Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 18, 2025, 5:39 p.m.	Feb. 18, 2025, 5:46 p.m.

Size	2.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`454d208cdba1e652722f6e612fc51339`
SHA256	`0faa4051081f60574a22ba9235c62e70b7bec114626b3aee013de5646d6e1235`
CRC32	`38F46AAA`
ssdeep	`49152:IpOtJGy9yOkVpEd3LwT62ar0jm18sWgmuF64:Ic9dYpykE0jUW26`
Yara	themida_packer - themida packer Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 14, 2025, 11:11 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	geqkviag
section	pkycuuki
section	.taggant

One or more processes crashed (50 out of 116 events)

Time & API	Arguments	Status
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: random+0x3000b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3145913 exception.address: 0x5300b9 registers.esp: 1571976 registers.edi: 0 registers.eax: 1 registers.ebp: 1571992 registers.edx: 7139328 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 36 00 00 00 58 01 ce e9 08 00 00 00 8b 04 exception.symbol: random+0x5d25d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 381533 exception.address: 0x28d25d registers.esp: 1571940 registers.edi: 2674170 registers.eax: 28415 registers.ebp: 3992694804 registers.edx: 2293760 registers.ebx: 2672559 registers.esi: 3 registers.ecx: 1969094656	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 56 e9 6a fc ff ff ff 34 24 e9 18 fc ff ff 55 exception.symbol: random+0x5d99e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 383390 exception.address: 0x28d99e registers.esp: 1571944 registers.edi: 2702585 registers.eax: 28415 registers.ebp: 3992694804 registers.edx: 4294941872 registers.ebx: 2672559 registers.esi: 2960025685 registers.ecx: 1969094656	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 57 bf 3a 4f cd 13 01 fb ff 34 24 ff 34 24 e9 exception.symbol: random+0x5e35b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 385883 exception.address: 0x28e35b registers.esp: 1571940 registers.edi: 2702585 registers.eax: 28550 registers.ebp: 3992694804 registers.edx: 1163710905 registers.ebx: 2677622 registers.esi: 2960025685 registers.ecx: 1969094656	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb b8 1b 90 3b 53 50 e9 aa fe ff ff 55 51 b9 c1 exception.symbol: random+0x5e2d6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 385750 exception.address: 0x28e2d6 registers.esp: 1571944 registers.edi: 2702585 registers.eax: 28550 registers.ebp: 3992694804 registers.edx: 235753 registers.ebx: 2680724 registers.esi: 0 registers.ecx: 1969094656	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 68 8c b5 82 03 89 34 24 53 c7 04 24 f1 fe fd exception.symbol: random+0x1d26dc exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1910492 exception.address: 0x4026dc registers.esp: 1571944 registers.edi: 2714109 registers.eax: 25273 registers.ebp: 3992694804 registers.edx: 2345 registers.ebx: 0 registers.esi: 604277075 registers.ecx: 4206614	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 50 b8 b5 4f ff 65 83 e8 ff 2d 88 e4 f5 67 68 exception.symbol: random+0x1d93f0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1938416 exception.address: 0x4093f0 registers.esp: 1571944 registers.edi: 0 registers.eax: 4262433 registers.ebp: 3992694804 registers.edx: 187 registers.ebx: 4225581 registers.esi: 1972042966 registers.ecx: 96	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 52 89 0c 24 68 08 95 79 39 89 3c 24 68 e7 b7 exception.symbol: random+0x1d972f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1939247 exception.address: 0x40972f registers.esp: 1571944 registers.edi: 4294938256 registers.eax: 4262433 registers.ebp: 3992694804 registers.edx: 187 registers.ebx: 202985 registers.esi: 1972042966 registers.ecx: 96	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 81 c3 6e 09 f6 73 51 89 e1 81 c1 04 00 00 00 exception.symbol: random+0x1e030b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1966859 exception.address: 0x41030b registers.esp: 1571940 registers.edi: 9055648 registers.eax: 31402 registers.ebp: 3992694804 registers.edx: 1046263924 registers.ebx: 4258646 registers.esi: 1972042966 registers.ecx: 14288	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 31 f6 ff 34 33 e9 30 03 00 00 05 47 eb c7 2f exception.symbol: random+0x1dfcdb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1965275 exception.address: 0x40fcdb registers.esp: 1571944 registers.edi: 9055648 registers.eax: 31402 registers.ebp: 3992694804 registers.edx: 1046263924 registers.ebx: 4290048 registers.esi: 1972042966 registers.ecx: 14288	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 e9 27 01 00 00 8b 1c 24 81 c4 04 00 00 00 exception.symbol: random+0x1dfb75 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1964917 exception.address: 0x40fb75 registers.esp: 1571944 registers.edi: 9055648 registers.eax: 1114345 registers.ebp: 3992694804 registers.edx: 1046263924 registers.ebx: 4290048 registers.esi: 4294938308 registers.ecx: 14288	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 ec 04 89 14 24 53 89 exception.symbol: random+0x1e15fa exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1971706 exception.address: 0x4115fa registers.esp: 1571936 registers.edi: 9055648 registers.eax: 1447909480 registers.ebp: 3992694804 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 4265224 registers.ecx: 20	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x1e5ffd exception.address: 0x415ffd exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 1990653 registers.esp: 1571936 registers.edi: 9055648 registers.eax: 1 registers.ebp: 3992694804 registers.edx: 22104 registers.ebx: 0 registers.esi: 4265224 registers.ecx: 20	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 35 39 2d 12 01 exception.symbol: random+0x1e563c exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1988156 exception.address: 0x41563c registers.esp: 1571936 registers.edi: 9055648 registers.eax: 1447909480 registers.ebp: 3992694804 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 4265224 registers.ecx: 10	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 50 53 bb f3 a7 65 77 89 d8 8b 1c 24 e9 30 03 exception.symbol: random+0x1e9f25 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2006821 exception.address: 0x419f25 registers.esp: 1571940 registers.edi: 9055648 registers.eax: 27005 registers.ebp: 3992694804 registers.edx: 2130566132 registers.ebx: 31261655 registers.esi: 4300358 registers.ecx: 2117206016	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 50 c7 04 24 43 d0 ee 6a 89 0c 24 c7 04 24 8d exception.symbol: random+0x1ea4e3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2008291 exception.address: 0x41a4e3 registers.esp: 1571944 registers.edi: 9055648 registers.eax: 27005 registers.ebp: 3992694804 registers.edx: 2130566132 registers.ebx: 31261655 registers.esi: 4327363 registers.ecx: 2117206016	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 50 e9 40 f8 ff ff 5c 50 51 b9 7f bc ff 7f e9 exception.symbol: random+0x1ea608 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2008584 exception.address: 0x41a608 registers.esp: 1571944 registers.edi: 9055648 registers.eax: 2400149600 registers.ebp: 3992694804 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 4303035 registers.ecx: 2117206016	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 8b c8 66 81 ce 4e 7a 6a 00 50 e8 03 exception.symbol: random+0x1eaad3 exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 2009811 exception.address: 0x41aad3 registers.esp: 1571904 registers.edi: 0 registers.eax: 1571904 registers.ebp: 3992694804 registers.edx: 1347801856 registers.ebx: 4303822 registers.esi: 438898761 registers.ecx: 4294901760	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 c9 01 00 00 5f 81 c4 04 00 00 00 e9 a6 01 exception.symbol: random+0x1f9728 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2070312 exception.address: 0x429728 registers.esp: 1571940 registers.edi: 4362985 registers.eax: 32096 registers.ebp: 3992694804 registers.edx: 6 registers.ebx: 31261877 registers.esi: 1968968720 registers.ecx: 0	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 68 03 8b fe 7f 59 56 89 04 24 89 14 24 53 bb exception.symbol: random+0x1f9365 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2069349 exception.address: 0x429365 registers.esp: 1571944 registers.edi: 4395081 registers.eax: 4294937864 registers.ebp: 3992694804 registers.edx: 6 registers.ebx: 31261877 registers.esi: 1968968720 registers.ecx: 262633	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 57 e9 3e 03 00 00 58 55 bd 04 00 00 00 01 e8 exception.symbol: random+0x1fd8a4 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2087076 exception.address: 0x42d8a4 registers.esp: 1571936 registers.edi: 4395081 registers.eax: 25567 registers.ebp: 3992694804 registers.edx: 588112586 registers.ebx: 633679229 registers.esi: 4405280 registers.ecx: 588112586	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 55 68 7e b7 ff 4e 5d e9 58 f9 ff ff bb d8 exception.symbol: random+0x1fdd98 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2088344 exception.address: 0x42dd98 registers.esp: 1571936 registers.edi: 4395081 registers.eax: 25567 registers.ebp: 3992694804 registers.edx: 3229928552 registers.ebx: 0 registers.esi: 4382700 registers.ecx: 588112586	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 bd 09 00 00 5f 55 bd 22 a2 fb 3f 81 cd fc exception.symbol: random+0x1ff97c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2095484 exception.address: 0x42f97c registers.esp: 1571932 registers.edi: 4395081 registers.eax: 28372 registers.ebp: 3992694804 registers.edx: 3229928552 registers.ebx: 1243188726 registers.esi: 4382700 registers.ecx: 4388584	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb b8 40 85 fd 7b 83 e8 01 25 f3 5b fd 76 52 e9 exception.symbol: random+0x1ffd00 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2096384 exception.address: 0x42fd00 registers.esp: 1571936 registers.edi: 4395081 registers.eax: 28372 registers.ebp: 3992694804 registers.edx: 3229928552 registers.ebx: 1243188726 registers.esi: 4382700 registers.ecx: 4416956	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 c7 04 24 4a 27 ce 57 57 e9 exception.symbol: random+0x1ff91e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2095390 exception.address: 0x42f91e registers.esp: 1571936 registers.edi: 4395081 registers.eax: 0 registers.ebp: 3992694804 registers.edx: 3229928552 registers.ebx: 1179202795 registers.esi: 4382700 registers.ecx: 4391768	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 e3 02 00 00 01 c2 81 ea da 08 59 7b 58 52 exception.symbol: random+0x204bce exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2116558 exception.address: 0x434bce registers.esp: 1571936 registers.edi: 4439564 registers.eax: 29776 registers.ebp: 3992694804 registers.edx: 2130566132 registers.ebx: 1179202795 registers.esi: 4382700 registers.ecx: 2117206016	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 52 89 1c 24 e9 3e 04 00 00 5e 81 c4 04 00 00 exception.symbol: random+0x204d36 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2116918 exception.address: 0x434d36 registers.esp: 1571936 registers.edi: 4439564 registers.eax: 1783979243 registers.ebp: 3992694804 registers.edx: 2130566132 registers.ebx: 1179202795 registers.esi: 4382700 registers.ecx: 4294940648	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 52 e9 a5 fc ff ff 33 04 24 31 04 24 33 04 24 exception.symbol: random+0x2211f1 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2232817 exception.address: 0x4511f1 registers.esp: 1571904 registers.edi: 0 registers.eax: 116969 registers.ebp: 3992694804 registers.edx: 2130566132 registers.ebx: 276 registers.esi: 4528602 registers.ecx: 2117206016	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 53 53 89 34 24 50 c7 04 24 b4 9b 94 7c e9 2c exception.symbol: random+0x222881 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2238593 exception.address: 0x452881 registers.esp: 1571900 registers.edi: 4530329 registers.eax: 27674 registers.ebp: 3992694804 registers.edx: 1590231161 registers.ebx: 276 registers.esi: 4528602 registers.ecx: 715606574	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 89 e1 81 c1 04 00 00 00 83 e9 04 87 0c 24 exception.symbol: random+0x2221aa exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2236842 exception.address: 0x4521aa registers.esp: 1571904 registers.edi: 4558003 registers.eax: 27674 registers.ebp: 3992694804 registers.edx: 1590231161 registers.ebx: 276 registers.esi: 4528602 registers.ecx: 715606574	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 57 89 e7 81 c7 04 00 00 00 83 ef 04 e9 77 04 exception.symbol: random+0x222695 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2238101 exception.address: 0x452695 registers.esp: 1571904 registers.edi: 4533063 registers.eax: 27674 registers.ebp: 3992694804 registers.edx: 1590231161 registers.ebx: 0 registers.esi: 1426090592 registers.ecx: 715606574	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 93 fe ff ff 89 04 24 e9 7b fc ff ff 2d 3a exception.symbol: random+0x226acf exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2255567 exception.address: 0x456acf registers.esp: 1571900 registers.edi: 4547488 registers.eax: 29498 registers.ebp: 3992694804 registers.edx: 1374774387 registers.ebx: 3992977199 registers.esi: 9081812 registers.ecx: 1379319928	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 68 00 4e fd 1e 89 2c 24 e9 51 00 00 00 8b 1c exception.symbol: random+0x22691c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2255132 exception.address: 0x45691c registers.esp: 1571904 registers.edi: 4576986 registers.eax: 29498 registers.ebp: 3992694804 registers.edx: 1374774387 registers.ebx: 3992977199 registers.esi: 9081812 registers.ecx: 1379319928	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 68 56 4c 93 32 e9 4e fb ff ff 8f 04 24 8b 24 exception.symbol: random+0x226df3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2256371 exception.address: 0x456df3 registers.esp: 1571904 registers.edi: 4576986 registers.eax: 604801366 registers.ebp: 3992694804 registers.edx: 4294940900 registers.ebx: 3992977199 registers.esi: 9081812 registers.ecx: 1379319928	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 e9 87 08 00 00 50 57 e9 7b 04 00 00 59 87 exception.symbol: random+0x22730e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2257678 exception.address: 0x45730e registers.esp: 1571904 registers.edi: 4576986 registers.eax: 33631 registers.ebp: 3992694804 registers.edx: 1044138795 registers.ebx: 1940633734 registers.esi: 4584670 registers.ecx: 1379319928	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 68 26 de b4 06 8b 14 24 56 89 e6 81 c6 04 00 exception.symbol: random+0x227405 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2257925 exception.address: 0x457405 registers.esp: 1571904 registers.edi: 4576986 registers.eax: 0 registers.ebp: 3992694804 registers.edx: 1044138795 registers.ebx: 986029453 registers.esi: 4555002 registers.ecx: 1379319928	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 d1 fe ff ff 31 ef 8b 2c 24 e9 f8 fe ff ff exception.symbol: random+0x229e58 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2268760 exception.address: 0x459e58 registers.esp: 1571904 registers.edi: 4576986 registers.eax: 32544 registers.ebp: 3992694804 registers.edx: 1890563717 registers.ebx: 16640 registers.esi: 4572820 registers.ecx: 4594057	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 51 68 45 11 39 25 89 2c 24 bd a5 e1 d3 7f 55 exception.symbol: random+0x229dff exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2268671 exception.address: 0x459dff registers.esp: 1571904 registers.edi: 4576986 registers.eax: 322689 registers.ebp: 3992694804 registers.edx: 1890563717 registers.ebx: 16640 registers.esi: 4294937728 registers.ecx: 4594057	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 34 24 e9 1a 01 00 00 05 f1 30 79 exception.symbol: random+0x230056 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2293846 exception.address: 0x460056 registers.esp: 1571900 registers.edi: 4576986 registers.eax: 4586344 registers.ebp: 3992694804 registers.edx: 4578814 registers.ebx: 65786 registers.esi: 4294937728 registers.ecx: 1971716238	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb b9 00 96 12 10 56 c7 04 24 d3 f6 79 3e ff 0c exception.symbol: random+0x230399 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2294681 exception.address: 0x460399 registers.esp: 1571904 registers.edi: 4576986 registers.eax: 4588814 registers.ebp: 3992694804 registers.edx: 0 registers.ebx: 3939837675 registers.esi: 4294937728 registers.ecx: 1971716238	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 2c 24 bd 6b 7a 72 07 52 exception.symbol: random+0x23116a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2298218 exception.address: 0x46116a registers.esp: 1571904 registers.edi: 3939837676 registers.eax: 28491 registers.ebp: 3992694804 registers.edx: 0 registers.ebx: 82608982 registers.esi: 4593380 registers.ecx: 4598894	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 52 57 c7 04 24 15 a0 a5 7e 8b 14 24 83 c4 04 exception.symbol: random+0x2321e3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2302435 exception.address: 0x4621e3 registers.esp: 1571904 registers.edi: 3939837676 registers.eax: 4596419 registers.ebp: 3992694804 registers.edx: 226210101 registers.ebx: 82608982 registers.esi: 0 registers.ecx: 81129	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 56 e9 ca 00 00 00 5e e9 29 fe ff ff 81 c2 01 exception.symbol: random+0x24379b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2373531 exception.address: 0x47379b registers.esp: 1571904 registers.edi: 4644268 registers.eax: 28801 registers.ebp: 3992694804 registers.edx: 2130566132 registers.ebx: 4693918 registers.esi: 4620394 registers.ecx: 0	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 68 d2 1a 6f 7b 59 53 55 bd f7 2c 0a 36 c1 ed exception.symbol: random+0x2436c7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2373319 exception.address: 0x4736c7 registers.esp: 1571904 registers.edi: 4644268 registers.eax: 28801 registers.ebp: 3992694804 registers.edx: 2130566132 registers.ebx: 4693918 registers.esi: 4294941736 registers.ecx: 2298801283	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 16 06 00 00 81 c2 ab 37 a8 3f 8b 0c 24 81 exception.symbol: random+0x24e232 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2417202 exception.address: 0x47e232 registers.esp: 1571904 registers.edi: 2117227776 registers.eax: 30876 registers.ebp: 3992694804 registers.edx: 4294939040 registers.ebx: 4741635 registers.esi: 9451 registers.ecx: 2117227776	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 57 e9 36 f9 ff ff 5d f7 d9 e9 93 00 00 00 29 exception.symbol: random+0x2548f1 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2443505 exception.address: 0x4848f1 registers.esp: 1571900 registers.edi: 4715003 registers.eax: 32678 registers.ebp: 3992694804 registers.edx: 1825896 registers.ebx: 4741635 registers.esi: 9451 registers.ecx: 4734872	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 57 e9 88 03 00 00 be 49 a2 6f 37 09 f3 8b 34 exception.symbol: random+0x254411 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2442257 exception.address: 0x484411 registers.esp: 1571904 registers.edi: 4715003 registers.eax: 32678 registers.ebp: 3992694804 registers.edx: 1825896 registers.ebx: 4741635 registers.esi: 9451 registers.ecx: 4767550	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 55 c7 04 24 ba 68 ff 0f 81 34 24 70 e8 ae 63 exception.symbol: random+0x253ff8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2441208 exception.address: 0x483ff8 registers.esp: 1571904 registers.edi: 4715003 registers.eax: 32678 registers.ebp: 3992694804 registers.edx: 1825896 registers.ebx: 0 registers.esi: 2298801283 registers.ecx: 4738346	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb 50 89 2c 24 bd ee 91 df 2f 50 e9 10 06 00 00 exception.symbol: random+0x254f2e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2445102 exception.address: 0x484f2e registers.esp: 1571900 registers.edi: 4715003 registers.eax: 4738774 registers.ebp: 3992694804 registers.edx: 585174588 registers.ebx: 990177741 registers.esi: 2298801283 registers.ecx: 4738346	1
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: fb e9 12 fe ff ff 83 c6 04 87 34 24 5c 52 e9 2b exception.symbol: random+0x255743 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2447171 exception.address: 0x485743 registers.esp: 1571904 registers.edi: 4715003 registers.eax: 4767924 registers.ebp: 3992694804 registers.edx: 585174588 registers.ebx: 990177741 registers.esi: 2298801283 registers.ecx: 4738346	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 360448 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00231000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02200000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02210000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02220000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02460000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 14, 2025, 11:11 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00058000', u'virtual_address': u'0x00001000', u'entropy': 7.119198885401303, u'name': u' \\x00 ', u'virtual_size': u'0x00058000'}

entropy

7.1191988854

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0019dc00', u'virtual_address': u'0x00300000', u'entropy': 7.953952247254363, u'name': u'geqkviag', u'virtual_size': u'0x0019e000'}

entropy

7.95395224725

description

A section with a high entropy has been found

entropy

0.994549058474

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 14, 2025, 11:11 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Feb. 14, 2025, 11:11 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 ec 04 89 14 24 53 89 exception.symbol: random+0x1e15fa exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1971706 exception.address: 0x4115fa registers.esp: 1571936 registers.edi: 9055648 registers.eax: 1447909480 registers.ebp: 3992694804 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 4265224 registers.ecx: 20	1	0	0

File has been identified by 40 AntiVirus engines on VirusTotal as malicious (40 events)

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Themida.tc
ALYac	Gen:Variant.Symmi.84601
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Variant.Symmi.84601
Arcabit	Trojan.Symmi.D14A79
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	VHO:Backdoor.Win32.Raroger.gen
MicroWorld-eScan	Gen:Variant.Symmi.84601
Rising	Trojan.Agent!1.127FB (CLASSIC)
Emsisoft	Gen:Variant.Symmi.84601 (B)
F-Secure	Trojan.TR/Crypt.TPM.Gen
VIPRE	Gen:Variant.Symmi.84601
McAfeeD	Real Protect-LS!454D208CDBA1
Trapmine	malicious.high.ml.score
CTX	exe.unknown.symmi
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.454d208cdba1e652
Google	Detected
Avira	TR/Crypt.TPM.Gen
Kingsoft	malware.kb.a.958
Gridinsoft	Trojan.Heur!.038120A1
Microsoft	Trojan:Win32/Amadey.HNS!MTB
GData	Gen:Variant.Symmi.84601
Varist	W32/Themida.CT.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R690140
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.MalPack
Zoner	Probably Heur.ExeHeaderL
Fortinet	W32/Themida.HZB!tr
AVG	Win32:Evo-gen [Trj]

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All