Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 15, 2024, 1:43 p.m.	Nov. 15, 2024, 1:45 p.m.

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5b015748645c5df44a771f9fc6e136c3`
SHA256	`622c5cb9a11085da8240c94262f596b687b3ecc2bc805b7f5a01cc335f7df909`
CRC32	`A15E2BCD`
ssdeep	`49152:2wkR2JwQQ31jBTI0ynNWfoOMNGEQhNnhA6jrubp0vML:27R2UjVMNAgNGEQhXASrut0EL`
Yara	themida_packer - themida packer IsPE32 - (no description) PE_Header_Zero - PE File Signature

lum250.exe "C:\Users\test22\AppData\Local\Temp\lum250.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 15, 2024, 1:43 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (7 events)

section	\x00
section	.rsrc
section	.idata
section
section	qpkdcnmt
section	fefmebcy
section	.taggant

One or more processes crashed (50 out of 119 events)

Time & API	Arguments	Status
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: lum250+0x3020b9 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 3154105 exception.address: 0x6a20b9 registers.esp: 3274812 registers.edi: 0 registers.eax: 1 registers.ebp: 3274828 registers.edx: 8667136 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 56 89 1c 24 50 b8 21 98 cd 79 51 89 c1 89 cb exception.symbol: lum250+0x576d4 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 358100 exception.address: 0x3f76d4 registers.esp: 3274780 registers.edi: 606898512 registers.eax: 31975 registers.ebp: 3994177556 registers.edx: 3801088 registers.ebx: 4160398 registers.esi: 3 registers.ecx: 0	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb e9 4d 00 00 00 89 04 24 89 3c 24 53 68 13 53 exception.symbol: lum250+0x58254 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 361044 exception.address: 0x3f8254 registers.esp: 3274780 registers.edi: 238825 registers.eax: 4164075 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 4160398 registers.esi: 3 registers.ecx: 2037894835	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 50 89 0c 24 56 e9 36 00 00 00 87 04 24 5c 52 exception.symbol: lum250+0x1d33ea exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1913834 exception.address: 0x5733ea registers.esp: 3274776 registers.edi: 4197575 registers.eax: 5712909 registers.ebp: 3994177556 registers.edx: 2130566132 registers.ebx: 58327930 registers.esi: 5696297 registers.ecx: 890	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 56 89 e6 e9 17 00 00 00 55 e9 73 03 00 00 89 exception.symbol: lum250+0x1d2ddb exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1912283 exception.address: 0x572ddb registers.esp: 3274780 registers.edi: 4197575 registers.eax: 5742144 registers.ebp: 3994177556 registers.edx: 2130566132 registers.ebx: 58327930 registers.esi: 5696297 registers.ecx: 890	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb e9 a3 01 00 00 59 e9 0a 02 00 00 be c1 dc 0d exception.symbol: lum250+0x1d2fdf exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1912799 exception.address: 0x572fdf registers.esp: 3274780 registers.edi: 4197575 registers.eax: 5742144 registers.ebp: 3994177556 registers.edx: 4294940628 registers.ebx: 791273 registers.esi: 5696297 registers.ecx: 890	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 81 c2 ab 8f ee 7c 57 bf 8f 96 fe 7f e9 a6 ff exception.symbol: lum250+0x1d450f exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1918223 exception.address: 0x57450f registers.esp: 3274776 registers.edi: 4197575 registers.eax: 25645 registers.ebp: 3994177556 registers.edx: 5718956 registers.ebx: 791273 registers.esi: 5696297 registers.ecx: 922729863	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb e9 56 01 00 00 89 14 24 56 be 29 6f dc 73 68 exception.symbol: lum250+0x1d4703 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1918723 exception.address: 0x574703 registers.esp: 3274780 registers.edi: 4197575 registers.eax: 25645 registers.ebp: 3994177556 registers.edx: 5744601 registers.ebx: 791273 registers.esi: 5696297 registers.ecx: 922729863	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 68 9d 5d 29 30 89 04 24 89 1c 24 52 ba 86 53 exception.symbol: lum250+0x1d491b exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1919259 exception.address: 0x57491b registers.esp: 3274780 registers.edi: 0 registers.eax: 25645 registers.ebp: 3994177556 registers.edx: 5721993 registers.ebx: 50665 registers.esi: 5696297 registers.ecx: 922729863	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 53 e9 24 fc ff ff 57 89 34 24 be 04 00 00 00 exception.symbol: lum250+0x1dc7a3 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1951651 exception.address: 0x57c7a3 registers.esp: 3274780 registers.edi: 8859040 registers.eax: 1114345 registers.ebp: 3994177556 registers.edx: 5754221 registers.ebx: 0 registers.esi: 0 registers.ecx: 14288	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 53 e9 03 09 00 00 89 e0 exception.symbol: lum250+0x1e18d0 exception.instruction: in eax, dx exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1972432 exception.address: 0x5818d0 registers.esp: 3274772 registers.edi: 8859040 registers.eax: 1447909480 registers.ebp: 3994177556 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 5758385 registers.ecx: 20	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: lum250+0x1e1906 exception.address: 0x581906 exception.module: lum250.exe exception.exception_code: 0xc000001d exception.offset: 1972486 registers.esp: 3274772 registers.edi: 8859040 registers.eax: 1 registers.ebp: 3994177556 registers.edx: 22104 registers.ebx: 0 registers.esi: 5758385 registers.ecx: 20	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 80 3a 2d 12 01 exception.symbol: lum250+0x1e1d73 exception.instruction: in eax, dx exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1973619 exception.address: 0x581d73 registers.esp: 3274772 registers.edi: 8859040 registers.eax: 1447909480 registers.ebp: 3994177556 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 5758385 registers.ecx: 10	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: cd 01 eb 00 f5 6a 00 56 e8 03 00 00 00 20 5e c3 exception.symbol: lum250+0x1e6bb8 exception.instruction: int 1 exception.module: lum250.exe exception.exception_code: 0xc0000005 exception.offset: 1993656 exception.address: 0x586bb8 registers.esp: 3274740 registers.edi: 0 registers.eax: 3274740 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 5795123 registers.esi: 27040 registers.ecx: 830945792	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 51 e9 90 00 00 00 87 04 24 8b 24 24 81 fb dc exception.symbol: lum250+0x1e73e2 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1995746 exception.address: 0x5873e2 registers.esp: 3274776 registers.edi: 5795780 registers.eax: 30638 registers.ebp: 3994177556 registers.edx: 2130566132 registers.ebx: 9661234 registers.esi: 10 registers.ecx: 2056782080	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 51 54 ff 34 24 59 56 89 e6 81 c6 04 00 00 00 exception.symbol: lum250+0x1e783b exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1996859 exception.address: 0x58783b registers.esp: 3274780 registers.edi: 5826418 registers.eax: 30638 registers.ebp: 3994177556 registers.edx: 2130566132 registers.ebx: 9661234 registers.esi: 10 registers.ecx: 2056782080	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb b8 1d 01 7f 7f 2d 00 b2 f5 7f 05 5a 15 ef 7e exception.symbol: lum250+0x1e73fb exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1995771 exception.address: 0x5873fb registers.esp: 3274780 registers.edi: 5826418 registers.eax: 30638 registers.ebp: 3994177556 registers.edx: 2283 registers.ebx: 4294939356 registers.esi: 10 registers.ecx: 2056782080	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb e9 84 01 00 00 5a 29 c7 51 b9 f1 82 ff 5d e9 exception.symbol: lum250+0x1eea3b exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2026043 exception.address: 0x58ea3b registers.esp: 3274776 registers.edi: 5825274 registers.eax: 28434 registers.ebp: 3994177556 registers.edx: 654654 registers.ebx: 4294939356 registers.esi: 10 registers.ecx: 5816023	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 50 89 2c 24 89 e5 53 50 89 3c 24 56 e9 be 02 exception.symbol: lum250+0x1ee3e3 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2024419 exception.address: 0x58e3e3 registers.esp: 3274780 registers.edi: 5853708 registers.eax: 28434 registers.ebp: 3994177556 registers.edx: 654654 registers.ebx: 4294939356 registers.esi: 10 registers.ecx: 5816023	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 68 1d d0 38 55 e9 2e 00 00 00 01 eb 5d 01 df exception.symbol: lum250+0x1ee8b6 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2025654 exception.address: 0x58e8b6 registers.esp: 3274780 registers.edi: 5828328 registers.eax: 28434 registers.ebp: 3994177556 registers.edx: 654654 registers.ebx: 0 registers.esi: 604292951 registers.ecx: 5816023	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb e9 65 01 00 00 5b 81 c6 03 f2 0d 08 e9 f5 00 exception.symbol: lum250+0x1fb210 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2077200 exception.address: 0x59b210 registers.esp: 3274772 registers.edi: 604292946 registers.eax: 32413 registers.ebp: 3994177556 registers.edx: 6 registers.ebx: 100901 registers.esi: 4294937640 registers.ecx: 5909842	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 53 89 34 24 be 11 1b 00 00 68 89 99 e0 6f 89 exception.symbol: lum250+0x1fc0ab exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2080939 exception.address: 0x59c0ab registers.esp: 3274772 registers.edi: 604292946 registers.eax: 5911085 registers.ebp: 3994177556 registers.edx: 294251611 registers.ebx: 765160052 registers.esi: 4294937640 registers.ecx: 5909842	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 1c 24 57 bf ae 93 3b 19 81 c7 7f exception.symbol: lum250+0x1fc3aa exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2081706 exception.address: 0x59c3aa registers.esp: 3274772 registers.edi: 604292946 registers.eax: 5883369 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 701673 registers.esi: 4294937640 registers.ecx: 5909842	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 57 bf 00 bb ad 76 4f e9 94 02 00 00 59 81 ea exception.symbol: lum250+0x1ff369 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2093929 exception.address: 0x59f369 registers.esp: 3274768 registers.edi: 604292946 registers.eax: 28672 registers.ebp: 3994177556 registers.edx: 1274287689 registers.ebx: 701673 registers.esi: 4294937640 registers.ecx: 5893824	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 2c 24 53 bb 06 8e f3 7f exception.symbol: lum250+0x1ff48a exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2094218 exception.address: 0x59f48a registers.esp: 3274772 registers.edi: 604292946 registers.eax: 4294941544 registers.ebp: 3994177556 registers.edx: 605325655 registers.ebx: 701673 registers.esi: 4294937640 registers.ecx: 5922496	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 53 bb 43 bc fe 6f 56 50 e9 fb 01 00 00 81 ef exception.symbol: lum250+0x225af2 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2251506 exception.address: 0x5c5af2 registers.esp: 3274736 registers.edi: 6038634 registers.eax: 6050252 registers.ebp: 3994177556 registers.edx: 2130566132 registers.ebx: 128 registers.esi: 6067532 registers.ecx: 2136614544	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 51 e9 2a 02 00 00 89 24 24 83 04 24 04 8b 1c exception.symbol: lum250+0x225a4f exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2251343 exception.address: 0x5c5a4f registers.esp: 3274740 registers.edi: 604292950 registers.eax: 6053121 registers.ebp: 3994177556 registers.edx: 2130566132 registers.ebx: 128 registers.esi: 0 registers.ecx: 2136614544	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 50 e9 76 fa ff ff 31 14 24 33 14 24 e9 fb 01 exception.symbol: lum250+0x22aafd exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2271997 exception.address: 0x5caafd registers.esp: 3274736 registers.edi: 604292950 registers.eax: 30655 registers.ebp: 3994177556 registers.edx: 2130566132 registers.ebx: 1245839424 registers.esi: 6070567 registers.ecx: 2136634960	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb e9 a1 f7 ff ff 68 70 fe f2 3b 8b 34 24 83 c4 exception.symbol: lum250+0x22ad55 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2272597 exception.address: 0x5cad55 registers.esp: 3274740 registers.edi: 604292950 registers.eax: 30655 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 1245839424 registers.esi: 6073814 registers.ecx: 2298801283	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 56 e9 13 04 00 00 52 ba 71 d4 d7 7d 55 bd ed exception.symbol: lum250+0x22b101 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2273537 exception.address: 0x5cb101 registers.esp: 3274740 registers.edi: 604292950 registers.eax: 28285 registers.ebp: 3994177556 registers.edx: 1386631178 registers.ebx: 1245839424 registers.esi: 6073814 registers.ecx: 6102569	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 68 e2 07 9b 72 89 04 24 89 3c 24 89 04 24 68 exception.symbol: lum250+0x22b76b exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2275179 exception.address: 0x5cb76b registers.esp: 3274740 registers.edi: 6154579 registers.eax: 28285 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 1245839424 registers.esi: 6073814 registers.ecx: 6077165	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 68 8e e1 b5 16 89 3c 24 89 e7 81 c7 04 00 00 exception.symbol: lum250+0x22c707 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2279175 exception.address: 0x5cc707 registers.esp: 3274736 registers.edi: 6154579 registers.eax: 6077583 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 1758761536 registers.esi: 6073814 registers.ecx: 6077165	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 51 68 3d 99 df 58 59 56 50 e9 43 00 00 00 58 exception.symbol: lum250+0x22c3e8 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2278376 exception.address: 0x5cc3e8 registers.esp: 3274740 registers.edi: 6154579 registers.eax: 6105130 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 1758761536 registers.esi: 6073814 registers.ecx: 6077165	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 55 bd 04 14 cc 08 e9 d4 fd ff ff ba 00 e1 bd exception.symbol: lum250+0x22c4c7 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2278599 exception.address: 0x5cc4c7 registers.esp: 3274740 registers.edi: 0 registers.eax: 6081018 registers.ebp: 3994177556 registers.edx: 1459645024 registers.ebx: 1758761536 registers.esi: 6073814 registers.ecx: 6077165	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 81 e9 ce 33 75 7f 68 fa 72 65 24 89 14 24 51 exception.symbol: lum250+0x2311f1 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2298353 exception.address: 0x5d11f1 registers.esp: 3274736 registers.edi: 6081714 registers.eax: 31096 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 4164280 registers.esi: 6081046 registers.ecx: 6098437	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 57 e9 1d 00 00 00 ff 34 24 59 83 c4 04 e9 7e exception.symbol: lum250+0x2316f0 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2299632 exception.address: 0x5d16f0 registers.esp: 3274740 registers.edi: 6081714 registers.eax: 31096 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 4164280 registers.esi: 6081046 registers.ecx: 6129533	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 56 be 5e 6f fb 3d e9 fa fc ff ff 89 04 24 89 exception.symbol: lum250+0x2313e0 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2298848 exception.address: 0x5d13e0 registers.esp: 3274740 registers.edi: 6081714 registers.eax: 44777 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 4164280 registers.esi: 6081046 registers.ecx: 6100861	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 81 ea 50 73 fa 7f e9 12 00 00 00 83 c0 04 87 exception.symbol: lum250+0x232077 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2302071 exception.address: 0x5d2077 registers.esp: 3274736 registers.edi: 6081714 registers.eax: 30885 registers.ebp: 3994177556 registers.edx: 6101424 registers.ebx: 689116216 registers.esi: 6081046 registers.ecx: 2081854374	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 47 f5 ff ff f7 d1 e9 00 00 00 00 exception.symbol: lum250+0x2324a8 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2303144 exception.address: 0x5d24a8 registers.esp: 3274740 registers.edi: 6081714 registers.eax: 30885 registers.ebp: 3994177556 registers.edx: 6132309 registers.ebx: 4294939420 registers.esi: 24811 registers.ecx: 2081854374	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb e9 e4 fc ff ff 89 ca 59 e9 34 01 00 00 be 07 exception.symbol: lum250+0x2346d2 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2311890 exception.address: 0x5d46d2 registers.esp: 3274736 registers.edi: 6081714 registers.eax: 6111861 registers.ebp: 3994177556 registers.edx: 1235366887 registers.ebx: 4294939420 registers.esi: 24811 registers.ecx: 801144405	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 55 50 89 3c 24 bf e1 14 5d 7b 89 fd 5f 53 bb exception.symbol: lum250+0x23479e exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2312094 exception.address: 0x5d479e registers.esp: 3274740 registers.edi: 6081714 registers.eax: 6114736 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 4294939420 registers.esi: 81129 registers.ecx: 801144405	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 81 ee b4 9c ff 4f e9 8b 05 00 00 5c 89 2c 24 exception.symbol: lum250+0x235c35 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2317365 exception.address: 0x5d5c35 registers.esp: 3274736 registers.edi: 543348978 registers.eax: 28612 registers.ebp: 3994177556 registers.edx: 755344254 registers.ebx: 4294939421 registers.esi: 6118320 registers.ecx: 248	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 57 89 14 24 c7 04 24 d5 79 3f 7f 81 24 24 9c exception.symbol: lum250+0x235d02 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2317570 exception.address: 0x5d5d02 registers.esp: 3274740 registers.edi: 543348978 registers.eax: 28612 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 157417 registers.esi: 6121252 registers.ecx: 248	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 68 60 a9 41 4c 89 3c 24 bf 63 4f 93 57 81 cf exception.symbol: lum250+0x2458b7 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2382007 exception.address: 0x5e58b7 registers.esp: 3274736 registers.edi: 6161120 registers.eax: 32687 registers.ebp: 3994177556 registers.edx: 2130566132 registers.ebx: 1971716070 registers.esi: 6182207 registers.ecx: 0	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 50 89 2c 24 89 e5 e9 ef f7 ff ff 83 ed 04 87 exception.symbol: lum250+0x246056 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2383958 exception.address: 0x5e6056 registers.esp: 3274740 registers.edi: 6161120 registers.eax: 32687 registers.ebp: 3994177556 registers.edx: 2130566132 registers.ebx: 1971716070 registers.esi: 6214894 registers.ecx: 0	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 68 e8 4e 5e 23 89 1c 24 bb b5 d2 ff 75 e9 87 exception.symbol: lum250+0x245e65 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2383461 exception.address: 0x5e5e65 registers.esp: 3274740 registers.edi: 6161120 registers.eax: 32687 registers.ebp: 3994177556 registers.edx: 1057725288 registers.ebx: 1971716070 registers.esi: 6214894 registers.ecx: 4294937928	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 53 bb 80 c9 af 5e 81 eb 16 14 e6 20 e9 89 08 exception.symbol: lum250+0x24bfde exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2408414 exception.address: 0x5ebfde registers.esp: 3274736 registers.edi: 3997979380 registers.eax: 25392 registers.ebp: 3994177556 registers.edx: 533722538 registers.ebx: 536903955 registers.esi: 6209436 registers.ecx: 539918775	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 52 89 e2 68 a8 a4 38 28 89 04 24 b8 53 33 f7 exception.symbol: lum250+0x24c32d exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2409261 exception.address: 0x5ec32d registers.esp: 3274740 registers.edi: 3924199766 registers.eax: 25392 registers.ebp: 3994177556 registers.edx: 533722538 registers.ebx: 536903955 registers.esi: 6212148 registers.ecx: 0	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 53 89 0c 24 55 c7 04 24 52 62 b7 13 e9 20 00 exception.symbol: lum250+0x25b42c exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2470956 exception.address: 0x5fb42c registers.esp: 3274740 registers.edi: 6250838 registers.eax: 26718 registers.ebp: 3994177556 registers.edx: 0 registers.ebx: 6274679 registers.esi: 2041473106 registers.ecx: 2056781824	1
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: fb 53 68 8b 66 4f 27 89 2c 24 c7 04 24 b1 67 f6 exception.symbol: lum250+0x269262 exception.instruction: sti exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 2527842 exception.address: 0x609262 registers.esp: 3274736 registers.edi: 6288063 registers.eax: 6326418 registers.ebp: 3994177556 registers.edx: 108 registers.ebx: 1162273935 registers.esi: 3780135553 registers.ecx: 109	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 151552 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x021a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x021b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02200000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02250000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02360000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02360000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02360000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02360000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02360000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2024, 1:43 p.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02360000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00024a00', u'virtual_address': u'0x00001000', u'entropy': 7.978178618981432, u'name': u' \\x00 ', u'virtual_size': u'0x00052000'}

entropy

7.97817861898

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x001a0a00', u'virtual_address': u'0x00302000', u'entropy': 7.953690052272648, u'name': u'qpkdcnmt', u'virtual_size': u'0x001a1000'}

entropy

7.95369005227

description

A section with a high entropy has been found

entropy

0.99424184261

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Nov. 15, 2024, 1:43 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Nov. 15, 2024, 1:43 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 53 e9 03 09 00 00 89 e0 exception.symbol: lum250+0x1e18d0 exception.instruction: in eax, dx exception.module: lum250.exe exception.exception_code: 0xc0000096 exception.offset: 1972432 exception.address: 0x5818d0 registers.esp: 3274772 registers.edi: 8859040 registers.eax: 1447909480 registers.ebp: 3994177556 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 5758385 registers.ecx: 20	1	0	0

File has been identified by 27 AntiVirus engines on VirusTotal as malicious (27 events)

Bkav	W32.AIDetectMalware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.tc
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Miner.vho
F-Secure	Trojan.TR/Crypt.ZPACK.Gen
McAfeeD	Real Protect-LS!5B015748645C
Trapmine	malicious.high.ml.score
Sophos	ML/PE-A
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.5b015748645c5df4
Google	Detected
Avira	TR/Crypt.ZPACK.Gen
Gridinsoft	Trojan.Heur!.03A120A1
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan.Win32.Miner.vho
Varist	W32/Themida.CT.gen!Eldorado
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.Amadey
Zoner	Probably Heur.ExeHeaderL
MaxSecure	Trojan.Malware.300983.susgen

lum250.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All