Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 18, 2025, 5:37 p.m.	Feb. 18, 2025, 5:39 p.m.

Size	1.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c30852886cb5a9c1f956d738a355ed8c`
SHA256	`daadda165930ae74c7ad9ebf6e16255ad9dac9edf443af90dc8dd85bc08fe282`
CRC32	`6C19D173`
ssdeep	`49152:i7L0vjFekkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkA:iPQjFekkkkkkkkkkkkkkkkkkkkkkkkkZ`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file

KbSwZup.exe "C:\Users\test22\AppData\Local\Temp\KbSwZup.exe"
2684

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 14, 2025, 11:11 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	byidmovu
section	ifcaqyxp
section	.taggant

One or more processes crashed (50 out of 127 events)

Time & API	Arguments	Status
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: kbswzup+0x2f50b9 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 3100857 exception.address: 0x11a50b9 registers.esp: 2489092 registers.edi: 0 registers.eax: 1 registers.ebp: 2489108 registers.edx: 20168704 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 57 c7 04 24 7f 5e cc 7c 89 1c 24 bb 4e 54 ff exception.symbol: kbswzup+0x5d09f exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 381087 exception.address: 0xf0d09f registers.esp: 2489060 registers.edi: 15784120 registers.eax: 0 registers.ebp: 4001148948 registers.edx: 15400960 registers.ebx: 15780836 registers.esi: 242921 registers.ecx: 1969094656	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 89 e1 50 b8 a1 d6 ef 3b 2d 9d d6 ef 3b e9 exception.symbol: kbswzup+0x5e1ad exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 385453 exception.address: 0xf0e1ad registers.esp: 2489056 registers.edi: 15784120 registers.eax: 27047 registers.ebp: 4001148948 registers.edx: 1612198593 registers.ebx: 15785489 registers.esi: 242921 registers.ecx: 1969094656	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 53 52 ba 87 dd cf 7f e9 13 00 00 00 58 05 04 exception.symbol: kbswzup+0x5def8 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 384760 exception.address: 0xf0def8 registers.esp: 2489060 registers.edi: 15784120 registers.eax: 1259 registers.ebp: 4001148948 registers.edx: 1612198593 registers.ebx: 15788476 registers.esi: 0 registers.ecx: 1969094656	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 81 c3 d9 f5 f7 4c 03 1c 24 e9 38 f7 ff ff 8b exception.symbol: kbswzup+0x1cbe9e exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 1883806 exception.address: 0x107be9e registers.esp: 2489056 registers.edi: 15820630 registers.eax: 31608 registers.ebp: 4001148948 registers.edx: 2345 registers.ebx: 17282485 registers.esi: 17281988 registers.ecx: 2468216832	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 68 20 31 f6 24 e9 0c 00 00 00 bd eb 34 e6 a1 exception.symbol: kbswzup+0x1cba5c exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 1882716 exception.address: 0x107ba5c registers.esp: 2489060 registers.edi: 15820630 registers.eax: 31608 registers.ebp: 4001148948 registers.edx: 2345 registers.ebx: 17314093 registers.esi: 17281988 registers.ecx: 2468216832	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 c4 04 00 00 5f 68 21 fd b4 ca 8b 04 24 83 exception.symbol: kbswzup+0x1cb63f exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 1881663 exception.address: 0x107b63f registers.esp: 2489060 registers.edi: 598803048 registers.eax: 0 registers.ebp: 4001148948 registers.edx: 2345 registers.ebx: 17285209 registers.esi: 17281988 registers.ecx: 2468216832	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 53 89 e3 e9 7a 00 00 00 8b 14 24 83 c4 04 83 exception.symbol: kbswzup+0x1d1ba5 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 1907621 exception.address: 0x1081ba5 registers.esp: 2489060 registers.edi: 1282671484 registers.eax: 26606 registers.ebp: 4001148948 registers.edx: 17306743 registers.ebx: 17305201 registers.esi: 17334439 registers.ecx: 1969693920	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 89 04 24 e9 88 01 00 00 31 3c 24 33 3c 24 exception.symbol: kbswzup+0x1d1b92 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 1907602 exception.address: 0x1081b92 registers.esp: 2489060 registers.edi: 1282671484 registers.eax: 26606 registers.ebp: 4001148948 registers.edx: 17306743 registers.ebx: 50665 registers.esi: 17334439 registers.ecx: 4294943568	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 e3 06 00 00 21 c1 58 51 f7 14 24 59 52 e9 exception.symbol: kbswzup+0x1d2ee6 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 1912550 exception.address: 0x1082ee6 registers.esp: 2489056 registers.edi: 1282671484 registers.eax: 30728 registers.ebp: 4001148948 registers.edx: 17306743 registers.ebx: 17313068 registers.esi: 17334439 registers.ecx: 1614969410	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 31 f6 ff 34 1e ff 34 24 e9 2c 00 00 00 87 34 exception.symbol: kbswzup+0x1d2f24 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 1912612 exception.address: 0x1082f24 registers.esp: 2489060 registers.edi: 1282671484 registers.eax: 30728 registers.ebp: 4001148948 registers.edx: 17306743 registers.ebx: 17343796 registers.esi: 17334439 registers.ecx: 1614969410	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 50 e9 9c 01 00 00 81 24 24 ea 06 ff 5f 55 89 exception.symbol: kbswzup+0x1d35a5 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 1914277 exception.address: 0x10835a5 registers.esp: 2489060 registers.edi: 202985 registers.eax: 30728 registers.ebp: 4001148948 registers.edx: 17306743 registers.ebx: 17343796 registers.esi: 4294939480 registers.ecx: 1614969410	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 68 b3 b9 40 51 89 14 24 exception.symbol: kbswzup+0x1dc703 exception.instruction: in eax, dx exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 1951491 exception.address: 0x108c703 registers.esp: 2489052 registers.edi: 6172073 registers.eax: 1447909480 registers.ebp: 4001148948 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 17345641 registers.ecx: 20	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: kbswzup+0x1dc881 exception.address: 0x108c881 exception.module: KbSwZup.exe exception.exception_code: 0xc000001d exception.offset: 1951873 registers.esp: 2489052 registers.edi: 6172073 registers.eax: 1 registers.ebp: 4001148948 registers.edx: 22104 registers.ebx: 0 registers.esi: 17345641 registers.ecx: 20	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 ad 28 74 12 01 exception.symbol: kbswzup+0x1dd886 exception.instruction: in eax, dx exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 1955974 exception.address: 0x108d886 registers.esp: 2489052 registers.edi: 6172073 registers.eax: 1447909480 registers.ebp: 4001148948 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 17345641 registers.ecx: 10	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 6a 00 55 e8 03 00 00 00 20 5d c3 5d exception.symbol: kbswzup+0x1e3578 exception.instruction: int 1 exception.module: KbSwZup.exe exception.exception_code: 0xc0000005 exception.offset: 1979768 exception.address: 0x1093578 registers.esp: 2489020 registers.edi: 0 registers.eax: 2489020 registers.ebp: 4001148948 registers.edx: 19266406 registers.ebx: 17381082 registers.esi: 2 registers.ecx: 975044618	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 52 c7 04 24 76 57 53 7a e9 ce f6 ff ff 89 14 exception.symbol: kbswzup+0x1e4361 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 1983329 exception.address: 0x1094361 registers.esp: 2489060 registers.edi: 6172073 registers.eax: 17408340 registers.ebp: 4001148948 registers.edx: 6172073 registers.ebx: 2283 registers.esi: 6172073 registers.ecx: 4294943464	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 27 01 00 00 81 c5 ff ff ff ff 52 53 68 c0 exception.symbol: kbswzup+0x1eb2f9 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2011897 exception.address: 0x109b2f9 registers.esp: 2489060 registers.edi: 6172073 registers.eax: 30528 registers.ebp: 4001148948 registers.edx: 654654 registers.ebx: 2283 registers.esi: 6172073 registers.ecx: 17442487	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 68 86 fa 24 7f e9 7e 05 00 00 5e 83 ec 04 89 exception.symbol: kbswzup+0x1eb229 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2011689 exception.address: 0x109b229 registers.esp: 2489060 registers.edi: 35514705 registers.eax: 30528 registers.ebp: 4001148948 registers.edx: 654654 registers.ebx: 2283 registers.esi: 4294939480 registers.ecx: 17442487	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 81 eb 9e f4 ed 36 57 89 14 24 ba c0 36 bb 29 exception.symbol: kbswzup+0x1f53d6 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2053078 exception.address: 0x10a53d6 registers.esp: 2489056 registers.edi: 15776214 registers.eax: 32410 registers.ebp: 4001148948 registers.edx: 6 registers.ebx: 17453009 registers.esi: 1968968720 registers.ecx: 0	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 31 d2 ff 34 13 ff 34 24 8b 34 24 56 89 e6 e9 exception.symbol: kbswzup+0x1f5887 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2054279 exception.address: 0x10a5887 registers.esp: 2489060 registers.edi: 15776214 registers.eax: 32410 registers.ebp: 4001148948 registers.edx: 6 registers.ebx: 17485419 registers.esi: 1968968720 registers.ecx: 0	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 1e 01 00 00 81 c1 04 00 00 00 87 0c 24 5c exception.symbol: kbswzup+0x1f57a4 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2054052 exception.address: 0x10a57a4 registers.esp: 2489060 registers.edi: 15776214 registers.eax: 32410 registers.ebp: 4001148948 registers.edx: 4294937644 registers.ebx: 17485419 registers.esi: 1016809 registers.ecx: 0	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 1c 24 bb f3 5e e7 6e 51 e9 0f ff exception.symbol: kbswzup+0x1f712b exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2060587 exception.address: 0x10a712b registers.esp: 2489056 registers.edi: 15776214 registers.eax: 17460669 registers.ebp: 4001148948 registers.edx: 981142081 registers.ebx: 17485419 registers.esi: 1016809 registers.ecx: 981142081	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 89 3c 24 e9 d4 fc ff ff 05 44 b6 77 7f 29 exception.symbol: kbswzup+0x1f714e exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2060622 exception.address: 0x10a714e registers.esp: 2489060 registers.edi: 15776214 registers.eax: 17492828 registers.ebp: 4001148948 registers.edx: 981142081 registers.ebx: 17485419 registers.esi: 1016809 registers.ecx: 981142081	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 54 59 55 bd 7f 8c 76 77 81 c5 c2 3a c6 95 exception.symbol: kbswzup+0x1f6ebb exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2059963 exception.address: 0x10a6ebb registers.esp: 2489060 registers.edi: 262633 registers.eax: 17463184 registers.ebp: 4001148948 registers.edx: 0 registers.ebx: 17485419 registers.esi: 1016809 registers.ecx: 981142081	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 81 c2 c9 a0 3f 7f 51 b9 00 c4 bf 6d 81 c2 2e exception.symbol: kbswzup+0x1fe5ce exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2090446 exception.address: 0x10ae5ce registers.esp: 2489048 registers.edi: 262633 registers.eax: 25545 registers.ebp: 4001148948 registers.edx: 17489854 registers.ebx: 17485419 registers.esi: 1016809 registers.ecx: 2468216832	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 56 83 ec 04 e9 c7 fc ff ff 89 df 5b 83 ef ff exception.symbol: kbswzup+0x1fe695 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2090645 exception.address: 0x10ae695 registers.esp: 2489052 registers.edi: 262633 registers.eax: 25545 registers.ebp: 4001148948 registers.edx: 17492567 registers.ebx: 17485419 registers.esi: 0 registers.ecx: 84201	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 68 02 00 00 89 e1 e9 49 03 00 00 exception.symbol: kbswzup+0x20d216 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2150934 exception.address: 0x10bd216 registers.esp: 2489052 registers.edi: 17538879 registers.eax: 17553520 registers.ebp: 4001148948 registers.edx: 0 registers.ebx: 1358981728 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 89 2c 24 bd 35 e6 13 5f 29 ef 8b 2c 24 81 exception.symbol: kbswzup+0x21f16f exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2224495 exception.address: 0x10cf16f registers.esp: 2489016 registers.edi: 17623521 registers.eax: 26252 registers.ebp: 4001148948 registers.edx: 2130566132 registers.ebx: 17579461 registers.esi: 17619493 registers.ecx: 2468216832	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 6a 03 00 00 bf 00 2c 7d 7f e9 51 f9 ff ff exception.symbol: kbswzup+0x21f0c7 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2224327 exception.address: 0x10cf0c7 registers.esp: 2489020 registers.edi: 17649773 registers.eax: 4294943908 registers.ebp: 4001148948 registers.edx: 1392536160 registers.ebx: 17579461 registers.esi: 17619493 registers.ecx: 2468216832	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 c7 04 24 9f 39 43 0f e9 af f7 ff ff 09 cd exception.symbol: kbswzup+0x220697 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2229911 exception.address: 0x10d0697 registers.esp: 2489020 registers.edi: 17649773 registers.eax: 26644 registers.ebp: 4001148948 registers.edx: 4294943292 registers.ebx: 2879228768 registers.esi: 17619493 registers.ecx: 17655084	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 81 eb ab 98 f3 7f 03 1c 24 56 89 e6 e9 8e f9 exception.symbol: kbswzup+0x221341 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2233153 exception.address: 0x10d1341 registers.esp: 2489016 registers.edi: 17631754 registers.eax: 24815 registers.ebp: 4001148948 registers.edx: 0 registers.ebx: 17632255 registers.esi: 17631110 registers.ecx: 0	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 50 e9 d4 00 00 00 43 81 eb 92 73 f5 7b 4b e9 exception.symbol: kbswzup+0x220db3 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2231731 exception.address: 0x10d0db3 registers.esp: 2489020 registers.edi: 17631754 registers.eax: 24815 registers.ebp: 4001148948 registers.edx: 0 registers.ebx: 17657070 registers.esi: 17631110 registers.ecx: 0	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 50 e9 2f ff ff ff 8b 24 24 ff 33 ff 34 24 ff exception.symbol: kbswzup+0x220d34 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2231604 exception.address: 0x10d0d34 registers.esp: 2489020 registers.edi: 0 registers.eax: 24815 registers.ebp: 4001148948 registers.edx: 0 registers.ebx: 17634458 registers.esi: 607422801 registers.ecx: 0	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 00 00 00 00 89 1c 24 81 ec 04 00 exception.symbol: kbswzup+0x221ed0 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2236112 exception.address: 0x10d1ed0 registers.esp: 2489020 registers.edi: 0 registers.eax: 29139 registers.ebp: 4001148948 registers.edx: 0 registers.ebx: 17663992 registers.esi: 607422801 registers.ecx: 108006273	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 68 53 99 ff 79 e9 eb fd ff ff 89 e6 e9 35 03 exception.symbol: kbswzup+0x221b59 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2235225 exception.address: 0x10d1b59 registers.esp: 2489020 registers.edi: 0 registers.eax: 29139 registers.ebp: 4001148948 registers.edx: 713923981 registers.ebx: 17637512 registers.esi: 0 registers.ecx: 108006273	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 96 02 00 00 01 e8 ff 34 24 5d 51 89 e1 e9 exception.symbol: kbswzup+0x225d14 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2252052 exception.address: 0x10d5d14 registers.esp: 2489020 registers.edi: 0 registers.eax: 26980 registers.ebp: 4001148948 registers.edx: 17652388 registers.ebx: 65786 registers.esi: 0 registers.ecx: 17679881	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 52 e9 25 05 00 00 58 89 d3 5a 43 c1 e3 08 e9 exception.symbol: kbswzup+0x2262ef exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2253551 exception.address: 0x10d62ef registers.esp: 2489020 registers.edi: 68073 registers.eax: 26980 registers.ebp: 4001148948 registers.edx: 17652388 registers.ebx: 65786 registers.esi: 0 registers.ecx: 17656113	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 51 55 bd 61 4a d5 2d e9 00 00 exception.symbol: kbswzup+0x229e9c exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2268828 exception.address: 0x10d9e9c registers.esp: 2489016 registers.edi: 17664377 registers.eax: 17667397 registers.ebp: 4001148948 registers.edx: 68073 registers.ebx: 213997803 registers.esi: 17665736 registers.ecx: 43601	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 53 e9 11 02 00 00 c7 04 24 8b 26 6f 4f 56 exception.symbol: kbswzup+0x22990d exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2267405 exception.address: 0x10d990d registers.esp: 2489020 registers.edi: 17664377 registers.eax: 17669886 registers.ebp: 4001148948 registers.edx: 0 registers.ebx: 213997803 registers.esi: 17665736 registers.ecx: 3128983656	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 50 e9 e2 ff ff ff ff 74 24 04 8b 0c 24 81 c4 exception.symbol: kbswzup+0x22a8ff exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2271487 exception.address: 0x10da8ff registers.esp: 2489016 registers.edi: 17664377 registers.eax: 30014 registers.ebp: 4001148948 registers.edx: 110077504 registers.ebx: 17670275 registers.esi: 17665736 registers.ecx: 1218039966	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 c2 fc ff ff b8 cf cb 72 e6 68 f7 66 34 48 exception.symbol: kbswzup+0x22a919 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2271513 exception.address: 0x10da919 registers.esp: 2489020 registers.edi: 17664377 registers.eax: 30014 registers.ebp: 4001148948 registers.edx: 110077504 registers.ebx: 17700289 registers.esi: 17665736 registers.ecx: 1218039966	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 55 89 1c 24 89 34 24 51 c7 04 24 99 53 7f 6f exception.symbol: kbswzup+0x22a3ce exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2270158 exception.address: 0x10da3ce registers.esp: 2489020 registers.edi: 17664377 registers.eax: 30014 registers.ebp: 4001148948 registers.edx: 110077504 registers.ebx: 17700289 registers.esi: 4294940372 registers.ecx: 2179369302	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 81 ea 6f f4 ff 5f 03 14 24 55 c7 04 24 51 78 exception.symbol: kbswzup+0x2307e5 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2295781 exception.address: 0x10e07e5 registers.esp: 2489016 registers.edi: 17664377 registers.eax: 25706 registers.ebp: 4001148948 registers.edx: 17695192 registers.ebx: 2147483650 registers.esi: 17675001 registers.ecx: 2468216832	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 68 fc f0 b5 03 89 34 24 68 17 0f d8 5d 89 2c exception.symbol: kbswzup+0x2305d9 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2295257 exception.address: 0x10e05d9 registers.esp: 2489020 registers.edi: 17664377 registers.eax: 25706 registers.ebp: 4001148948 registers.edx: 17720898 registers.ebx: 2147483650 registers.esi: 17675001 registers.ecx: 2468216832	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 55 89 1c 24 89 0c 24 52 c7 04 24 53 61 ee 7f exception.symbol: kbswzup+0x230a7d exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2296445 exception.address: 0x10e0a7d registers.esp: 2489020 registers.edi: 17664377 registers.eax: 25706 registers.ebp: 4001148948 registers.edx: 17720898 registers.ebx: 76109649 registers.esi: 17675001 registers.ecx: 4294944692	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 55 bd b6 59 de 64 81 ee 7e 6e 7e 7b 01 ee 81 exception.symbol: kbswzup+0x23d513 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2348307 exception.address: 0x10ed513 registers.esp: 2489016 registers.edi: 17724649 registers.eax: 25458 registers.ebp: 4001148948 registers.edx: 844744 registers.ebx: 17724617 registers.esi: 17748908 registers.ecx: 2468216832	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 50 89 34 24 55 bd ba 57 f9 77 53 bb 21 8f d9 exception.symbol: kbswzup+0x23ddd8 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2350552 exception.address: 0x10eddd8 registers.esp: 2489020 registers.edi: 17724649 registers.eax: 25458 registers.ebp: 4001148948 registers.edx: 844744 registers.ebx: 17724617 registers.esi: 17774366 registers.ecx: 2468216832	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 34 08 00 00 52 ba 57 e2 df 5f 31 d5 ff 34 exception.symbol: kbswzup+0x23d3d5 exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2347989 exception.address: 0x10ed3d5 registers.esp: 2489020 registers.edi: 17724649 registers.eax: 25458 registers.ebp: 4001148948 registers.edx: 844744 registers.ebx: 2298801283 registers.esi: 17774366 registers.ecx: 4294944648	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 c7 04 24 e3 f7 be 6f c1 24 24 04 81 2c 24 exception.symbol: kbswzup+0x24f5ed exception.instruction: sti exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 2422253 exception.address: 0x10ff5ed registers.esp: 2489020 registers.edi: 17801539 registers.eax: 26597 registers.ebp: 4001148948 registers.edx: 17824612 registers.ebx: 0 registers.esi: 606898519 registers.ecx: 2468216832	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 360448 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00eb1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00560000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00870000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00880000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00870000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00870000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00870000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00870000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2684 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00870000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00058000', u'virtual_address': u'0x00001000', u'entropy': 7.153233435039758, u'name': u' \\x00 ', u'virtual_size': u'0x00058000'}

entropy

7.15323343504

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00195e00', u'virtual_address': u'0x002f5000', u'entropy': 7.952929234258035, u'name': u'byidmovu', u'virtual_size': u'0x00196000'}

entropy

7.95292923426

description

A section with a high entropy has been found

entropy

0.994462622703

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 68 b3 b9 40 51 89 14 24 exception.symbol: kbswzup+0x1dc703 exception.instruction: in eax, dx exception.module: KbSwZup.exe exception.exception_code: 0xc0000096 exception.offset: 1951491 exception.address: 0x108c703 registers.esp: 2489052 registers.edi: 6172073 registers.eax: 1447909480 registers.ebp: 4001148948 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 17345641 registers.ecx: 20	1	0	0

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Lumma.1u!c
tehtris	Generic.Malware
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojanpws.Lumma
Skyhigh	BehavesLike.Win32.Themida.tc
ALYac	Gen:Variant.Jaik.273503
Cylance	Unsafe
VIPRE	Gen:Variant.Jaik.273503
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Variant.Jaik.273503
K7GW	Trojan ( 00587f0f1 )
K7AntiVirus	Trojan ( 00587f0f1 )
Arcabit	Trojan.Jaik.D42C5F
VirIT	Trojan.Win32.GenusT.EPAI
Symantec	Trojan Horse
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	HEUR:Trojan-PSW.Win32.Lumma.pef
Alibaba	TrojanPSW:Win32/LummaStealer.211bdfb9
NANO-Antivirus	Trojan.Win32.Lumma.kvotpi
MicroWorld-eScan	Gen:Variant.Jaik.273503
Rising	Trojan.Agent!1.127FB (CLASSIC)
Emsisoft	Gen:Variant.Jaik.273503 (B)
F-Secure	Trojan.TR/Crypt.TPM.Gen
DrWeb	Trojan.PWS.Lumma.1819
McAfeeD	Real Protect-LS!C30852886CB5
Trapmine	malicious.high.ml.score
CTX	exe.trojan.lumma
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.c30852886cb5a9c1
Google	Detected
Avira	TR/Crypt.TPM.Gen
Antiy-AVL	Trojan[PSW]/Win32.Lumma
Kingsoft	Win32.Trojan-PSW.Lumma.pef
Gridinsoft	Spy.Win32.Gen.tr
Xcitium	Malware@#8qqqpwynf6ic
Microsoft	Trojan:Win32/LummaStealer.DSK!MTB
GData	Gen:Variant.Jaik.273503
Varist	W32/Themida.CT.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R690140
McAfee	Artemis!C30852886CB5
DeepInstinct	MALICIOUS
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	Trojan.MalPack
Ikarus	Trojan.Win32.Themida

KbSwZup.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All