Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Feb. 19, 2025, 11:03 a.m.	Feb. 19, 2025, 11:05 a.m.

Size	2.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`76283d02eb521a667273085a9068b59d`
SHA256	`7bbd24b0cd19bc5ead8de1eb2f6f21753cf927dd3c42bfaf93b323534b5294ae`
CRC32	`7C91FB32`
ssdeep	`49152:HwltySjHGqzrwK18LS9qqwDEhhNG5qMqGYB9s45QpAL6b6yh:QltyoH171oSshDE12qddr0`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

tt012.exe "C:\Users\test22\AppData\Local\Temp\tt012.exe"
792

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (50 out of 59 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:03 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0
IsDebuggerPresent Feb. 19, 2025, 11:04 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	wayiszea
section	kdskqnrx
section	.taggant

One or more processes crashed (50 out of 108 events)

Time & API	Arguments	Status
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: tt012+0x2fa0b9 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 3121337 exception.address: 0x6fa0b9 registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 9003008 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 68 5b 58 dd 35 89 2c 24 e9 a2 fe ff ff 55 e9 exception.symbol: tt012+0x72103 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 467203 exception.address: 0x472103 registers.esp: 1638244 registers.edi: 1971192040 registers.eax: 4664079 registers.ebp: 3971219476 registers.edx: 2783531090 registers.ebx: 0 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 55 51 50 e9 63 08 00 00 81 c4 04 00 00 00 53 exception.symbol: tt012+0x72f99 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 470937 exception.address: 0x472f99 registers.esp: 1638244 registers.edi: 4294944148 registers.eax: 26067 registers.ebp: 3971219476 registers.edx: 2783531090 registers.ebx: 233705 registers.esi: 3 registers.ecx: 4690579	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 57 55 89 1c 24 e9 fe fe ff ff 89 1c 24 e9 c6 exception.symbol: tt012+0x1db25d exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 1946205 exception.address: 0x5db25d registers.esp: 1638244 registers.edi: 606896464 registers.eax: 6141596 registers.ebp: 3971219476 registers.edx: 2345 registers.ebx: 446464 registers.esi: 0 registers.ecx: 4690579	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 55 e9 48 fb ff ff 01 fa 8b 3c 24 83 c4 04 e9 exception.symbol: tt012+0x1e1189 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 1970569 exception.address: 0x5e1189 registers.esp: 1638244 registers.edi: 6192028 registers.eax: 50665 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 58327930 registers.esi: 0 registers.ecx: 4294940520	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 50 68 02 8a c7 45 89 14 24 ba 1e dc fe 77 89 exception.symbol: tt012+0x1e67c7 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 1992647 exception.address: 0x5e67c7 registers.esp: 1638244 registers.edi: 9383535 registers.eax: 30695 registers.ebp: 3971219476 registers.edx: 6217525 registers.ebx: 6167241 registers.esi: 6170482 registers.ecx: 14288	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 0c 24 83 ec 04 89 04 24 exception.symbol: tt012+0x1e7127 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 1995047 exception.address: 0x5e7127 registers.esp: 1638244 registers.edi: 9383535 registers.eax: 30695 registers.ebp: 3971219476 registers.edx: 6217525 registers.ebx: 6167241 registers.esi: 4294939792 registers.ecx: 1259	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 e9 11 29 00 00 89 2c 24 exception.symbol: tt012+0x1eaf87 exception.instruction: in eax, dx exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2011015 exception.address: 0x5eaf87 registers.esp: 1638236 registers.edi: 9383535 registers.eax: 1447909480 registers.ebp: 3971219476 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 6202273 registers.ecx: 20	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: tt012+0x1eb903 exception.address: 0x5eb903 exception.module: tt012.exe exception.exception_code: 0xc000001d exception.offset: 2013443 registers.esp: 1638236 registers.edi: 9383535 registers.eax: 1 registers.ebp: 3971219476 registers.edx: 22104 registers.ebx: 0 registers.esi: 6202273 registers.ecx: 20	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 48 39 93 13 01 exception.symbol: tt012+0x1ecf04 exception.instruction: in eax, dx exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2019076 exception.address: 0x5ecf04 registers.esp: 1638236 registers.edi: 9383535 registers.eax: 1447909480 registers.ebp: 3971219476 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 6202273 registers.ecx: 10	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 6a 00 52 e8 03 00 00 00 20 5a c3 5a exception.symbol: tt012+0x1f2b7e exception.instruction: int 1 exception.module: tt012.exe exception.exception_code: 0xc0000005 exception.offset: 2042750 exception.address: 0x5f2b7e registers.esp: 1638204 registers.edi: 0 registers.eax: 1638204 registers.ebp: 3971219476 registers.edx: 5919 registers.ebx: 6237316 registers.esi: 10 registers.ecx: 11396	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb e9 32 04 00 00 55 bd 2e 9f ff 7b 83 ed 01 e9 exception.symbol: tt012+0x1f32a4 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2044580 exception.address: 0x5f32a4 registers.esp: 1638240 registers.edi: 9383535 registers.eax: 30107 registers.ebp: 3971219476 registers.edx: 11905 registers.ebx: 62514937 registers.esi: 3771985184 registers.ecx: 6238033	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 31 db ff 34 0b ff 34 24 ff 34 24 e9 97 00 00 exception.symbol: tt012+0x1f33f3 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2044915 exception.address: 0x5f33f3 registers.esp: 1638244 registers.edi: 9383535 registers.eax: 30107 registers.ebp: 3971219476 registers.edx: 11905 registers.ebx: 62514937 registers.esi: 3771985184 registers.ecx: 6268140	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 68 83 04 3e 68 e9 a9 02 00 00 87 de 87 fb e9 exception.symbol: tt012+0x1f32ca exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2044618 exception.address: 0x5f32ca registers.esp: 1638244 registers.edi: 6379 registers.eax: 30107 registers.ebp: 3971219476 registers.edx: 11905 registers.ebx: 4294939700 registers.esi: 3771985184 registers.ecx: 6268140	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 81 eb 1a a3 b4 4b 81 eb 9c fd 7a 57 03 1c 24 exception.symbol: tt012+0x203dc0 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2112960 exception.address: 0x603dc0 registers.esp: 1638240 registers.edi: 4657622 registers.eax: 32014 registers.ebp: 3971219476 registers.edx: 6 registers.ebx: 6304227 registers.esi: 1971262480 registers.ecx: 0	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 50 89 34 24 81 ec 04 00 00 00 89 14 24 50 b8 exception.symbol: tt012+0x2033e7 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2110439 exception.address: 0x6033e7 registers.esp: 1638244 registers.edi: 4657622 registers.eax: 32014 registers.ebp: 3971219476 registers.edx: 2000182888 registers.ebx: 6307413 registers.esi: 1971262480 registers.ecx: 0	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 56 57 51 b9 59 5b ff 4d 81 f1 2e af 26 3e e9 exception.symbol: tt012+0x2040df exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2113759 exception.address: 0x6040df registers.esp: 1638244 registers.edi: 4657622 registers.eax: 847849 registers.ebp: 3971219476 registers.edx: 4294944256 registers.ebx: 6307413 registers.esi: 1971262480 registers.ecx: 6334178	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 50 52 ba 70 85 6f 6f 52 58 8b 14 24 83 c4 04 exception.symbol: tt012+0x206881 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2123905 exception.address: 0x606881 registers.esp: 1638244 registers.edi: 0 registers.eax: 6318671 registers.ebp: 3971219476 registers.edx: 1447823735 registers.ebx: 6307413 registers.esi: 1971262480 registers.ecx: 262633	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 68 87 15 ea 4a e9 b2 02 00 00 81 e9 30 f2 74 exception.symbol: tt012+0x20e917 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2156823 exception.address: 0x60e917 registers.esp: 1638232 registers.edi: 0 registers.eax: 26130 registers.ebp: 3971219476 registers.edx: 6350313 registers.ebx: 1961960003 registers.esi: 1971262480 registers.ecx: 784400384	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb e9 7b 03 00 00 c7 04 24 40 52 fc 71 c1 2c 24 exception.symbol: tt012+0x20ebb8 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2157496 exception.address: 0x60ebb8 registers.esp: 1638236 registers.edi: 84201 registers.eax: 0 registers.ebp: 3971219476 registers.edx: 6353303 registers.ebx: 1961960003 registers.esi: 1971262480 registers.ecx: 784400384	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb e9 92 08 00 00 55 e9 3c ff ff ff 29 f8 05 4a exception.symbol: tt012+0x21b82b exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2209835 exception.address: 0x61b82b registers.esp: 1638232 registers.edi: 2293732044 registers.eax: 25722 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 6403874 registers.esi: 1677955800 registers.ecx: 2136967559	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 68 2c b6 92 3c 89 04 24 e9 0c 00 00 00 c1 24 exception.symbol: tt012+0x21c001 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2211841 exception.address: 0x61c001 registers.esp: 1638236 registers.edi: 2293732044 registers.eax: 25722 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 6429596 registers.esi: 1677955800 registers.ecx: 2136967559	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 53 e9 71 ff ff ff f7 14 24 e9 ae 02 00 00 56 exception.symbol: tt012+0x21b7ec exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2209772 exception.address: 0x61b7ec registers.esp: 1638236 registers.edi: 116969 registers.eax: 25722 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 6406968 registers.esi: 0 registers.ecx: 2136967559	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 34 24 68 20 c3 5e 57 5e exception.symbol: tt012+0x2327fe exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2303998 exception.address: 0x6327fe registers.esp: 1638200 registers.edi: 6496200 registers.eax: 30781 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 822686241 registers.esi: 1228139838 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 53 89 34 24 89 14 24 68 bf 76 ff 77 5a e9 74 exception.symbol: tt012+0x2325bd exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2303421 exception.address: 0x6325bd registers.esp: 1638204 registers.edi: 6526981 registers.eax: 30781 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 822686241 registers.esi: 1228139838 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb e9 20 fb ff ff 8b 24 24 52 ba fa d1 dd 5f 4a exception.symbol: tt012+0x2327bd exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2303933 exception.address: 0x6327bd registers.esp: 1638204 registers.edi: 6498717 registers.eax: 716344717 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 822686241 registers.esi: 1228139838 registers.ecx: 0	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 51 89 3c 24 c7 04 24 ef 54 72 06 e9 3f fe ff exception.symbol: tt012+0x2337bb exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2308027 exception.address: 0x6337bb registers.esp: 1638204 registers.edi: 6501443 registers.eax: 1126403469 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 6504991 registers.esi: 6500571 registers.ecx: 0	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 51 c7 04 24 72 ff ff 5f 52 ba 17 e5 5f 0d e9 exception.symbol: tt012+0x234bab exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2313131 exception.address: 0x634bab registers.esp: 1638204 registers.edi: 6535335 registers.eax: 29657 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 6500571 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb e9 22 00 00 00 81 f6 cd 4e 2d 74 89 f0 5e 01 exception.symbol: tt012+0x234cfd exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2313469 exception.address: 0x634cfd registers.esp: 1638204 registers.edi: 6535335 registers.eax: 947166605 registers.ebp: 3971219476 registers.edx: 4294940720 registers.ebx: 0 registers.esi: 6500571 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 14 24 c7 04 24 fa b1 f0 exception.symbol: tt012+0x2398cc exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2332876 exception.address: 0x6398cc registers.esp: 1638204 registers.edi: 6515665 registers.eax: 27297 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 65804 registers.esi: 6552779 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 52 c7 04 24 54 de 3a 69 f7 1c 24 52 ba 71 03 exception.symbol: tt012+0x2396f4 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2332404 exception.address: 0x6396f4 registers.esp: 1638204 registers.edi: 0 registers.eax: 24811 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 65804 registers.esi: 6528787 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 1c 24 68 6d 62 a9 5d 8b 1c 24 56 exception.symbol: tt012+0x23ca50 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2345552 exception.address: 0x63ca50 registers.esp: 1638200 registers.edi: 6537402 registers.eax: 28412 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 2106336135 registers.esi: 6528787 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb e9 fc 02 00 00 89 7c 24 04 5f 89 0c 24 89 e1 exception.symbol: tt012+0x23c250 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2343504 exception.address: 0x63c250 registers.esp: 1638204 registers.edi: 6565814 registers.eax: 28412 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 2106336135 registers.esi: 6528787 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 a1 6a ef 4f 81 2c 24 d2 e9 ff 67 exception.symbol: tt012+0x23c416 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2343958 exception.address: 0x63c416 registers.esp: 1638204 registers.edi: 6540458 registers.eax: 3452210573 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 2106336135 registers.esi: 0 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 57 89 e7 57 e9 5f 07 00 00 55 e9 c4 01 00 00 exception.symbol: tt012+0x23d83a exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2349114 exception.address: 0x63d83a registers.esp: 1638200 registers.edi: 6488064 registers.eax: 6543343 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 1816809103 registers.esi: 0 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 83 ec 04 89 14 24 e9 ab fb ff exception.symbol: tt012+0x23df92 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2350994 exception.address: 0x63df92 registers.esp: 1638204 registers.edi: 6488064 registers.eax: 6575408 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 1816809103 registers.esi: 0 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 57 c7 04 24 41 3a 78 75 ff 0c 24 52 ba 1c 22 exception.symbol: tt012+0x23def1 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2350833 exception.address: 0x63def1 registers.esp: 1638204 registers.edi: 0 registers.eax: 6545840 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 1816809103 registers.esi: 3664208 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb e9 64 02 00 00 ff 34 24 8b 34 24 81 c4 04 00 exception.symbol: tt012+0x23ead5 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2353877 exception.address: 0x63ead5 registers.esp: 1638200 registers.edi: 0 registers.eax: 32522 registers.ebp: 3971219476 registers.edx: 30218201 registers.ebx: 35518435 registers.esi: 3664208 registers.ecx: 6546286	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb e9 35 00 00 00 51 53 e9 fe 04 00 00 b8 66 15 exception.symbol: tt012+0x23e42a exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2352170 exception.address: 0x63e42a registers.esp: 1638204 registers.edi: 0 registers.eax: 32522 registers.ebp: 3971219476 registers.edx: 30218201 registers.ebx: 35518435 registers.esi: 3664208 registers.ecx: 6578808	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 56 54 5e 81 c6 04 00 00 00 e9 68 01 00 00 57 exception.symbol: tt012+0x23e88d exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2353293 exception.address: 0x63e88d registers.esp: 1638204 registers.edi: 4294937436 registers.eax: 32522 registers.ebp: 3971219476 registers.edx: 30218201 registers.ebx: 3939837675 registers.esi: 3664208 registers.ecx: 6578808	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 53 55 68 f0 e9 71 4e e9 84 00 00 00 81 ea 26 exception.symbol: tt012+0x2537ea exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2439146 exception.address: 0x6537ea registers.esp: 1638204 registers.edi: 6607959 registers.eax: 1107135885 registers.ebp: 3971219476 registers.edx: 4294939120 registers.ebx: 6607927 registers.esi: 6607923 registers.ecx: 6664014	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 55 e9 df f7 ff ff 5b c5 88 97 be e1 4e 89 8f exception.symbol: tt012+0x25809a exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2457754 exception.address: 0x65809a registers.esp: 1638200 registers.edi: 168 registers.eax: 30870 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 6649043 registers.esi: 0 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 68 ee 2b 08 0e ff 34 24 58 57 51 c7 04 24 7a exception.symbol: tt012+0x257caf exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2456751 exception.address: 0x657caf registers.esp: 1638204 registers.edi: 168 registers.eax: 30870 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 6679913 registers.esi: 0 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb e9 51 01 00 00 89 ce 59 2d 31 b6 df 73 01 f0 exception.symbol: tt012+0x257dfd exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2457085 exception.address: 0x657dfd registers.esp: 1638204 registers.edi: 168 registers.eax: 0 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 6652061 registers.esi: 0 registers.ecx: 604292949	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 55 bd ea 53 7f 57 f7 d5 81 ed 24 79 ff 47 81 exception.symbol: tt012+0x263950 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2505040 exception.address: 0x663950 registers.esp: 1638200 registers.edi: 6697971 registers.eax: 29286 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 1969225702 registers.esi: 0 registers.ecx: 784400384	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb e9 d2 08 00 00 ff 34 24 8b 34 24 53 89 e3 81 exception.symbol: tt012+0x26358b exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2504075 exception.address: 0x66358b registers.esp: 1638204 registers.edi: 6700985 registers.eax: 29286 registers.ebp: 3971219476 registers.edx: 1084591501 registers.ebx: 1969225702 registers.esi: 0 registers.ecx: 784400384	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 81 ea 42 94 3b 5f 53 bb 00 3f 9b 4f 01 da 5b exception.symbol: tt012+0x2690a8 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2527400 exception.address: 0x6690a8 registers.esp: 1638200 registers.edi: 0 registers.eax: 31541 registers.ebp: 3971219476 registers.edx: 6719369 registers.ebx: 3974887879 registers.esi: 197243175 registers.ecx: 107	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 04 24 c7 04 24 e8 d0 db exception.symbol: tt012+0x268ec4 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2526916 exception.address: 0x668ec4 registers.esp: 1638204 registers.edi: 0 registers.eax: 31541 registers.ebp: 3971219476 registers.edx: 6722322 registers.ebx: 65623123 registers.esi: 197243175 registers.ecx: 0	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 2d 7d 15 ff 33 03 04 24 83 ec 04 89 2c 24 bd exception.symbol: tt012+0x27b1d9 exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2601433 exception.address: 0x67b1d9 registers.esp: 1638200 registers.edi: 15071 registers.eax: 6793725 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 2891431323 registers.esi: 1198374436 registers.ecx: 1968843900	1
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: fb 51 e9 2a 00 00 00 8b 34 24 81 c4 04 00 00 00 exception.symbol: tt012+0x27b23c exception.instruction: sti exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2601532 exception.address: 0x67b23c registers.esp: 1638204 registers.edi: 15071 registers.eax: 6823863 registers.ebp: 3971219476 registers.edx: 2130566132 registers.ebx: 2891431323 registers.esi: 1198374436 registers.ecx: 1968843900	1

Allocates read-write-execute memory (usually to unpack itself) (32 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7793f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 446464 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04470000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04480000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04490000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04500000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04510000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04520000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04530000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04540000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04550000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04560000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04570000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04580000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04590000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x045a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x045b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00410000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 364544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00413000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 19, 2025, 11:03 a.m.	process_identifier: 792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046c000 process_handle: 0xffffffff	1

A process attempted to delay the analysis task. (1 event)

description

tt012.exe tried to sleep 1043 seconds, actually delayed analysis time by 1043 seconds

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (4 events)

Time & API	Arguments	Status	Return
DeviceIoControl Feb. 19, 2025, 11:03 a.m.	input_buffer: control_code: 475228 (IOCTL_DISK_GET_LENGTH_INFO) device_handle: 0x00000188 output_buffer:	1	1
DeviceIoControl Feb. 19, 2025, 11:03 a.m.	input_buffer: control_code: 475228 (IOCTL_DISK_GET_LENGTH_INFO) device_handle: 0x00000188 output_buffer:	1	1
DeviceIoControl Feb. 19, 2025, 11:03 a.m.	input_buffer: control_code: 475228 (IOCTL_DISK_GET_LENGTH_INFO) device_handle: 0x00000188 output_buffer:	1	1
DeviceIoControl Feb. 19, 2025, 11:03 a.m.	input_buffer: control_code: 475228 (IOCTL_DISK_GET_LENGTH_INFO) device_handle: 0x00000188 output_buffer:	1	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x0006d000', u'virtual_address': u'0x00001000', u'entropy': 7.872079342793179, u'name': u' \\x00 ', u'virtual_size': u'0x0006d000'}

entropy

7.87207934279

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0019a600', u'virtual_address': u'0x002fa000', u'entropy': 7.952304516322361, u'name': u'wayiszea', u'virtual_size': u'0x0019b000'}

entropy

7.95230451632

description

A section with a high entropy has been found

entropy

0.994494973672

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (50 out of 341 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 19, 2025, 11:03 a.m.	class_name: pediy06 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Feb. 19, 2025, 11:03 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 e9 11 29 00 00 89 2c 24 exception.symbol: tt012+0x1eaf87 exception.instruction: in eax, dx exception.module: tt012.exe exception.exception_code: 0xc0000096 exception.offset: 2011015 exception.address: 0x5eaf87 registers.esp: 1638236 registers.edi: 9383535 registers.eax: 1447909480 registers.ebp: 3971219476 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 6202273 registers.ecx: 20	1	0	0

tt012.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All