Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 11, 2024, 11:13 a.m.	Oct. 11, 2024, 11:15 a.m.

Size	1.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9f875cd80ee26b55a71c2f795eb01c33`
SHA256	`a599f8e501bc4a1a7f1ed10b05b5b6fe4c6f13c40c1065af952740880123bfb9`
CRC32	`24966F71`
ssdeep	`49152:vlLGONNFXxwMaaX4YqcGIc6f411g5l8i:lxNFZqr56f41e`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description)

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
1792

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
141.94.96.71	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (8 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 11, 2024, 11:13 a.m.			0	0
IsDebuggerPresent Oct. 11, 2024, 11:13 a.m.			0	0
IsDebuggerPresent Oct. 11, 2024, 11:13 a.m.			0	0
IsDebuggerPresent Oct. 11, 2024, 11:13 a.m.			0	0
IsDebuggerPresent Oct. 11, 2024, 11:13 a.m.			0	0
IsDebuggerPresent Oct. 11, 2024, 11:13 a.m.			0	0
IsDebuggerPresent Oct. 11, 2024, 11:13 a.m.			0	0
IsDebuggerPresent Oct. 11, 2024, 11:13 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 11, 2024, 11:13 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	huqafuoy
section	rjmnixlk
section	.taggant

One or more processes crashed (50 out of 116 events)

Time & API	Arguments	Status
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: random+0x2ac0b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2801849 exception.address: 0xacc0b9 registers.esp: 1375508 registers.edi: 0 registers.eax: 1 registers.ebp: 1375524 registers.edx: 13025280 registers.ebx: 4294828032 registers.esi: 0 registers.ecx: 0	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: 66 81 38 4d 5a 75 0e 0f b7 50 3c 01 c2 81 3a 50 exception.symbol: random+0xba0f exception.instruction: cmp word ptr [eax], 0x5a4d exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 47631 exception.address: 0x82ba0f registers.esp: 1375468 registers.edi: 0 registers.eax: 8523776 registers.ebp: 3974275092 registers.edx: 40960 registers.ebx: 8526256 registers.esi: 0 registers.ecx: 40960	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 56 89 1c 24 bb c6 e5 47 6f 50 e9 12 fc ff ff exception.symbol: random+0xc9a6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 51622 exception.address: 0x82c9a6 registers.esp: 1375472 registers.edi: 1971192040 registers.eax: 30578 registers.ebp: 3974275092 registers.edx: 8568300 registers.ebx: 8519758 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 31 ff e9 ed 02 00 00 89 14 24 53 89 3c 24 89 exception.symbol: random+0xc168 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 49512 exception.address: 0x82c168 registers.esp: 1375476 registers.edi: 1971192040 registers.eax: 30578 registers.ebp: 3974275092 registers.edx: 8598878 registers.ebx: 8519758 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb e9 6a 01 00 00 fb 31 ff e9 ed 02 00 00 89 14 exception.symbol: random+0xc162 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 49506 exception.address: 0x82c162 registers.esp: 1375476 registers.edi: 4294939732 registers.eax: 30578 registers.ebp: 3974275092 registers.edx: 8598878 registers.ebx: 239849 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 c7 04 24 c9 8f af 2b 81 24 exception.symbol: random+0xcecd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 52941 exception.address: 0x82cecd registers.esp: 1375476 registers.edi: 4294939732 registers.eax: 28250 registers.ebp: 3974275092 registers.edx: 8600858 registers.ebx: 239849 registers.esi: 3 registers.ecx: 1043356585	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 52 c7 04 24 2a 03 71 01 89 04 24 e9 13 06 00 exception.symbol: random+0xd404 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 54276 exception.address: 0x82d404 registers.esp: 1375476 registers.edi: 4294942076 registers.eax: 28250 registers.ebp: 3974275092 registers.edx: 8600858 registers.ebx: 239849 registers.esi: 1259 registers.ecx: 1043356585	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 57 83 ec 04 89 2c 24 51 e9 c8 00 00 00 f7 d3 exception.symbol: random+0x18b837 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1620023 exception.address: 0x9ab837 registers.esp: 1375472 registers.edi: 8607914 registers.eax: 28188 registers.ebp: 3974275092 registers.edx: 4294826996 registers.ebx: 58327930 registers.esi: 10122079 registers.ecx: 10138510	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 57 e9 f3 fc ff ff 01 c6 58 83 c6 04 e9 7e 03 exception.symbol: random+0x18b9dc exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1620444 exception.address: 0x9ab9dc registers.esp: 1375476 registers.edi: 4294942052 registers.eax: 28188 registers.ebp: 3974275092 registers.edx: 58089 registers.ebx: 58327930 registers.esi: 10122079 registers.ecx: 10166698	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb e9 d8 02 00 00 b9 04 00 00 00 e9 88 fd ff ff exception.symbol: random+0x18d766 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1628006 exception.address: 0x9ad766 registers.esp: 1375476 registers.edi: 10146380 registers.eax: 10173399 registers.ebp: 3974275092 registers.edx: 4294943088 registers.ebx: 50665 registers.esi: 0 registers.ecx: 0	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb e9 df 06 00 00 b8 98 41 7f 37 25 07 81 df 4d exception.symbol: random+0x18e7c2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1632194 exception.address: 0x9ae7c2 registers.esp: 1375476 registers.edi: 10146380 registers.eax: 28320 registers.ebp: 3974275092 registers.edx: 134889 registers.ebx: 10155325 registers.esi: 0 registers.ecx: 0	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 81 ec 04 00 00 00 89 04 exception.symbol: random+0x199975 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1677685 exception.address: 0x9b9975 registers.esp: 1375468 registers.edi: 2829944 registers.eax: 1447909480 registers.ebp: 3974275092 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 10184789 registers.ecx: 20	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x19b4f4 exception.address: 0x9bb4f4 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 1684724 registers.esp: 1375468 registers.edi: 2829944 registers.eax: 1 registers.ebp: 3974275092 registers.edx: 22104 registers.ebx: 0 registers.esi: 10184789 registers.ecx: 20	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 93 2b a0 13 01 exception.symbol: random+0x19c525 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1688869 exception.address: 0x9bc525 registers.esp: 1375468 registers.edi: 2829944 registers.eax: 1447909480 registers.ebp: 3974275092 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 10184789 registers.ecx: 10	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 80 c9 e4 6a 00 57 e8 03 00 00 00 20 exception.symbol: random+0x19f445 exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 1700933 exception.address: 0x9bf445 registers.esp: 1375436 registers.edi: 0 registers.eax: 1375436 registers.ebp: 3974275092 registers.edx: 30836 registers.ebx: 10220952 registers.esi: 10 registers.ecx: 1662665901	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 50 b8 4e 63 d6 6f 81 ef f5 9b 8d 3e 81 ef 57 exception.symbol: random+0x19fdd1 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1703377 exception.address: 0x9bfdd1 registers.esp: 1375472 registers.edi: 10221830 registers.eax: 31133 registers.ebp: 3974275092 registers.edx: 4294803943 registers.ebx: 28914749 registers.esi: 4294803943 registers.ecx: 10221073	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb bb b8 34 bf 1d 57 bf be 6e ff 61 50 e9 d0 00 exception.symbol: random+0x19fe61 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1703521 exception.address: 0x9bfe61 registers.esp: 1375476 registers.edi: 10252963 registers.eax: 2283 registers.ebp: 3974275092 registers.edx: 4294939044 registers.ebx: 28914749 registers.esi: 4294803943 registers.ecx: 10221073	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb e9 4f 00 00 00 89 04 24 68 0a 0d bf 5d 58 55 exception.symbol: random+0x1a6f48 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1732424 exception.address: 0x9c6f48 registers.esp: 1375476 registers.edi: 10252963 registers.eax: 10277299 registers.ebp: 3974275092 registers.edx: 10219358 registers.ebx: 383775007 registers.esi: 4294803943 registers.ecx: 10219358	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 51 89 34 24 c7 04 24 74 30 b3 3b ff 0c 24 ff exception.symbol: random+0x1a70e9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1732841 exception.address: 0x9c70e9 registers.esp: 1375476 registers.edi: 10252963 registers.eax: 10277299 registers.ebp: 3974275092 registers.edx: 59733 registers.ebx: 383775007 registers.esi: 4294803943 registers.ecx: 4294944756	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 81 e9 dc ad 5b 57 03 0c 24 50 68 9c a0 f1 3d exception.symbol: random+0x1b2c00 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1780736 exception.address: 0x9d2c00 registers.esp: 1375464 registers.edi: 8563294 registers.eax: 26410 registers.ebp: 3974275092 registers.edx: 6 registers.ebx: 28914986 registers.esi: 1971262480 registers.ecx: 10298314	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 55 89 04 24 53 bb 0b 12 c2 26 89 d8 8b 1c 24 exception.symbol: random+0x1b2594 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1779092 exception.address: 0x9d2594 registers.esp: 1375468 registers.edi: 8563294 registers.eax: 26410 registers.ebp: 3974275092 registers.edx: 0 registers.ebx: 28914986 registers.esi: 585715794 registers.ecx: 10301252	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 eb e7 52 0f 89 0c 24 b9 b4 aa ff exception.symbol: random+0x1b478e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1787790 exception.address: 0x9d478e registers.esp: 1375468 registers.edi: 8563294 registers.eax: 0 registers.ebp: 3974275092 registers.edx: 197353 registers.ebx: 2006699407 registers.esi: 585715794 registers.ecx: 10309992	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 68 f3 f7 bd 57 e9 fe fc ff ff ba b7 86 7e 7d exception.symbol: random+0x1baae5 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1813221 exception.address: 0x9daae5 registers.esp: 1375464 registers.edi: 8563294 registers.eax: 29725 registers.ebp: 3974275092 registers.edx: 4294826996 registers.ebx: 1112712496 registers.esi: 10331142 registers.ecx: 804585472	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 53 68 a2 f3 73 7b e9 70 00 00 00 83 c4 04 81 exception.symbol: random+0x1babc3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1813443 exception.address: 0x9dabc3 registers.esp: 1375468 registers.edi: 8563294 registers.eax: 29725 registers.ebp: 3974275092 registers.edx: 4294826996 registers.ebx: 1112712496 registers.esi: 10360867 registers.ecx: 804585472	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 34 24 e9 42 ff ff ff 68 92 13 89 exception.symbol: random+0x1ba4d4 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1811668 exception.address: 0x9da4d4 registers.esp: 1375468 registers.edi: 1783979243 registers.eax: 29725 registers.ebp: 3974275092 registers.edx: 4294826996 registers.ebx: 1112712496 registers.esi: 10360867 registers.ecx: 4294940388	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 53 89 0c 24 50 c7 04 24 eb 90 1f 01 89 0c 24 exception.symbol: random+0x1d4b45 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1919813 exception.address: 0x9f4b45 registers.esp: 1375436 registers.edi: 1081810901 registers.eax: 30688 registers.ebp: 3974275092 registers.edx: 4294826996 registers.ebx: 10433422 registers.esi: 10433649 registers.ecx: 10469724	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 50 56 50 89 3c 24 bf 48 e8 6d 36 89 7c 24 04 exception.symbol: random+0x1d4d2c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1920300 exception.address: 0x9f4d2c registers.esp: 1375436 registers.edi: 1375758944 registers.eax: 30688 registers.ebp: 3974275092 registers.edx: 0 registers.ebx: 10433422 registers.esi: 10433649 registers.ecx: 10442272	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 81 ea 91 be f7 76 50 b8 b9 12 9f 69 e9 a7 fc exception.symbol: random+0x1d6033 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1925171 exception.address: 0x9f6033 registers.esp: 1375432 registers.edi: 10442926 registers.eax: 28609 registers.ebp: 3974275092 registers.edx: 10443460 registers.ebx: 10433422 registers.esi: 10442302 registers.ecx: 0	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 0c 24 c7 04 24 d1 13 67 exception.symbol: random+0x1d6128 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1925416 exception.address: 0x9f6128 registers.esp: 1375436 registers.edi: 1358981728 registers.eax: 28609 registers.ebp: 3974275092 registers.edx: 10472069 registers.ebx: 10433422 registers.esi: 10442302 registers.ecx: 4294941100	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 1c 24 53 c7 04 24 93 21 7b 4e 89 exception.symbol: random+0x1d758f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1930639 exception.address: 0x9f758f registers.esp: 1375436 registers.edi: 1358981728 registers.eax: 31673 registers.ebp: 3974275092 registers.edx: 10479701 registers.ebx: 187204504 registers.esi: 10442302 registers.ecx: 254798208	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 1c 24 c7 04 24 b8 4c 0f 5f 51 b9 exception.symbol: random+0x1d72a6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1929894 exception.address: 0x9f72a6 registers.esp: 1375436 registers.edi: 1622889301 registers.eax: 31673 registers.ebp: 3974275092 registers.edx: 10450621 registers.ebx: 187204504 registers.esi: 10442302 registers.ecx: 0	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 55 e9 27 00 00 00 bf 7f 57 fc 79 29 fe ff 34 exception.symbol: random+0x1d7ed5 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1933013 exception.address: 0x9f7ed5 registers.esp: 1375432 registers.edi: 1622889301 registers.eax: 27473 registers.ebp: 3974275092 registers.edx: 1025369107 registers.ebx: 10451047 registers.esi: 10442302 registers.ecx: 954085683	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 55 bd 71 9b f2 7d bb e8 b1 23 b6 e9 00 00 00 exception.symbol: random+0x1d826d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1933933 exception.address: 0x9f826d registers.esp: 1375436 registers.edi: 1622889301 registers.eax: 604277078 registers.ebp: 3974275092 registers.edx: 4294942460 registers.ebx: 10478520 registers.esi: 10442302 registers.ecx: 954085683	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 68 05 e4 5f 5a 89 14 24 51 68 a7 50 f1 7b e9 exception.symbol: random+0x1e49ac exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1984940 exception.address: 0xa049ac registers.esp: 1375432 registers.edi: 1622889301 registers.eax: 10501593 registers.ebp: 3974275092 registers.edx: 3 registers.ebx: 1976696832 registers.esi: 10442302 registers.ecx: 4	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb e9 ee fb ff ff 89 cf 59 29 fd 8b 3c 24 e9 b2 exception.symbol: random+0x1e467a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1984122 exception.address: 0xa0467a registers.esp: 1375436 registers.edi: 1622889301 registers.eax: 10531124 registers.ebp: 3974275092 registers.edx: 3 registers.ebx: 1976696832 registers.esi: 10442302 registers.ecx: 4	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 68 e2 8e b6 41 89 0c 24 b9 c7 74 76 7f 49 e9 exception.symbol: random+0x1e3fc7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1982407 exception.address: 0xa03fc7 registers.esp: 1375436 registers.edi: 1622889301 registers.eax: 10504688 registers.ebp: 3974275092 registers.edx: 24811 registers.ebx: 1976696832 registers.esi: 0 registers.ecx: 4	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 50 e9 a3 00 00 00 52 56 c7 04 24 f6 e5 fb 7f exception.symbol: random+0x1e92d6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2003670 exception.address: 0xa092d6 registers.esp: 1375436 registers.edi: 66537 registers.eax: 0 registers.ebp: 3974275092 registers.edx: 203 registers.ebx: 1976696832 registers.esi: 0 registers.ecx: 10524889	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 68 0c c5 3c 36 89 14 24 89 34 24 e9 94 fc ff exception.symbol: random+0x1ea4e3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2008291 exception.address: 0xa0a4e3 registers.esp: 1375436 registers.edi: 66537 registers.eax: 32483 registers.ebp: 3974275092 registers.edx: 203 registers.ebx: 18562401 registers.esi: 10558055 registers.ecx: 10524889	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 56 68 43 a2 20 33 89 04 24 e9 09 fd ff ff 55 exception.symbol: random+0x1ea4aa exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2008234 exception.address: 0xa0a4aa registers.esp: 1375436 registers.edi: 0 registers.eax: 607947094 registers.ebp: 3974275092 registers.edx: 203 registers.ebx: 18562401 registers.esi: 10528495 registers.ecx: 10524889	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 51 b9 a5 74 76 1f e9 44 f7 ff ff 8b 0c 24 52 exception.symbol: random+0x1eb236 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2011702 exception.address: 0xa0b236 registers.esp: 1375436 registers.edi: 0 registers.eax: 28051 registers.ebp: 3974275092 registers.edx: 664916743 registers.ebx: 18562401 registers.esi: 10528495 registers.ecx: 10556908	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 51 e9 ef 08 00 00 89 f9 89 ce e9 df 02 00 00 exception.symbol: random+0x1ea904 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2009348 exception.address: 0xa0a904 registers.esp: 1375436 registers.edi: 0 registers.eax: 0 registers.ebp: 3974275092 registers.edx: 33001 registers.ebx: 18562401 registers.esi: 10528495 registers.ecx: 10531708	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb e9 48 00 00 00 45 81 f5 02 09 20 78 e9 a5 03 exception.symbol: random+0x1f90bb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2068667 exception.address: 0xa190bb registers.esp: 1375432 registers.edi: 0 registers.eax: 10586806 registers.ebp: 3974275092 registers.edx: 8600852 registers.ebx: 10557519 registers.esi: 35373036 registers.ecx: 35373036	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 51 e9 80 00 00 00 31 5c 24 04 8b 1c 24 e9 8d exception.symbol: random+0x1f8c68 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2067560 exception.address: 0xa18c68 registers.esp: 1375436 registers.edi: 0 registers.eax: 10589458 registers.ebp: 3974275092 registers.edx: 8600852 registers.ebx: 607947089 registers.esi: 35373036 registers.ecx: 0	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb e9 c3 04 00 00 bf c9 c8 db 7f 29 fe 8b 3c 24 exception.symbol: random+0x1f9743 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2070339 exception.address: 0xa19743 registers.esp: 1375432 registers.edi: 0 registers.eax: 29658 registers.ebp: 3974275092 registers.edx: 274284134 registers.ebx: 607947089 registers.esi: 10589872 registers.ecx: 0	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 52 51 b9 ef bc f7 37 e9 d6 fe ff ff 8b 2c 24 exception.symbol: random+0x1f9fa4 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2072484 exception.address: 0xa19fa4 registers.esp: 1375436 registers.edi: 0 registers.eax: 29658 registers.ebp: 3974275092 registers.edx: 274284134 registers.ebx: 607947089 registers.esi: 10619530 registers.ecx: 0	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 3c 24 e9 c7 ff ff ff 52 89 e2 e9 exception.symbol: random+0x1f9912 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2070802 exception.address: 0xa19912 registers.esp: 1375436 registers.edi: 0 registers.eax: 0 registers.ebp: 3974275092 registers.edx: 1373997397 registers.ebx: 607947089 registers.esi: 10593094 registers.ecx: 0	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 50 89 34 24 89 3c 24 89 14 24 ba 51 56 b1 7b exception.symbol: random+0x20f749 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2160457 exception.address: 0xa2f749 registers.esp: 1375436 registers.edi: 10657510 registers.eax: 10707167 registers.ebp: 3974275092 registers.edx: 218196054 registers.ebx: 10633730 registers.esi: 10633726 registers.ecx: 4294941048	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 81 ee 18 22 6f 77 81 c6 00 6d 05 7f 52 ba c5 exception.symbol: random+0x20fbff exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2161663 exception.address: 0xa2fbff registers.esp: 1375432 registers.edi: 10657510 registers.eax: 31644 registers.ebp: 3974275092 registers.edx: 2072285177 registers.ebx: 922481495 registers.esi: 10681306 registers.ecx: 4294941048	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 51 89 e1 57 bf 04 00 00 00 e9 35 01 00 00 8b exception.symbol: random+0x2100f9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2162937 exception.address: 0xa300f9 registers.esp: 1375436 registers.edi: 10657510 registers.eax: 31644 registers.ebp: 3974275092 registers.edx: 2072285177 registers.ebx: 922481495 registers.esi: 10712950 registers.ecx: 4294941048	1
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: fb 50 89 e0 05 04 00 00 00 83 e8 04 87 04 24 5c exception.symbol: random+0x2102b4 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2163380 exception.address: 0xa302b4 registers.esp: 1375436 registers.edi: 10657510 registers.eax: 31644 registers.ebp: 3974275092 registers.edx: 82608465 registers.ebx: 922481495 registers.esi: 10684090 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 1209 events)

Time & API	Arguments	Status	Return
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74691000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75001000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75161000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75401000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75760000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b31000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d22000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74691000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x746912d0 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75001000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75001014 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75091000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75401000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x754017d0 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755f0000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75760000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75760070 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75a60000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b31000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b319a8 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d22000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d2224c process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x754b0000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b31000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b31394 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d21000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76b21000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74691000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74691188 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75001000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x750011c8 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75091000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x750910ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75161000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x751610e4 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75401000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7540180c process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755f0000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755f035c process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x754b0000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x754b0270 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b31000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b313a8 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d21000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d2124c process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76b21000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76b21198 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74691000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74691274 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Oct. 11, 2024, 11:13 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75001000 process_handle: 0xffffffff	1	0

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00001200', u'virtual_address': u'0x00002000', u'entropy': 7.777023194146983, u'name': u' \\x00 ', u'virtual_size': u'0x00004000'}

entropy

7.77702319415

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0019dc00', u'virtual_address': u'0x002ac000', u'entropy': 7.954499729168309, u'name': u'huqafuoy', u'virtual_size': u'0x0019e000'}

entropy

7.95449972917

description

A section with a high entropy has been found

entropy

0.992820819623

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Oct. 11, 2024, 11:13 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Expresses interest in specific running processes (1 event)

process

system

Communicates with host for which no DNS query was performed (1 event)

host

141.94.96.71

Attempts to stop active services (2 events)

Time & API	Arguments	Status	Return	Repeated
ControlService Oct. 11, 2024, 11:13 a.m.	service_handle: 0x00313dd0 service_name: WinDefend control_code: 1		0	0
ControlService Oct. 11, 2024, 11:13 a.m.	service_handle: 0x003142f8 service_name: wuauserv control_code: 1		0	0

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (44 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Oct. 11, 2024, 11:13 a.m.	class_name: pediy06 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Attempts to disable Windows Auto Updates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 11, 2024, 11:13 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 81 ec 04 00 00 00 89 04 exception.symbol: random+0x199975 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1677685 exception.address: 0x9b9975 registers.esp: 1375468 registers.edi: 2829944 registers.eax: 1447909480 registers.ebp: 3974275092 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 10184789 registers.ecx: 20	1	0	0

Disables Windows Security features (6 events)

description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection

File has been identified by 39 AntiVirus engines on VirusTotal as malicious (39 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Injurer.4!c
tehtris	Generic.Malware
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Generic.tc
Cylance	Unsafe
Sangfor	Trojan.Win32.Agent.Vka6
CrowdStrike	win/malicious_confidence_90% (D)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	MalwareX-gen [Trj]
Kaspersky	HEUR:Trojan.MSIL.Injurer.pef
Rising	Trojan.Injurer!8.1853D (CLOUD)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
McAfeeD	Real Protect-LS!9F875CD80EE2
Trapmine	malicious.high.ml.score
CTX	exe.trojan.crypt
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.9f875cd80ee26b55
Google	Detected
Avira	TR/Crypt.XPACK.Gen
Kingsoft	malware.kb.b.927
Gridinsoft	Trojan.Heur!.038120A1
Microsoft	TrojanDownloader:Win32/Upatre!ml
ZoneAlarm	HEUR:Trojan.MSIL.Injurer.pef
McAfee	Artemis!9F875CD80EE2
DeepInstinct	MALICIOUS
Malwarebytes	Malware.Heuristic.2025
Ikarus	Trojan.Crypt
Panda	Trj/Genetic.gen
Zoner	Probably Heur.ExeHeaderL
Tencent	Msil.Trojan.Injurer.Hflw
MaxSecure	Trojan.Malware.300983.susgen
AVG	MalwareX-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan:Win/Wacapew.C9nj

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All