Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 22, 2024, 3:01 p.m.	Nov. 22, 2024, 3:07 p.m.

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fa351b72ffb13bfc332a25a57a7f075f`
SHA256	`d2c90431f09fc7818c5afb43bbec077fc29544ddcb786bc655a82d1c33e20cdc`
CRC32	`78A2A3B4`
ssdeep	`49152:qNFAC46Ru2ir1Vp0ypUUbVihkrFC6TXj1oPTRzlDPjA7Q1:oACvIBp7p7icEFPR`
Yara	themida_packer - themida packer IsPE32 - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file

L.exe "C:\Users\test22\AppData\Local\Temp\L.exe"
652

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 22, 2024, 3:01 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	cidpiplc
section	jxyhxqqw
section	.taggant

One or more processes crashed (50 out of 116 events)

Time & API	Arguments	Status
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: l+0x3080b9 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 3178681 exception.address: 0x13580b9 registers.esp: 3800216 registers.edi: 0 registers.eax: 1 registers.ebp: 3800232 registers.edx: 21995520 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 29 db ff 34 3b 8b 0c 24 55 54 5d 81 c5 04 00 exception.symbol: l+0x5a4f8 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 369912 exception.address: 0x10aa4f8 registers.esp: 3800184 registers.edi: 17504106 registers.eax: 31081 registers.ebp: 4007493652 registers.edx: 17104896 registers.ebx: 1218065206 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 34 24 89 0c 24 52 68 b9 exception.symbol: l+0x5a054 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 368724 exception.address: 0x10aa054 registers.esp: 3800184 registers.edi: 17504106 registers.eax: 31081 registers.ebp: 4007493652 registers.edx: 17104896 registers.ebx: 4294938892 registers.esi: 3 registers.ecx: 233705	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb e9 90 05 00 00 5b 83 c4 04 e9 8a fd ff ff ff exception.symbol: l+0x5b05e exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 372830 exception.address: 0x10ab05e registers.esp: 3800184 registers.edi: 17504106 registers.eax: 31704 registers.ebp: 4007493652 registers.edx: 878060790 registers.ebx: 4294938892 registers.esi: 3 registers.ecx: 17508679	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 0c 24 89 1c 24 89 34 24 exception.symbol: l+0x5b043 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 372803 exception.address: 0x10ab043 registers.esp: 3800184 registers.edi: 17504106 registers.eax: 31704 registers.ebp: 4007493652 registers.edx: 0 registers.ebx: 4294938892 registers.esi: 1259 registers.ecx: 17480387	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 81 c2 ad 9e e3 2b 50 89 0c 24 b9 47 50 dd 7f exception.symbol: l+0x1d5a11 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 1923601 exception.address: 0x1225a11 registers.esp: 3800180 registers.edi: 17513120 registers.eax: 33203 registers.ebp: 4007493652 registers.edx: 19026031 registers.ebx: 61408169 registers.esi: 19008980 registers.ecx: 937	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 68 15 a6 05 5c e9 49 06 00 00 5d 41 e9 9f 02 exception.symbol: l+0x1d51ce exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 1921486 exception.address: 0x12251ce registers.esp: 3800184 registers.edi: 17513120 registers.eax: 92905 registers.ebp: 4007493652 registers.edx: 19029254 registers.ebx: 0 registers.esi: 19008980 registers.ecx: 937	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 50 e9 a8 04 00 00 29 ca e9 b1 ff ff ff 81 ef exception.symbol: l+0x1d6ac2 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 1927874 exception.address: 0x1226ac2 registers.esp: 3800180 registers.edi: 17513120 registers.eax: 24829 registers.ebp: 4007493652 registers.edx: 1276541551 registers.ebx: 393675313 registers.esi: 19008980 registers.ecx: 19032675	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 3c 24 50 51 68 46 e4 bf exception.symbol: l+0x1d7102 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 1929474 exception.address: 0x1227102 registers.esp: 3800184 registers.edi: 17513120 registers.eax: 24829 registers.ebp: 4007493652 registers.edx: 1276541551 registers.ebx: 1549541099 registers.esi: 4294944792 registers.ecx: 19057504	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 50 56 be 96 9b e7 69 81 c6 5b 76 63 7f e9 d2 exception.symbol: l+0x1dce34 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 1953332 exception.address: 0x122ce34 registers.esp: 3800180 registers.edi: 7089747 registers.eax: 29349 registers.ebp: 4007493652 registers.edx: 95 registers.ebx: 19056457 registers.esi: 0 registers.ecx: 1971442156	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 56 89 0c 24 e9 e8 06 00 00 68 19 d5 57 5f e9 exception.symbol: l+0x1dc88d exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 1951885 exception.address: 0x122c88d registers.esp: 3800184 registers.edi: 7089747 registers.eax: 29349 registers.ebp: 4007493652 registers.edx: 1259 registers.ebx: 19059410 registers.esi: 0 registers.ecx: 0	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 56 e9 00 00 00 00 c7 04 exception.symbol: l+0x1e6132 exception.instruction: in eax, dx exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 1990962 exception.address: 0x1236132 registers.esp: 3800176 registers.edi: 7089747 registers.eax: 1447909480 registers.ebp: 4007493652 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 19071246 registers.ecx: 20	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: l+0x1e2ae2 exception.address: 0x1232ae2 exception.module: L.exe exception.exception_code: 0xc000001d exception.offset: 1977058 registers.esp: 3800176 registers.edi: 7089747 registers.eax: 1 registers.ebp: 4007493652 registers.edx: 22104 registers.ebx: 0 registers.esi: 19071246 registers.ecx: 20	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 b7 2a 2d 12 01 exception.symbol: l+0x1e3810 exception.instruction: in eax, dx exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 1980432 exception.address: 0x1233810 registers.esp: 3800176 registers.edi: 7089747 registers.eax: 1447909480 registers.ebp: 4007493652 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 19071246 registers.ecx: 10	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: cd 01 eb 00 e9 0a 00 00 00 ce 46 01 fa e9 ba 89 exception.symbol: l+0x1e8f90 exception.instruction: int 1 exception.module: L.exe exception.exception_code: 0xc0000005 exception.offset: 2002832 exception.address: 0x1238f90 registers.esp: 3800144 registers.edi: 0 registers.eax: 3800144 registers.ebp: 4007493652 registers.edx: 19084347 registers.ebx: 19108010 registers.esi: 573833344 registers.ecx: 19107921	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 55 89 04 24 89 3c 24 89 34 24 51 89 04 24 b8 exception.symbol: l+0x1e9b30 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2005808 exception.address: 0x1239b30 registers.esp: 3800184 registers.edi: 7089747 registers.eax: 30336 registers.ebp: 4007493652 registers.edx: 2283 registers.ebx: 4294939612 registers.esi: 32641 registers.ecx: 19139095	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 81 c6 51 f3 ef 3c 81 ee db ef fd 7a e9 6c 01 exception.symbol: l+0x1f0ca8 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2034856 exception.address: 0x1240ca8 registers.esp: 3800180 registers.edi: 7089747 registers.eax: 28675 registers.ebp: 4007493652 registers.edx: 19106601 registers.ebx: 4294939612 registers.esi: 19139194 registers.ecx: 19106601	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 55 89 0c 24 e9 67 02 00 00 50 e9 53 02 00 00 exception.symbol: l+0x1f0bc9 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2034633 exception.address: 0x1240bc9 registers.esp: 3800184 registers.edi: 7089747 registers.eax: 82608982 registers.ebp: 4007493652 registers.edx: 4294941476 registers.ebx: 4294939612 registers.esi: 19167869 registers.ecx: 19106601	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 56 89 e6 81 c6 04 00 00 00 81 ee 04 00 00 00 exception.symbol: l+0x1fbe7a exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2080378 exception.address: 0x124be7a registers.esp: 3800176 registers.edi: 17466486 registers.eax: 25245 registers.ebp: 4007493652 registers.edx: 19210481 registers.ebx: 594921 registers.esi: 1971262480 registers.ecx: 4294944592	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 3c 24 bf 69 0c d7 3f 52 exception.symbol: l+0x1fe5df exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2090463 exception.address: 0x124e5df registers.esp: 3800172 registers.edi: 17466486 registers.eax: 19192800 registers.ebp: 4007493652 registers.edx: 19210481 registers.ebx: 594921 registers.esi: 1971262480 registers.ecx: 19210481	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 55 89 0c 24 b9 7c 9c fe 3a 49 52 e9 66 08 00 exception.symbol: l+0x1fdd14 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2088212 exception.address: 0x124dd14 registers.esp: 3800176 registers.edi: 17466486 registers.eax: 19224717 registers.ebp: 4007493652 registers.edx: 19210481 registers.ebx: 594921 registers.esi: 1971262480 registers.ecx: 19210481	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 53 54 5b 81 c3 04 00 00 00 50 b8 04 00 00 00 exception.symbol: l+0x1fe2f2 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2089714 exception.address: 0x124e2f2 registers.esp: 3800176 registers.edi: 2298801283 registers.eax: 19224717 registers.ebp: 4007493652 registers.edx: 19210481 registers.ebx: 594921 registers.esi: 4294938152 registers.ecx: 19210481	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 b8 00 ef d6 7b e9 4a 00 00 exception.symbol: l+0x200dfa exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2100730 exception.address: 0x1250dfa registers.esp: 3800172 registers.edi: 19203488 registers.eax: 30715 registers.ebp: 4007493652 registers.edx: 470870037 registers.ebx: 594921 registers.esi: 4294938152 registers.ecx: 19210481	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 56 c7 04 24 ba c7 5e 40 89 1c 24 89 e3 e9 2b exception.symbol: l+0x200674 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2098804 exception.address: 0x1250674 registers.esp: 3800176 registers.edi: 19234203 registers.eax: 30715 registers.ebp: 4007493652 registers.edx: 470870037 registers.ebx: 594921 registers.esi: 4294938152 registers.ecx: 19210481	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 52 e9 60 04 00 00 01 c3 e9 a8 09 00 00 5b 53 exception.symbol: l+0x2005cd exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2098637 exception.address: 0x12505cd registers.esp: 3800176 registers.edi: 19206307 registers.eax: 0 registers.ebp: 4007493652 registers.edx: 470870037 registers.ebx: 594921 registers.esi: 2298801283 registers.ecx: 19210481	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 50 55 e9 15 01 00 00 5b e9 c7 00 00 00 b9 b7 exception.symbol: l+0x20fe0f exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2162191 exception.address: 0x125fe0f registers.esp: 3800176 registers.edi: 0 registers.eax: 28568 registers.ebp: 4007493652 registers.edx: 251662893 registers.ebx: 19295214 registers.esi: 0 registers.ecx: 1369112576	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 52 c7 04 24 ea c7 1f 23 89 2c 24 81 ec 04 00 exception.symbol: l+0x20ff15 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2162453 exception.address: 0x125ff15 registers.esp: 3800176 registers.edi: 1392536160 registers.eax: 28568 registers.ebp: 4007493652 registers.edx: 251662893 registers.ebx: 19269914 registers.esi: 0 registers.ecx: 1369112576	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 53 89 04 24 89 0c 24 89 14 24 e9 00 00 00 00 exception.symbol: l+0x222d4a exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2239818 exception.address: 0x1272d4a registers.esp: 3800144 registers.edi: 19340010 registers.eax: 26802 registers.ebp: 4007493652 registers.edx: 95840343 registers.ebx: 4294943244 registers.esi: 19369002 registers.ecx: 0	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb e9 51 02 00 00 33 1c 24 31 1c 24 e9 54 04 00 exception.symbol: l+0x2232f8 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2241272 exception.address: 0x12732f8 registers.esp: 3800144 registers.edi: 19340010 registers.eax: 2757480 registers.ebp: 4007493652 registers.edx: 19374242 registers.ebx: 4294943244 registers.esi: 4294940912 registers.ecx: 395427955	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 57 89 14 24 50 b8 76 dc f6 71 ba aa f3 c3 0d exception.symbol: l+0x225968 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2251112 exception.address: 0x1275968 registers.esp: 3800140 registers.edi: 19340010 registers.eax: 19353895 registers.ebp: 4007493652 registers.edx: 1044791671 registers.ebx: 4275618574 registers.esi: 4294962246 registers.ecx: 1064143667	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 68 0f 22 44 2a e9 00 00 00 00 89 1c 24 56 e9 exception.symbol: l+0x22597d exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2251133 exception.address: 0x127597d registers.esp: 3800144 registers.edi: 0 registers.eax: 19356864 registers.ebp: 4007493652 registers.edx: 1044791671 registers.ebx: 4275618574 registers.esi: 4294962246 registers.ecx: 2355061096	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 55 89 e5 51 b9 26 ea ef 7f e9 00 00 00 00 81 exception.symbol: l+0x2266eb exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2254571 exception.address: 0x12766eb registers.esp: 3800144 registers.edi: 0 registers.eax: 19382744 registers.ebp: 4007493652 registers.edx: 1044791671 registers.ebx: 504906091 registers.esi: 4294962246 registers.ecx: 1337032361	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb ba a0 31 f8 7d 81 c2 42 a8 df 36 56 be 2d 51 exception.symbol: l+0x226739 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2254649 exception.address: 0x1276739 registers.esp: 3800144 registers.edi: 0 registers.eax: 19360200 registers.ebp: 4007493652 registers.edx: 717725069 registers.ebx: 504906091 registers.esi: 4294962246 registers.ecx: 0	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 34 24 be 91 93 ff 75 81 exception.symbol: l+0x22d12c exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2281772 exception.address: 0x127d12c registers.esp: 3800140 registers.edi: 0 registers.eax: 28836 registers.ebp: 4007493652 registers.edx: 19375546 registers.ebx: 19383875 registers.esi: 4294962246 registers.ecx: 1969225870	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 52 c7 04 24 7c 57 9a 55 89 14 24 56 e9 c9 00 exception.symbol: l+0x22c725 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2279205 exception.address: 0x127c725 registers.esp: 3800144 registers.edi: 0 registers.eax: 28836 registers.ebp: 4007493652 registers.edx: 19375546 registers.ebx: 19412711 registers.esi: 1526114920 registers.ecx: 4294941444	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 68 7d 5f 29 6a 89 1c 24 e9 05 09 00 00 8b 0c exception.symbol: l+0x22d532 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2282802 exception.address: 0x127d532 registers.esp: 3800144 registers.edi: 3939837675 registers.eax: 19390470 registers.ebp: 4007493652 registers.edx: 19375546 registers.ebx: 1810470233 registers.esi: 1526114920 registers.ecx: 0	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 14 24 ba 3a 42 c3 3b e9 3d 03 00 exception.symbol: l+0x22f4b2 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2290866 exception.address: 0x127f4b2 registers.esp: 3800144 registers.edi: 445405799 registers.eax: 322689 registers.ebp: 4007493652 registers.edx: 19424783 registers.ebx: 1810470234 registers.esi: 19391135 registers.ecx: 4294939260	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 68 35 9a fd 18 89 34 24 50 89 1c 24 e9 5d 00 exception.symbol: l+0x234e93 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2313875 exception.address: 0x1284e93 registers.esp: 3800144 registers.edi: 1390643539 registers.eax: 19445253 registers.ebp: 4007493652 registers.edx: 2130566132 registers.ebx: 2147483650 registers.esi: 19398307 registers.ecx: 4294943904	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 56 56 89 14 24 89 3c 24 bf c7 71 d6 5f 51 89 exception.symbol: l+0x24e612 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2418194 exception.address: 0x129e612 registers.esp: 3800144 registers.edi: 995818469 registers.eax: 25598 registers.ebp: 4007493652 registers.edx: 4294944456 registers.ebx: 19546426 registers.esi: 984491020 registers.ecx: 607422800	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 55 89 3c 24 bf 15 cd f1 7e 56 e9 c6 f9 ff ff exception.symbol: l+0x254635 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2442805 exception.address: 0x12a4635 registers.esp: 3800144 registers.edi: 19524929 registers.eax: 27797 registers.ebp: 4007493652 registers.edx: 2022520 registers.ebx: 383992073 registers.esi: 19573801 registers.ecx: 1369112576	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 57 89 14 24 51 c7 04 24 9f 91 bf 6f ff 0c 24 exception.symbol: l+0x254612 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2442770 exception.address: 0x12a4612 registers.esp: 3800144 registers.edi: 19524929 registers.eax: 0 registers.ebp: 4007493652 registers.edx: 2022520 registers.ebx: 383992073 registers.esi: 19548841 registers.ecx: 1232234577	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 68 9d 9e f4 76 89 0c 24 83 ec 04 89 14 24 ba exception.symbol: l+0x255036 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2445366 exception.address: 0x12a5036 registers.esp: 3800140 registers.edi: 19524929 registers.eax: 30025 registers.ebp: 4007493652 registers.edx: 19549174 registers.ebx: 383992073 registers.esi: 19548841 registers.ecx: 223530402	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 83 ec 04 89 34 24 52 c7 04 24 exception.symbol: l+0x254e3d exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2444861 exception.address: 0x12a4e3d registers.esp: 3800144 registers.edi: 19524929 registers.eax: 59728 registers.ebp: 4007493652 registers.edx: 19552175 registers.ebx: 383992073 registers.esi: 0 registers.ecx: 223530402	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 81 c6 05 ba dd 76 81 ec 04 00 00 00 e9 36 fc exception.symbol: l+0x263106 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2502918 exception.address: 0x12b3106 registers.esp: 3800140 registers.edi: 995818469 registers.eax: 33035 registers.ebp: 4007493652 registers.edx: 1625 registers.ebx: 19582553 registers.esi: 19605565 registers.ecx: 19228417	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 53 56 c7 04 24 ae 8d f1 7d 81 ec 04 00 00 00 exception.symbol: l+0x262e0b exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2502155 exception.address: 0x12b2e0b registers.esp: 3800144 registers.edi: 995818469 registers.eax: 4294937344 registers.ebp: 4007493652 registers.edx: 1625 registers.ebx: 3923937618 registers.esi: 19638600 registers.ecx: 19228417	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 57 bf cb b3 fe 56 01 fa 5f 56 56 89 14 24 e9 exception.symbol: l+0x276d1a exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2583834 exception.address: 0x12c6d1a registers.esp: 3800140 registers.edi: 3582426097 registers.eax: 30768 registers.ebp: 4007493652 registers.edx: 19688073 registers.ebx: 3585047537 registers.esi: 2005598220 registers.ecx: 1369112576	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb e9 be 02 00 00 81 e7 20 8b 7d 3b 81 ef fc 01 exception.symbol: l+0x276e0d exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2584077 exception.address: 0x12c6e0d registers.esp: 3800144 registers.edi: 3582426097 registers.eax: 30768 registers.ebp: 4007493652 registers.edx: 19718841 registers.ebx: 3585047537 registers.esi: 2005598220 registers.ecx: 1369112576	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 50 50 89 34 24 52 ba 7a 8a 7f 3f 81 c2 f0 41 exception.symbol: l+0x276b73 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2583411 exception.address: 0x12c6b73 registers.esp: 3800144 registers.edi: 4294939316 registers.eax: 605849941 registers.ebp: 4007493652 registers.edx: 19718841 registers.ebx: 3585047537 registers.esi: 2005598220 registers.ecx: 1369112576	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 57 bf ed 08 77 6e e9 20 03 00 00 58 e9 56 03 exception.symbol: l+0x2809c8 exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2623944 exception.address: 0x12d09c8 registers.esp: 3800140 registers.edi: 19360349 registers.eax: 19728363 registers.ebp: 4007493652 registers.edx: 395049983 registers.ebx: 16910336 registers.esi: 19360348 registers.ecx: 3738837507	1
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: fb 52 c7 04 24 2e 13 a2 4c 89 34 24 c7 04 24 18 exception.symbol: l+0x28132a exception.instruction: sti exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 2626346 exception.address: 0x12d132a registers.esp: 3800144 registers.edi: 19360349 registers.eax: 19731263 registers.ebp: 4007493652 registers.edx: 0 registers.ebx: 16910336 registers.esi: 19360348 registers.ecx: 3109115479	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7793f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 155648 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01051000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00620000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 22, 2024, 3:01 p.m.	process_identifier: 652 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00025e00', u'virtual_address': u'0x00001000', u'entropy': 7.982154151843492, u'name': u' \\x00 ', u'virtual_size': u'0x00055000'}

entropy

7.98215415184

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x001a0e00', u'virtual_address': u'0x00308000', u'entropy': 7.954537180563086, u'name': u'cidpiplc', u'virtual_size': u'0x001a1000'}

entropy

7.95453718056

description

A section with a high entropy has been found

entropy

0.993989071038

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Nov. 22, 2024, 3:01 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Nov. 22, 2024, 3:01 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 56 e9 00 00 00 00 c7 04 exception.symbol: l+0x1e6132 exception.instruction: in eax, dx exception.module: L.exe exception.exception_code: 0xc0000096 exception.offset: 1990962 exception.address: 0x1236132 registers.esp: 3800176 registers.edi: 7089747 registers.eax: 1447909480 registers.ebp: 4007493652 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 19071246 registers.ecx: 20	1	0	0

L.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All