Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Feb. 3, 2025, 12:57 p.m.	Feb. 3, 2025, 12:59 p.m.

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e24ddc37faf2826b3f531a82b345cdcf`
SHA256	`e1f06718942e3e2f42ad60afef1568bc6c744a4994e925d72cb89e3bb29c0ee5`
CRC32	`AD749526`
ssdeep	`49152:Ta3jKWoDLSXLRbj5QGN+FstyWbdVUdMQW3wUGetUQ5YqI:Ta3eAXLB+1sVd2NetrqH`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques Admin_Tool_IN_Zero - Admin Tool Sysinternals IsPE32 - (no description) UPX_Zero - UPX packed file

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
932

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 3, 2025, 12:57 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	zjsveofk
section	mynsskwf
section	.taggant

One or more processes crashed (50 out of 124 events)

Time & API	Arguments	Status
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: random+0x3110b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3215545 exception.address: 0x14510b9 registers.esp: 4258092 registers.edi: 0 registers.eax: 1 registers.ebp: 4258108 registers.edx: 23048192 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 57 e9 64 f8 ff ff bd 19 af ff 7f 81 f5 15 4c exception.symbol: random+0x5d946 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 383302 exception.address: 0x119d946 registers.esp: 4258056 registers.edi: 1971192040 registers.eax: 28025 registers.ebp: 4008488980 registers.edx: 18087936 registers.ebx: 402968197 registers.esi: 3 registers.ecx: 18468275	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 14 24 e9 e2 fd ff ff 89 f9 5f 81 exception.symbol: random+0x5d829 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 383017 exception.address: 0x119d829 registers.esp: 4258060 registers.edi: 1971192040 registers.eax: 28025 registers.ebp: 4008488980 registers.edx: 18087936 registers.ebx: 402968197 registers.esi: 3 registers.ecx: 18496300	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 51 89 e1 81 c1 04 00 00 00 83 e9 04 e9 3a 03 exception.symbol: random+0x5d530 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 382256 exception.address: 0x119d530 registers.esp: 4258060 registers.edi: 1971192040 registers.eax: 28025 registers.ebp: 4008488980 registers.edx: 18087936 registers.ebx: 4294942320 registers.esi: 239849 registers.ecx: 18496300	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 34 24 51 89 14 24 e9 e5 03 00 00 exception.symbol: random+0x5e2df exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 385759 exception.address: 0x119e2df registers.esp: 4258060 registers.edi: 1259 registers.eax: 31070 registers.ebp: 4008488980 registers.edx: 757368606 registers.ebx: 4294942320 registers.esi: 18503801 registers.ecx: 4294939356	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 3c 24 e9 43 07 00 00 33 0c 24 5c exception.symbol: random+0x1e026c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1966700 exception.address: 0x132026c registers.esp: 4258060 registers.edi: 18507890 registers.eax: 20057779 registers.ebp: 4008488980 registers.edx: 18463853 registers.ebx: 2179369302 registers.esi: 0 registers.ecx: 785383424	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 50 52 e9 84 00 00 00 bb e6 a4 70 7f e9 ba 00 exception.symbol: random+0x1e68be exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1992894 exception.address: 0x13268be registers.esp: 4258056 registers.edi: 18507890 registers.eax: 28187 registers.ebp: 4008488980 registers.edx: 20079215 registers.ebx: 2031647 registers.esi: 0 registers.ecx: 31	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb e9 52 00 00 00 c1 ef 03 81 cf a7 47 fd 7f 81 exception.symbol: random+0x1e6671 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1992305 exception.address: 0x1326671 registers.esp: 4258060 registers.edi: 18507890 registers.eax: 28187 registers.ebp: 4008488980 registers.edx: 20107402 registers.ebx: 2031647 registers.esi: 0 registers.ecx: 31	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 50 55 51 c7 04 24 85 a4 ca 39 89 14 24 50 b8 exception.symbol: random+0x1e6cf8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1993976 exception.address: 0x1326cf8 registers.esp: 4258060 registers.edi: 18507890 registers.eax: 28187 registers.ebp: 4008488980 registers.edx: 20081970 registers.ebx: 0 registers.esi: 0 registers.ecx: 1549541099	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 56 89 1c 24 e9 19 00 00 00 56 be a2 d3 40 d4 exception.symbol: random+0x1e82a7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1999527 exception.address: 0x13282a7 registers.esp: 4258056 registers.edi: 5385848 registers.eax: 31682 registers.ebp: 4008488980 registers.edx: 95 registers.ebx: 20086942 registers.esi: 20083502 registers.ecx: 1971442156	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 e9 97 ff ff ff 2d e1 3c b1 exception.symbol: random+0x1e855c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2000220 exception.address: 0x132855c registers.esp: 4258060 registers.edi: 5385848 registers.eax: 31682 registers.ebp: 4008488980 registers.edx: 1259 registers.ebx: 20089596 registers.esi: 20083502 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 ec 04 89 04 24 89 e0 exception.symbol: random+0x1f2f1a exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2043674 exception.address: 0x1332f1a registers.esp: 4258052 registers.edi: 5385848 registers.eax: 1447909480 registers.ebp: 4008488980 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 20116598 registers.ecx: 20	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x1f02f9 exception.address: 0x13302f9 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 2032377 registers.esp: 4258052 registers.edi: 5385848 registers.eax: 1 registers.ebp: 4008488980 registers.edx: 22104 registers.ebx: 0 registers.esi: 20116598 registers.ecx: 20	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 05 2b 2d 12 01 exception.symbol: random+0x1f3475 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2045045 exception.address: 0x1333475 registers.esp: 4258052 registers.edi: 5385848 registers.eax: 1447909480 registers.ebp: 4008488980 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 20116598 registers.ecx: 10	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 0c 24 55 c7 04 24 00 72 ca 3f e9 exception.symbol: random+0x1f827c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2065020 exception.address: 0x133827c registers.esp: 4258060 registers.edi: 5385848 registers.eax: 20178182 registers.ebp: 4008488980 registers.edx: 2130566132 registers.ebx: 60114999 registers.esi: 10 registers.ecx: 785383424	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 53 bb 65 b8 4e 6f 81 cb af c7 ff 7f 53 f7 14 exception.symbol: random+0x1f80bd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2064573 exception.address: 0x13380bd registers.esp: 4258060 registers.edi: 47200 registers.eax: 20154838 registers.ebp: 4008488980 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 10 registers.ecx: 785383424	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: cd 01 eb 00 e8 14 00 00 00 40 c1 d6 c7 60 85 20 exception.symbol: random+0x1f8ba4 exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 2067364 exception.address: 0x1338ba4 registers.esp: 4258020 registers.edi: 0 registers.eax: 4258020 registers.ebp: 4008488980 registers.edx: 1996664029 registers.ebx: 20155636 registers.esi: 726606922 registers.ecx: 63716	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 81 c6 7a 39 d2 3d 57 e9 3a 00 00 00 5b 01 c5 exception.symbol: random+0x207f0c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2129676 exception.address: 0x1347f0c registers.esp: 4258056 registers.edi: 18461494 registers.eax: 29770 registers.ebp: 4008488980 registers.edx: 6 registers.ebx: 60115221 registers.esi: 20215942 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 50 89 0c 24 51 c7 04 24 32 fd 9b 59 89 3c 24 exception.symbol: random+0x207903 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2128131 exception.address: 0x1347903 registers.esp: 4258060 registers.edi: 18461494 registers.eax: 29770 registers.ebp: 4008488980 registers.edx: 4294940792 registers.ebx: 60115221 registers.esi: 20245712 registers.ecx: 1373997397	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 55 bd 50 6a cd 4d e9 49 01 00 00 33 2c 24 31 exception.symbol: random+0x20cf6e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2150254 exception.address: 0x134cf6e registers.esp: 4258048 registers.edi: 18461494 registers.eax: 28222 registers.ebp: 4008488980 registers.edx: 522235007 registers.ebx: 60115221 registers.esi: 20245712 registers.ecx: 20236954	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 56 89 0c 24 b9 d4 dd a9 5f 68 d0 b2 e7 2d 89 exception.symbol: random+0x20ccab exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2149547 exception.address: 0x134ccab registers.esp: 4258052 registers.edi: 18461494 registers.eax: 28222 registers.ebp: 4008488980 registers.edx: 522235007 registers.ebx: 60115221 registers.esi: 20245712 registers.ecx: 20265176	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 57 c7 04 24 a0 da exception.symbol: random+0x20d17d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2150781 exception.address: 0x134d17d registers.esp: 4258052 registers.edi: 18461494 registers.eax: 28222 registers.ebp: 4008488980 registers.edx: 22145360 registers.ebx: 60115221 registers.esi: 0 registers.ecx: 20240072	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 50 55 bd 41 a6 62 79 89 e8 5d 92 e9 0a f9 ff exception.symbol: random+0x20f55c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2159964 exception.address: 0x134f55c registers.esp: 4258048 registers.edi: 18461494 registers.eax: 31324 registers.ebp: 4008488980 registers.edx: 1708678112 registers.ebx: 20246016 registers.esi: 2970628 registers.ecx: 1728922386	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 50 c7 04 24 b1 b3 af 6b e9 25 03 00 00 5c 83 exception.symbol: random+0x20f301 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2159361 exception.address: 0x134f301 registers.esp: 4258052 registers.edi: 18461494 registers.eax: 31324 registers.ebp: 4008488980 registers.edx: 1708678112 registers.ebx: 20277340 registers.esi: 2970628 registers.ecx: 1728922386	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 55 c7 04 24 d4 39 9a 36 89 3c 24 57 c7 04 24 exception.symbol: random+0x20f48a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2159754 exception.address: 0x134f48a registers.esp: 4258052 registers.edi: 18461494 registers.eax: 31324 registers.ebp: 4008488980 registers.edx: 0 registers.ebx: 20249228 registers.esi: 631529 registers.ecx: 1728922386	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 81 c7 c0 76 e8 3f 68 7b 2e e5 46 89 1c 24 bb exception.symbol: random+0x211cea exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2170090 exception.address: 0x1351cea registers.esp: 4258048 registers.edi: 20255963 registers.eax: 30874 registers.ebp: 4008488980 registers.edx: 121494762 registers.ebx: 20249228 registers.esi: 631529 registers.ecx: 121494762	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 68 b3 89 09 7c 89 34 24 68 b5 da 09 49 89 3c exception.symbol: random+0x2120a9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2171049 exception.address: 0x13520a9 registers.esp: 4258052 registers.edi: 20286837 registers.eax: 30874 registers.ebp: 4008488980 registers.edx: 121494762 registers.ebx: 20249228 registers.esi: 631529 registers.ecx: 121494762	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 68 a7 d2 18 68 8b 0c 24 50 89 3c 24 89 0c 24 exception.symbol: random+0x21165f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2168415 exception.address: 0x135165f registers.esp: 4258052 registers.edi: 20259129 registers.eax: 322689 registers.ebp: 4008488980 registers.edx: 121494762 registers.ebx: 20249228 registers.esi: 631529 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 55 e9 75 03 00 00 59 01 fa 81 ea 00 ba ef 7f exception.symbol: random+0x232e82 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2305666 exception.address: 0x1372e82 registers.esp: 4258020 registers.edi: 3485657704 registers.eax: 28451 registers.ebp: 4008488980 registers.edx: 20421524 registers.ebx: 229 registers.esi: 4294941884 registers.ecx: 785383424	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 53 89 0c 24 57 bf 1f d4 d5 3d 83 c7 01 81 f7 exception.symbol: random+0x233aaf exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2308783 exception.address: 0x1373aaf registers.esp: 4258020 registers.edi: 3485657704 registers.eax: 20429475 registers.ebp: 4008488980 registers.edx: 647650877 registers.ebx: 487227376 registers.esi: 4294941884 registers.ecx: 764109561	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 51 89 1c 24 e9 c7 01 00 00 89 3c 24 e9 2f 01 exception.symbol: random+0x233bd2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2309074 exception.address: 0x1373bd2 registers.esp: 4258020 registers.edi: 1725729376 registers.eax: 20399539 registers.ebp: 4008488980 registers.edx: 0 registers.ebx: 487227376 registers.esi: 4294941884 registers.ecx: 764109561	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb e9 8c 01 00 00 57 e9 b9 01 00 00 5a 45 81 c5 exception.symbol: random+0x235155 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2314581 exception.address: 0x1375155 registers.esp: 4258020 registers.edi: 20400143 registers.eax: 20403610 registers.ebp: 4008488980 registers.edx: 0 registers.ebx: 2002013403 registers.esi: 1442867808 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 e9 a6 fc ff ff 5b 8f 04 24 exception.symbol: random+0x236232 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2318898 exception.address: 0x1376232 registers.esp: 4258016 registers.edi: 20400143 registers.eax: 28765 registers.ebp: 4008488980 registers.edx: 1455638153 registers.ebx: 1320984069 registers.esi: 20405737 registers.ecx: 0	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 57 89 34 24 68 d2 d7 fb 6f e9 00 00 00 00 5e exception.symbol: random+0x2368fc exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2320636 exception.address: 0x13768fc registers.esp: 4258020 registers.edi: 20400143 registers.eax: 28765 registers.ebp: 4008488980 registers.edx: 1455638153 registers.ebx: 0 registers.esi: 20408730 registers.ecx: 652824657	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 57 bf 50 a4 6f 7f f7 d7 c1 ef 05 4f 81 c7 58 exception.symbol: random+0x236bc9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2321353 exception.address: 0x1376bc9 registers.esp: 4258016 registers.edi: 20400143 registers.eax: 27371 registers.ebp: 4008488980 registers.edx: 20409210 registers.ebx: 1787431345 registers.esi: 20408730 registers.ecx: 652824657	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 2c 24 57 e9 59 00 00 00 ff 34 24 exception.symbol: random+0x237576 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2323830 exception.address: 0x1377576 registers.esp: 4258020 registers.edi: 604292946 registers.eax: 27371 registers.ebp: 4008488980 registers.edx: 20412153 registers.ebx: 1787431345 registers.esi: 0 registers.ecx: 652824657	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 56 53 e9 05 02 00 00 2d 00 f9 b1 1d e9 00 00 exception.symbol: random+0x23bb7f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2341759 exception.address: 0x137bb7f registers.esp: 4258020 registers.edi: 604292946 registers.eax: 24811 registers.ebp: 4008488980 registers.edx: 20426906 registers.ebx: 20459985 registers.esi: 0 registers.ecx: 4294937680	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 56 55 bd 68 82 7f 53 e9 73 00 00 00 ff 74 24 exception.symbol: random+0x24126b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2364011 exception.address: 0x138126b registers.esp: 4258016 registers.edi: 604292946 registers.eax: 20449852 registers.ebp: 4008488980 registers.edx: 20426906 registers.ebx: 624740222 registers.esi: 1248850438 registers.ecx: 40874966	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 31 d2 ff 34 02 e9 4c fe ff ff 56 c7 04 24 3e exception.symbol: random+0x240e1b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2362907 exception.address: 0x1380e1b registers.esp: 4258020 registers.edi: 604292946 registers.eax: 20480496 registers.ebp: 4008488980 registers.edx: 20426906 registers.ebx: 624740222 registers.esi: 1248850438 registers.ecx: 40874966	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb e9 61 02 00 00 01 c5 81 ed 3a 29 bd 6b 50 b8 exception.symbol: random+0x240bbf exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2362303 exception.address: 0x1380bbf registers.esp: 4258020 registers.edi: 81129 registers.eax: 20480496 registers.ebp: 4008488980 registers.edx: 4294939060 registers.ebx: 624740222 registers.esi: 1248850438 registers.ecx: 40874966	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 51 c7 04 24 70 e2 cf 33 e9 b3 00 00 00 31 f9 exception.symbol: random+0x243b31 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2374449 exception.address: 0x1383b31 registers.esp: 4258020 registers.edi: 4294940216 registers.eax: 29846 registers.ebp: 4008488980 registers.edx: 899248992 registers.ebx: 2298801283 registers.esi: 20467285 registers.ecx: 20491935	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 55 bd df 9b f7 7b 52 ba 96 aa fe 58 f7 d2 c1 exception.symbol: random+0x249d83 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2399619 exception.address: 0x1389d83 registers.esp: 4258016 registers.edi: 4294940216 registers.eax: 31239 registers.ebp: 4008488980 registers.edx: 2130566132 registers.ebx: 20485913 registers.esi: 20466481 registers.ecx: 785383424	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb e9 49 01 00 00 c1 e1 04 81 c9 3a 2b cb 7b e9 exception.symbol: random+0x2499d1 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2398673 exception.address: 0x13899d1 registers.esp: 4258020 registers.edi: 4294940216 registers.eax: 31239 registers.ebp: 4008488980 registers.edx: 2130566132 registers.ebx: 20517152 registers.esi: 20466481 registers.ecx: 785383424	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 50 f7 f7 3b e9 10 00 00 00 68 df exception.symbol: random+0x249cd0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2399440 exception.address: 0x1389cd0 registers.esp: 4258020 registers.edi: 4294940216 registers.eax: 4294938720 registers.ebp: 4008488980 registers.edx: 2179369302 registers.ebx: 20517152 registers.esi: 20466481 registers.ecx: 785383424	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 90 06 cd 50 89 1c 24 81 ec 04 00 exception.symbol: random+0x260942 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2492738 exception.address: 0x13a0942 registers.esp: 4258020 registers.edi: 0 registers.eax: 32348 registers.ebp: 4008488980 registers.edx: 20610541 registers.ebx: 1992854888 registers.esi: 4636652 registers.ecx: 4294937732	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 50 51 b9 ca 06 f8 0c 81 e1 81 fa bf 57 81 e9 exception.symbol: random+0x267cf1 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2522353 exception.address: 0x13a7cf1 registers.esp: 4258016 registers.edi: 20582206 registers.eax: 31690 registers.ebp: 4008488980 registers.edx: 1301464 registers.ebx: 20608297 registers.esi: 4654722 registers.ecx: 785383424	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 68 c8 02 05 30 e9 6b 03 00 00 5f 81 ef 6a 59 exception.symbol: random+0x2679bf exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2521535 exception.address: 0x13a79bf registers.esp: 4258020 registers.edi: 0 registers.eax: 31690 registers.ebp: 4008488980 registers.edx: 1301464 registers.ebx: 20611127 registers.esi: 8644951 registers.ecx: 785383424	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 34 24 e9 3f ff ff ff 50 68 65 48 exception.symbol: random+0x26ffd5 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2555861 exception.address: 0x13affd5 registers.esp: 4258020 registers.edi: 4008488980 registers.eax: 0 registers.ebp: 4008488980 registers.edx: 20643854 registers.ebx: 4021830163 registers.esi: 12642640 registers.ecx: 20688363	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 2c 24 bd 00 05 95 5d 81 exception.symbol: random+0x2789fd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2591229 exception.address: 0x13b89fd registers.esp: 4258016 registers.edi: 4008488980 registers.eax: 25736 registers.ebp: 4008488980 registers.edx: 20678591 registers.ebx: 4026511574 registers.esi: 3559875243 registers.ecx: 20676926	1
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: fb 50 81 ec 04 00 00 00 89 14 24 e9 13 fc ff ff exception.symbol: random+0x27922b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2593323 exception.address: 0x13b922b registers.esp: 4258020 registers.edi: 4008488980 registers.eax: 25736 registers.ebp: 4008488980 registers.edx: 20704327 registers.ebx: 4026511574 registers.esi: 3559875243 registers.ecx: 20676926	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7793f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 167936 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01141000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ae0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bf0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 3, 2025, 12:57 p.m.	process_identifier: 932 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00029000', u'virtual_address': u'0x00001000', u'entropy': 7.979423126049008, u'name': u' \\x00 ', u'virtual_size': u'0x00058000'}

entropy

7.97942312605

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x001a8400', u'virtual_address': u'0x00311000', u'entropy': 7.954075387725879, u'name': u'zjsveofk', u'virtual_size': u'0x001a9000'}

entropy

7.95407538773

description

A section with a high entropy has been found

entropy

0.993858477971

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 3, 2025, 12:57 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Feb. 3, 2025, 12:57 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 ec 04 89 04 24 89 e0 exception.symbol: random+0x1f2f1a exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2043674 exception.address: 0x1332f1a registers.esp: 4258052 registers.edi: 5385848 registers.eax: 1447909480 registers.ebp: 4008488980 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 20116598 registers.ecx: 20	1	0	0

File has been identified by 40 AntiVirus engines on VirusTotal as malicious (40 events)

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Themida.tc
ALYac	Gen:Variant.Symmi.93663
Cylance	Unsafe
VIPRE	Gen:Variant.Symmi.93663
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Variant.Symmi.93663
Arcabit	Trojan.Symmi.D16DDF
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	HEUR:Trojan-PSW.Win32.Lumma.pef
MicroWorld-eScan	Gen:Variant.Symmi.93663
Emsisoft	Gen:Variant.Symmi.93663 (B)
F-Secure	Trojan.TR/Crypt.TPM.Gen
McAfeeD	Real Protect-LS!E24DDC37FAF2
Trapmine	malicious.high.ml.score
CTX	exe.unknown.symmi
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.e24ddc37faf2826b
Google	Detected
Avira	TR/Crypt.TPM.Gen
Gridinsoft	Trojan.Heur!.038120A1
Microsoft	Trojan:Win32/LummaC!rfn
GData	Gen:Variant.Symmi.93663
Varist	W32/Themida.CT.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R690140
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.MalPack
Zoner	Probably Heur.ExeHeaderL
Tencent	Trojan-DL.Win32.Deyma.kh
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Themida.HZB!tr
AVG	Win32:Evo-gen [Trj]

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All