00 e8 0b 00 00 00 06 2c 5e 60 52 81 1c exception.symbol: random+0x1fd8ab exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 2087083 exception.address: 0xd0d8ab registers.esp: 4650944 registers.edi: 0 registers.eax: 4650944 registers.ebp: 4002021396 registers.edx: 13735905 registers.ebx: 13687191 registers.esi: 2907278387 registers.ecx: 55703	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 50 e9 32 04 00 00 57 e9 9a 01 00 00 81 c3 04 exception.symbol: random+0x20d51b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2151707 exception.address: 0xd1d51b registers.esp: 4650980 registers.edi: 11994190 registers.eax: 27733 registers.ebp: 4002021396 registers.edx: 6 registers.ebx: 33714690 registers.esi: 13749960 registers.ecx: 0	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 53 e9 14 05 00 00 ff 34 24 e9 38 04 00 00 2d exception.symbol: random+0x20d12d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2150701 exception.address: 0xd1d12d registers.esp: 4650984 registers.edi: 4294942644 registers.eax: 27733 registers.ebp: 4002021396 registers.edx: 31385941 registers.ebx: 33714690 registers.esi: 13777693 registers.ecx: 0	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 56 e9 e1 00 00 00 2d 8f a8 77 7f 5e 2d 5b 86 exception.symbol: random+0x20f480 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2159744 exception.address: 0xd1f480 registers.esp: 4650980 registers.edi: 4294942644 registers.eax: 13759232 registers.ebp: 4002021396 registers.edx: 1548157610 registers.ebx: 33714690 registers.esi: 13777693 registers.ecx: 0	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 55 c7 04 24 e1 87 95 74 89 3c 24 52 89 3c 24 exception.symbol: random+0x20f5bc exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2160060 exception.address: 0xd1f5bc registers.esp: 4650984 registers.edi: 4294942644 registers.eax: 13791078 registers.ebp: 4002021396 registers.edx: 1548157610 registers.ebx: 33714690 registers.esi: 13777693 registers.ecx: 0	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb e9 95 02 00 00 89 2c 24 bd 26 a0 fe 7b 81 ef exception.symbol: random+0x20f77f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2160511 exception.address: 0xd1f77f registers.esp: 4650984 registers.edi: 4294942644 registers.eax: 13791078 registers.ebp: 4002021396 registers.edx: 1548157610 registers.ebx: 33714690 registers.esi: 1058537 registers.ecx: 4294938100	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb e9 11 f8 ff ff 83 ec 04 e9 00 00 00 00 89 34 exception.symbol: random+0x213f64 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2178916 exception.address: 0xd23f64 registers.esp: 4650976 registers.edi: 4294942644 registers.eax: 30419 registers.ebp: 4002021396 registers.edx: 1615469850 registers.ebx: 33714690 registers.esi: 13806347 registers.ecx: 1615469850	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 50 e9 85 fe ff ff b9 6d cf df 7e 81 c1 05 45 exception.symbol: random+0x2137c0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2176960 exception.address: 0xd237c0 registers.esp: 4650976 registers.edi: 4294942644 registers.eax: 1179202795 registers.ebp: 4002021396 registers.edx: 4294939952 registers.ebx: 33714690 registers.esi: 13806347 registers.ecx: 1615469850	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 53 89 14 24 68 e4 4e 7b 17 5a 29 d7 e9 8f 00 exception.symbol: random+0x218b7b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2198395 exception.address: 0xd28b7b registers.esp: 4650972 registers.edi: 13796531 registers.eax: 32914 registers.ebp: 4002021396 registers.edx: 2130566132 registers.ebx: 33714690 registers.esi: 13806347 registers.ecx: 752615424	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb e9 17 f5 ff ff bf 35 f1 ff 43 52 ba 41 67 fa exception.symbol: random+0x218fa7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2199463 exception.address: 0xd28fa7 registers.esp: 4650976 registers.edi: 13799469 registers.eax: 84201 registers.ebp: 4002021396 registers.edx: 0 registers.ebx: 33714690 registers.esi: 13806347 registers.ecx: 752615424	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 55 bd 3e ab df 5a 81 f5 70 8e 22 6d 29 eb 5d exception.symbol: random+0x23cf06 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2346758 exception.address: 0xd4cf06 registers.esp: 4650940 registers.edi: 13800617 registers.eax: 28277 registers.ebp: 4002021396 registers.edx: 2130566132 registers.ebx: 13944067 registers.esi: 13940073 registers.ecx: 752615424	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 57 89 e7 81 c7 04 00 00 00 52 ba 04 00 00 00 exception.symbol: random+0x23cb9f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2345887 exception.address: 0xd4cb9f registers.esp: 4650944 registers.edi: 13800617 registers.eax: 28277 registers.ebp: 4002021396 registers.edx: 2130566132 registers.ebx: 13972344 registers.esi: 13940073 registers.ecx: 752615424	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 57 c7 04 24 f7 22 f3 73 e9 85 00 00 00 5e 83 exception.symbol: random+0x23cb7e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2345854 exception.address: 0xd4cb7e registers.esp: 4650944 registers.edi: 13800617 registers.eax: 28277 registers.ebp: 4002021396 registers.edx: 4294942016 registers.ebx: 13972344 registers.esi: 13940073 registers.ecx: 322689	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 68 3f 2f d0 3d e9 e8 f8 ff ff 89 14 24 51 c7 exception.symbol: random+0x23da19 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2349593 exception.address: 0xd4da19 registers.esp: 4650940 registers.edi: 13800617 registers.eax: 29657 registers.ebp: 4002021396 registers.edx: 1946030614 registers.ebx: 13947483 registers.esi: 13940073 registers.ecx: 2054224787	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 c7 04 24 1e 25 cb exception.symbol: random+0x23d720 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2348832 exception.address: 0xd4d720 registers.esp: 4650944 registers.edi: 1173843 registers.eax: 29657 registers.ebp: 4002021396 registers.edx: 1946030614 registers.ebx: 13950536 registers.esi: 0 registers.ecx: 2054224787	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 57 bf 06 02 ff 19 89 fb 8b 3c 24 e9 8a 01 00 exception.symbol: random+0x23e83f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2353215 exception.address: 0xd4e83f registers.esp: 4650944 registers.edi: 4294941892 registers.eax: 27953 registers.ebp: 4002021396 registers.edx: 812826422 registers.ebx: 13950536 registers.esi: 13978950 registers.ecx: 3411163752	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb e9 32 03 00 00 2d a3 cb f6 55 c1 e8 06 68 10 exception.symbol: random+0x23f316 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2355990 exception.address: 0xd4f316 registers.esp: 4650944 registers.edi: 4294941892 registers.eax: 13982811 registers.ebp: 4002021396 registers.edx: 1022768604 registers.ebx: 1225633335 registers.esi: 13978950 registers.ecx: 774852838	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb ba b0 b7 bb 22 c1 e2 07 c1 e2 03 e9 3f fb ff exception.symbol: random+0x23f126 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2355494 exception.address: 0xd4f126 registers.esp: 4650944 registers.edi: 4294941892 registers.eax: 13982811 registers.ebp: 4002021396 registers.edx: 4294941408 registers.ebx: 2644325216 registers.esi: 13978950 registers.ecx: 774852838	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 50 b8 9b 7a 7d 7b e9 14 00 00 00 5e 81 ef 29 exception.symbol: random+0x245ef0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2383600 exception.address: 0xd55ef0 registers.esp: 4650944 registers.edi: 4294941864 registers.eax: 14010197 registers.ebp: 4002021396 registers.edx: 0 registers.ebx: 4055056851 registers.esi: 541176338 registers.ecx: 971611533	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb e9 28 fc ff ff 57 89 04 24 b8 79 5a fb 64 52 exception.symbol: random+0x249fb4 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2400180 exception.address: 0xd59fb4 registers.esp: 4650944 registers.edi: 14001846 registers.eax: 27345 registers.ebp: 4002021396 registers.edx: 69097 registers.ebx: 301334013 registers.esi: 541150906 registers.ecx: 0	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 51 89 e1 e9 e4 07 00 00 21 f9 8b 3c 24 e9 23 exception.symbol: random+0x24d2c2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2413250 exception.address: 0xd5d2c2 registers.esp: 4650944 registers.edi: 14011059 registers.eax: 27241 registers.ebp: 4002021396 registers.edx: 545263617 registers.ebx: 14039465 registers.esi: 4097 registers.ecx: 0	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 55 50 b8 84 46 fb 37 bd 7d 17 82 37 01 c5 e9 exception.symbol: random+0x24d5bc exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2414012 exception.address: 0xd5d5bc registers.esp: 4650944 registers.edi: 14011059 registers.eax: 3924265303 registers.ebp: 4002021396 registers.edx: 545263617 registers.ebx: 14015321 registers.esi: 0 registers.ecx: 0	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 51 b9 55 19 76 7b 81 c1 c8 50 fe 3f 49 49 81 exception.symbol: random+0x24dfff exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2416639 exception.address: 0xd5dfff registers.esp: 4650944 registers.edi: 14011059 registers.eax: 28539 registers.ebp: 4002021396 registers.edx: 545263617 registers.ebx: 14015321 registers.esi: 0 registers.ecx: 14044286	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 68 0d c1 df 61 89 14 24 55 bd 5a 51 3d 7f 57 exception.symbol: random+0x24e2c1 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2417345 exception.address: 0xd5e2c1 registers.esp: 4650944 registers.edi: 1156474966 registers.eax: 28539 registers.ebp: 4002021396 registers.edx: 0 registers.ebx: 14015321 registers.esi: 0 registers.ecx: 14018806	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 68 04 3c bd 78 89 14 24 56 e9 69 01 00 00 52 exception.symbol: random+0x25a8ae exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2468014 exception.address: 0xd6a8ae registers.esp: 4650940 registers.edi: 2858707010 registers.eax: 31344 registers.ebp: 4002021396 registers.edx: 2130566132 registers.ebx: 2147483650 registers.esi: 14032034 registers.ecx: 14066665	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 31 f6 ff 34 0e 8b 04 24 55 e9 ed 04 00 00 29 exception.symbol: random+0x25a608 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2467336 exception.address: 0xd6a608 registers.esp: 4650944 registers.edi: 2858707010 registers.eax: 31344 registers.ebp: 4002021396 registers.edx: 2130566132 registers.ebx: 2147483650 registers.esi: 14032034 registers.ecx: 14098009	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 81 ec 04 00 00 00 89 14 24 e9 exception.symbol: random+0x25a402 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2466818 exception.address: 0xd6a402 registers.esp: 4650944 registers.edi: 2858707010 registers.eax: 3220726200 registers.ebp: 4002021396 registers.edx: 2130566132 registers.ebx: 2147483650 registers.esi: 4294938328 registers.ecx: 14098009	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 2c 24 56 50 b8 a8 cc eb exception.symbol: random+0x25b8e8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2472168 exception.address: 0xd6b8e8 registers.esp: 4650940 registers.edi: 2858707010 registers.eax: 14069547 registers.ebp: 4002021396 registers.edx: 2130566132 registers.ebx: 1145008558 registers.esi: 4294938328 registers.ecx: 14098009	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 57 68 e0 95 7e 48 89 2c 24 e9 08 fc ff ff 5f exception.symbol: random+0x25b528 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2471208 exception.address: 0xd6b528 registers.esp: 4650944 registers.edi: 2858707010 registers.eax: 14100617 registers.ebp: 4002021396 registers.edx: 2130566132 registers.ebx: 1145008558 registers.esi: 4294938328 registers.ecx: 14098009	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb e9 f3 02 00 00 bd d8 eb 83 7b e9 28 ff ff ff exception.symbol: random+0x25b86e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2472046 exception.address: 0xd6b86e registers.esp: 4650944 registers.edi: 2858707010 registers.eax: 14100617 registers.ebp: 4002021396 registers.edx: 1971291496 registers.ebx: 1145008558 registers.esi: 4294939364 registers.ecx: 14098009	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 0c 24 e9 ae fe ff ff 29 exception.symbol: random+0x275726 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2578214 exception.address: 0xd85726 registers.esp: 4650940 registers.edi: 14164292 registers.eax: 26308 registers.ebp: 4002021396 registers.edx: 14176824 registers.ebx: 14123933 registers.esi: 2670572 registers.ecx: 752615424	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 0a fb ff ff ba 65 77 bf 75 c1 e2 exception.symbol: random+0x275bb9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2579385 exception.address: 0xd85bb9 registers.esp: 4650944 registers.edi: 2752854888 registers.eax: 26308 registers.ebp: 4002021396 registers.edx: 14179800 registers.ebx: 0 registers.esi: 2670572 registers.ecx: 752615424	1
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: fb 81 ea 07 d5 6d 7e 81 c2 42 3f b5 7d 81 c2 47 exception.symbol: random+0x2792ee exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2593518 exception.address: 0xd892ee registers.esp: 4650940 registers.edi: 2752854888 registers.eax: 28837 registers.ebp: 4002021396 registers.edx: 14192898 registers.ebx: 0 registers.esi: 2670572 registers.ecx: 752615424	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7793f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 155648 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b11000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00350000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00360000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00550000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00660000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00550000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00550000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00550000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00550000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 6, 2024, 12:46 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00550000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00025e00', u'virtual_address': u'0x00001000', u'entropy': 7.985255551034826, u'name': u' \\x00 ', u'virtual_size': u'0x0005d000'}

entropy

7.98525555103

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x001aaa00', u'virtual_address': u'0x00321000', u'entropy': 7.954328569666667, u'name': u'bafbxqwl', u'virtual_size': u'0x001ab000'}

entropy

7.95432856967

description

A section with a high entropy has been found

entropy

0.994380519133

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Oct. 6, 2024, 12:46 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 6, 2024, 12:46 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 55 50 89 e0 e9 f3 bf ff exception.symbol: random+0x1f9833 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2070579 exception.address: 0xd09833 registers.esp: 4650976 registers.edi: 7679608 registers.eax: 1447909480 registers.ebp: 4002021396 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 13648304 registers.ecx: 20	1	0	0

File has been identified by 26 AntiVirus engines on VirusTotal as malicious (26 events)

Bkav	W32.AIDetectMalware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.tc
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_100% (D)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Miner.vho
F-Secure	Trojan.TR/Crypt.ZPACK.Gen
McAfeeD	Real Protect-LS!3C445725C0D2
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A
FireEye	Generic.mg.3c445725c0d2e804
Avira	TR/Crypt.ZPACK.Gen
Kingsoft	malware.kb.b.1000
Gridinsoft	Trojan.Heur!.03A120A1
Microsoft	Trojan:Win32/Phonzy.B!ml
ZoneAlarm	HEUR:Trojan.Win32.Miner.vho
AhnLab-V3	Trojan/Win.Generic.C5678949
DeepInstinct	MALICIOUS
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	Trojan.Amadey
Zoner	Probably Heur.ExeHeaderL
Tencent	Trojan-DL.Win32.Deyma.kh

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All