Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Feb. 26, 2025, 9:42 a.m.	Feb. 26, 2025, 9:46 a.m.

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b5a47811cf8a22d2faddace8ecbc6372`
SHA256	`c04cf5854d203eb1600e9f750ce4aa1a95de3421eb9a47d750d66465af2f35d0`
CRC32	`153706DD`
ssdeep	`49152:lXi1d6TREDq2xDKMAyjPeerVb1oTEs/eMW71FW1rO:lXioEDBxDtAyreUs/+hF`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description)

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
1000

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (8 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 26, 2025, 9:42 a.m.			0	0
IsDebuggerPresent Feb. 26, 2025, 9:42 a.m.			0	0
IsDebuggerPresent Feb. 26, 2025, 9:42 a.m.			0	0
IsDebuggerPresent Feb. 26, 2025, 9:42 a.m.			0	0
IsDebuggerPresent Feb. 26, 2025, 9:42 a.m.			0	0
IsDebuggerPresent Feb. 26, 2025, 9:42 a.m.			0	0
IsDebuggerPresent Feb. 26, 2025, 9:42 a.m.			0	0
IsDebuggerPresent Feb. 26, 2025, 9:42 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Feb. 26, 2025, 9:42 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	yfnutnhm
section	vapmzsfh
section	.taggant

One or more processes crashed (50 out of 110 events)

Time & API	Arguments	Status
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: random+0x2ca0b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2924729 exception.address: 0x114a0b9 registers.esp: 4258452 registers.edi: 0 registers.eax: 1 registers.ebp: 4258468 registers.edx: 19947520 registers.ebx: 4294828032 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: 66 81 38 4d 5a 75 0e 0f b7 50 3c 01 c2 81 3a 50 exception.symbol: random+0xb9a2 exception.instruction: cmp word ptr [eax], 0x5a4d exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 47522 exception.address: 0xe8b9a2 registers.esp: 4258412 registers.edi: 0 registers.eax: 15208448 registers.ebp: 4005273620 registers.edx: 40960 registers.ebx: 1059727872 registers.esi: 0 registers.ecx: 40960	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 55 89 34 24 89 14 24 e9 d8 fe ff ff 81 c2 04 exception.symbol: random+0xc340 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 49984 exception.address: 0xe8c340 registers.esp: 4258420 registers.edi: 322689 registers.eax: 30531 registers.ebp: 4005273620 registers.edx: 15255719 registers.ebx: 0 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 f1 fc ff ff 57 bf 7e 7d 93 75 29 fe 5f 81 exception.symbol: random+0xd2c2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 53954 exception.address: 0xe8d2c2 registers.esp: 4258416 registers.edi: 322689 registers.eax: 32334 registers.ebp: 4005273620 registers.edx: 15255719 registers.ebx: 0 registers.esi: 3 registers.ecx: 15256125	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 3c 24 68 c3 9e ec 4b e9 07 02 00 exception.symbol: random+0xcd70 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 52592 exception.address: 0xe8cd70 registers.esp: 4258420 registers.edi: 322689 registers.eax: 32334 registers.ebp: 4005273620 registers.edx: 238825 registers.ebx: 0 registers.esi: 4294937604 registers.ecx: 15288459	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 51 b9 76 59 af 6e 68 da 6a 6f 5f 8b 1c 24 83 exception.symbol: random+0x18ec20 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1633312 exception.address: 0x100ec20 registers.esp: 4258420 registers.edi: 15292286 registers.eax: 16864641 registers.ebp: 4005273620 registers.edx: 4294826996 registers.ebx: 62456761 registers.esi: 16818953 registers.ecx: 953	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 81 03 00 00 81 f7 9a 28 09 39 21 f9 5f 52 exception.symbol: random+0x18f141 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1634625 exception.address: 0x100f141 registers.esp: 4258420 registers.edi: 15292286 registers.eax: 16840765 registers.ebp: 4005273620 registers.edx: 4294826996 registers.ebx: 0 registers.esi: 236265 registers.ecx: 953	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 68 fd 61 be 69 89 3c 24 e9 0e 00 00 00 4f 81 exception.symbol: random+0x1911f6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1642998 exception.address: 0x10111f6 registers.esp: 4258416 registers.edi: 4149941930 registers.eax: 31542 registers.ebp: 4005273620 registers.edx: 16846338 registers.ebx: 16844187 registers.esi: 16845554 registers.ecx: 96	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 50 89 3c 24 56 53 bb 5b 8e 57 7c 4b 81 f3 5f exception.symbol: random+0x191829 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1644585 exception.address: 0x1011829 registers.esp: 4258420 registers.edi: 4149941930 registers.eax: 31542 registers.ebp: 4005273620 registers.edx: 16877880 registers.ebx: 16844187 registers.esi: 16845554 registers.ecx: 96	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 68 cf 8a 5f 26 e9 8f fa ff ff 31 3c 24 33 3c exception.symbol: random+0x191a25 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1645093 exception.address: 0x1011a25 registers.esp: 4258420 registers.edi: 4149941930 registers.eax: 50665 registers.ebp: 4005273620 registers.edx: 16877880 registers.ebx: 16844187 registers.esi: 16845554 registers.ecx: 4294938928	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 55 89 3c 24 53 e9 99 fc ff ff 5c 83 ec 04 89 exception.symbol: random+0x1930d8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1650904 exception.address: 0x10130d8 registers.esp: 4258420 registers.edi: 4796024 registers.eax: 27983 registers.ebp: 4005273620 registers.edx: 16882096 registers.ebx: 16844187 registers.esi: 16845554 registers.ecx: 1971442156	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 55 e9 c4 f8 ff ff 81 c4 04 00 00 00 e9 ea f8 exception.symbol: random+0x19358f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1652111 exception.address: 0x101358f registers.esp: 4258420 registers.edi: 4796024 registers.eax: 0 registers.ebp: 4005273620 registers.edx: 16856836 registers.ebx: 16844187 registers.esi: 16845554 registers.ecx: 134889	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 ec 04 89 2c 24 54 e9 exception.symbol: random+0x19d1fb exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1692155 exception.address: 0x101d1fb registers.esp: 4258412 registers.edi: 4796024 registers.eax: 1447909480 registers.ebp: 4005273620 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 16883974 registers.ecx: 20	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x19e7b3 exception.address: 0x101e7b3 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 1697715 registers.esp: 4258412 registers.edi: 4796024 registers.eax: 1 registers.ebp: 4005273620 registers.edx: 22104 registers.ebx: 0 registers.esi: 16883974 registers.ecx: 20	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 2c 37 2d 12 01 exception.symbol: random+0x19cd62 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1690978 exception.address: 0x101cd62 registers.esp: 4258412 registers.edi: 4796024 registers.eax: 1447909480 registers.ebp: 4005273620 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 16883974 registers.ecx: 10	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 51 b9 7f 87 db 7f e9 bb 00 00 exception.symbol: random+0x1a2edd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1715933 exception.address: 0x1022edd registers.esp: 4258416 registers.edi: 4796024 registers.eax: 16918846 registers.ebp: 4005273620 registers.edx: 4294826996 registers.ebx: 40914952 registers.esi: 10 registers.ecx: 783351808	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 29 db ff 34 18 68 58 7f 42 64 e9 b7 04 00 00 exception.symbol: random+0x1a29a2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1714594 exception.address: 0x10229a2 registers.esp: 4258420 registers.edi: 4796024 registers.eax: 16950449 registers.ebp: 4005273620 registers.edx: 4294826996 registers.ebx: 40914952 registers.esi: 10 registers.ecx: 783351808	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 68 a7 7f 92 01 e9 c2 00 00 00 5d 29 de 5b e9 exception.symbol: random+0x1a2e9d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1715869 exception.address: 0x1022e9d registers.esp: 4258420 registers.edi: 4796024 registers.eax: 16950449 registers.ebp: 4005273620 registers.edx: 4294826996 registers.ebx: 4294938140 registers.esi: 1392536160 registers.ecx: 783351808	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 be 1c 2e 39 7b 64 8f 05 00 00 00 00 exception.symbol: random+0x1a34b3 exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 1717427 exception.address: 0x10234b3 registers.esp: 4258380 registers.edi: 0 registers.eax: 4258380 registers.ebp: 4005273620 registers.edx: 4294805027 registers.ebx: 16921993 registers.esi: 900944237 registers.ecx: 783352038	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 97 fe ff ff 83 e8 04 87 04 24 5c 89 14 24 exception.symbol: random+0x1b3c9b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1784987 exception.address: 0x1033c9b registers.esp: 4258420 registers.edi: 15247922 registers.eax: 25462 registers.ebp: 4005273620 registers.edx: 0 registers.ebx: 40915174 registers.esi: 16991071 registers.ecx: 3909414019	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 fb 00 00 00 52 e9 1e 00 00 00 89 34 24 55 exception.symbol: random+0x1b8077 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1802359 exception.address: 0x1038077 registers.esp: 4258408 registers.edi: 15247922 registers.eax: 17006168 registers.ebp: 4005273620 registers.edx: 1031865591 registers.ebx: 40915174 registers.esi: 16991071 registers.ecx: 3909414019	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 8b 01 00 00 8b 1c 24 50 89 e0 05 04 00 00 exception.symbol: random+0x1b82a9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1802921 exception.address: 0x10382a9 registers.esp: 4258412 registers.edi: 15247922 registers.eax: 17034053 registers.ebp: 4005273620 registers.edx: 2298801283 registers.ebx: 40915174 registers.esi: 16991071 registers.ecx: 4294942120	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 1b 00 00 00 58 2d c9 4a 2f 7f 5d 01 44 24 exception.symbol: random+0x1bbcdf exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1817823 exception.address: 0x103bcdf registers.esp: 4258408 registers.edi: 3998419494 registers.eax: 28979 registers.ebp: 4005273620 registers.edx: 2298801283 registers.ebx: 2315288864 registers.esi: 32238993 registers.ecx: 17021743	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 68 ae 2c 34 03 8b 14 24 55 89 e5 e9 00 fd ff exception.symbol: random+0x1bc2b7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1819319 exception.address: 0x103c2b7 registers.esp: 4258412 registers.edi: 0 registers.eax: 605849943 registers.ebp: 4005273620 registers.edx: 2298801283 registers.ebx: 2315288864 registers.esi: 32238993 registers.ecx: 17024386	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 50 e9 26 00 00 00 be 58 37 b6 77 e9 fa f8 ff exception.symbol: random+0x1bce9c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1822364 exception.address: 0x103ce9c registers.esp: 4258412 registers.edi: 17051364 registers.eax: 26525 registers.ebp: 4005273620 registers.edx: 1439846033 registers.ebx: 105523317 registers.esi: 32238993 registers.ecx: 17024386	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 53 bb 7f 53 ff 37 4b 43 51 53 bb 3b 80 b4 77 exception.symbol: random+0x1bcfcb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1822667 exception.address: 0x103cfcb registers.esp: 4258412 registers.edi: 17027884 registers.eax: 26525 registers.ebp: 4005273620 registers.edx: 1439846033 registers.ebx: 0 registers.esi: 32238993 registers.ecx: 84201	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 50 89 34 24 68 a7 7e 6f 1d 8b 34 24 e9 00 00 exception.symbol: random+0x1ddc77 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1956983 exception.address: 0x105dc77 registers.esp: 4258380 registers.edi: 604292951 registers.eax: 29949 registers.ebp: 4005273620 registers.edx: 4294826996 registers.ebx: 17188821 registers.esi: 4294939900 registers.ecx: 783351808	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 05 3a 7d 29 67 05 52 da ce 6a 03 04 24 2d 52 exception.symbol: random+0x1e03e4 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1967076 exception.address: 0x10603e4 registers.esp: 4258376 registers.edi: 3401541443 registers.eax: 17169114 registers.ebp: 4005273620 registers.edx: 4294826996 registers.ebx: 18690 registers.esi: 604265555 registers.ecx: 17025506	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 57 56 be a6 06 ba 55 89 74 24 04 5e e9 fe 01 exception.symbol: random+0x1e02aa exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1966762 exception.address: 0x10602aa registers.esp: 4258380 registers.edi: 604292947 registers.eax: 17171829 registers.ebp: 4005273620 registers.edx: 0 registers.ebx: 18690 registers.esi: 604265555 registers.ecx: 17025506	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 d2 fd ff ff 53 bb 20 b3 7d 6f c1 eb 01 c1 exception.symbol: random+0x1e0cb0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1969328 exception.address: 0x1060cb0 registers.esp: 4258376 registers.edi: 604292947 registers.eax: 28136 registers.ebp: 4005273620 registers.edx: 17172301 registers.ebx: 1237539497 registers.esi: 604265555 registers.ecx: 17025506	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 c0 fe ff ff 55 89 e5 81 c5 04 00 00 00 83 exception.symbol: random+0x1e09c3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1968579 exception.address: 0x10609c3 registers.esp: 4258380 registers.edi: 604292947 registers.eax: 28136 registers.ebp: 4005273620 registers.edx: 17175081 registers.ebx: 1237539497 registers.esi: 3686731616 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 68 29 10 ba 19 e9 d8 03 00 00 29 d6 e9 4b 01 exception.symbol: random+0x1e1eb6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1973942 exception.address: 0x1061eb6 registers.esp: 4258380 registers.edi: 1947414844 registers.eax: 4274466664 registers.ebp: 4005273620 registers.edx: 17204306 registers.ebx: 1202187231 registers.esi: 4294943864 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb bb 3b 03 66 77 51 e9 a0 00 00 00 59 50 b8 2e exception.symbol: random+0x1f0927 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2033959 exception.address: 0x1070927 registers.esp: 4258380 registers.edi: 17239542 registers.eax: 31524 registers.ebp: 4005273620 registers.edx: 1170101841 registers.ebx: 65804 registers.esi: 0 registers.ecx: 1969225870	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 3c dd cf 7f e9 f1 04 00 00 53 68 exception.symbol: random+0x1f11d8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2036184 exception.address: 0x10711d8 registers.esp: 4258380 registers.edi: 17239542 registers.eax: 30940 registers.ebp: 4005273620 registers.edx: 1265519775 registers.ebx: 17270955 registers.esi: 0 registers.ecx: 1506806571	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 c7 04 24 fb 39 ba exception.symbol: random+0x1f106f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2035823 exception.address: 0x107106f registers.esp: 4258380 registers.edi: 0 registers.eax: 30940 registers.ebp: 4005273620 registers.edx: 1265519775 registers.ebx: 17242763 registers.esi: 0 registers.ecx: 90345	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 29 d2 ff 34 02 ff 34 24 8b 34 24 83 c4 04 68 exception.symbol: random+0x1f6ceb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2059499 exception.address: 0x1076ceb registers.esp: 4258380 registers.edi: 0 registers.eax: 17295701 registers.ebp: 4005273620 registers.edx: 202 registers.ebx: 582629883 registers.esi: 0 registers.ecx: 203	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 57 89 0c 24 c7 04 24 f6 de b3 7e 68 17 f0 10 exception.symbol: random+0x1f703e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2060350 exception.address: 0x107703e registers.esp: 4258380 registers.edi: 0 registers.eax: 17295701 registers.ebp: 4005273620 registers.edx: 4294938100 registers.ebx: 582629883 registers.esi: 33001 registers.ecx: 203	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 68 34 37 bb 56 89 3c 24 50 e9 81 00 00 00 56 exception.symbol: random+0x1f8a65 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2067045 exception.address: 0x1078a65 registers.esp: 4258380 registers.edi: 17272662 registers.eax: 322689 registers.ebp: 4005273620 registers.edx: 1447 registers.ebx: 1 registers.esi: 17268213 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 68 12 ea fe 71 89 1c 24 55 bd ce 16 fe 44 81 exception.symbol: random+0x1fef0f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2092815 exception.address: 0x107ef0f registers.esp: 4258380 registers.edi: 17298421 registers.eax: 32548 registers.ebp: 4005273620 registers.edx: 4294826996 registers.ebx: 2147483650 registers.esi: 28174672 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 26 04 00 00 87 2c 24 5c e9 70 07 00 00 bb exception.symbol: random+0x21bc10 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2210832 exception.address: 0x109bc10 registers.esp: 4258376 registers.edi: 17364592 registers.eax: 27974 registers.ebp: 4005273620 registers.edx: 4294826996 registers.ebx: 1969225702 registers.esi: 17414492 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb bb f4 5c ba 2b 57 bf e4 7f 77 7f e9 98 00 00 exception.symbol: random+0x21bb2f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2210607 exception.address: 0x109bb2f registers.esp: 4258380 registers.edi: 0 registers.eax: 27974 registers.ebp: 4005273620 registers.edx: 4294826996 registers.ebx: 1969225702 registers.esi: 17417730 registers.ecx: 604801362	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 a1 f9 ff ff 5d 57 bf 93 b5 5b 77 29 f9 5f exception.symbol: random+0x222b0a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2239242 exception.address: 0x10a2b0a registers.esp: 4258376 registers.edi: 17419117 registers.eax: 27278 registers.ebp: 4005273620 registers.edx: 2612824 registers.ebx: 1846283478 registers.esi: 17417730 registers.ecx: 17441506	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 21 b7 a3 38 89 34 24 68 cc f8 ed exception.symbol: random+0x222893 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2238611 exception.address: 0x10a2893 registers.esp: 4258380 registers.edi: 0 registers.eax: 27278 registers.ebp: 4005273620 registers.edx: 3915338839 registers.ebx: 1846283478 registers.esi: 17417730 registers.ecx: 17444288	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 53 68 05 70 ff 2f e9 ed 00 00 00 29 c2 e9 b4 exception.symbol: random+0x22c40a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2278410 exception.address: 0x10ac40a registers.esp: 4258380 registers.edi: 17508908 registers.eax: 26748 registers.ebp: 4005273620 registers.edx: 4294826996 registers.ebx: 142157975 registers.esi: 3814402854 registers.ecx: 783351808	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 52 89 e2 51 b9 04 00 00 00 01 ca 59 83 ea 04 exception.symbol: random+0x22c926 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2279718 exception.address: 0x10ac926 registers.esp: 4258380 registers.edi: 17484936 registers.eax: 26748 registers.ebp: 4005273620 registers.edx: 604292951 registers.ebx: 142157975 registers.esi: 3814402854 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 68 f5 2b 23 17 89 2c 24 bd 43 fa fd 7b 87 cd exception.symbol: random+0x23b458 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2339928 exception.address: 0x10bb458 registers.esp: 4258380 registers.edi: 783351808 registers.eax: 31838 registers.ebp: 4005273620 registers.edx: 1295 registers.ebx: 17511789 registers.esi: 17575226 registers.ecx: 1296	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 e5 fd ff ff bb 00 00 00 00 81 c3 f2 44 ff exception.symbol: random+0x23b8f8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2341112 exception.address: 0x10bb8f8 registers.esp: 4258380 registers.edi: 605325651 registers.eax: 0 registers.ebp: 4005273620 registers.edx: 1295 registers.ebx: 17511789 registers.esi: 17546430 registers.ecx: 1296	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 52 ba 42 e8 fb 55 e9 7b 03 00 00 bf 00 83 ee exception.symbol: random+0x248585 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2393477 exception.address: 0x10c8585 registers.esp: 4258380 registers.edi: 605325651 registers.eax: 17628080 registers.ebp: 4005273620 registers.edx: 4294826996 registers.ebx: 33914889 registers.esi: 2005598220 registers.ecx: 783351808	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb e9 28 00 00 00 5a 81 ca 41 46 e1 3f c1 e2 03 exception.symbol: random+0x248b37 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2394935 exception.address: 0x10c8b37 registers.esp: 4258380 registers.edi: 0 registers.eax: 17599688 registers.ebp: 4005273620 registers.edx: 2319071848 registers.ebx: 33914889 registers.esi: 2005598220 registers.ecx: 783351808	1
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: fb 81 eb ba 23 df 6f 57 50 b8 e5 07 3d 3f 89 c7 exception.symbol: random+0x24928b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2396811 exception.address: 0x10c928b registers.esp: 4258376 registers.edi: 0 registers.eax: 31401 registers.ebp: 4005273620 registers.edx: 1777952601 registers.ebx: 17600195 registers.esi: 2005598220 registers.ecx: 783351808	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 1209 events)

Time & API	Arguments	Status	Return
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74661000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75001000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75161000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75401000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75760000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b31000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d22000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74661000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x746612d0 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75001000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75001014 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75091000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75401000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x754017d0 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755f0000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75760000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75760070 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75a60000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b31000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b319a8 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d22000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d2224c process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x754b0000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b31000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b31394 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d21000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76b21000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74661000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74661188 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75001000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x750011c8 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75091000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x750910ec process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75161000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x751610e4 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75401000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7540180c process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755f0000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755f035c process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x754b0000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x754b0270 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b31000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75b313a8 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d21000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d2124c process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76b21000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76b21198 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74661000 process_handle: 0xffffffff	1	0
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74661274 process_handle: 0xffffffff		3221225477
NtProtectVirtualMemory Feb. 26, 2025, 9:42 a.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75001000 process_handle: 0xffffffff	1	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x001b8400', u'virtual_address': u'0x002ca000', u'entropy': 7.954168483415969, u'name': u'yfnutnhm', u'virtual_size': u'0x001ba000'}

entropy

7.95416848342

description

A section with a high entropy has been found

entropy

0.984623986581

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Feb. 26, 2025, 9:42 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Expresses interest in specific running processes (1 event)

process

system

Attempts to stop active services (2 events)

Time & API	Arguments	Status	Return	Repeated
ControlService Feb. 26, 2025, 9:42 a.m.	service_handle: 0x004f4b28 service_name: WinDefend control_code: 1		0	0
ControlService Feb. 26, 2025, 9:42 a.m.	service_handle: 0x004f5050 service_name: wuauserv control_code: 1		0	0

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (44 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:42 a.m.	class_name: pediy06 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Attempts to disable Windows Auto Updates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Feb. 26, 2025, 9:42 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 ec 04 89 2c 24 54 e9 exception.symbol: random+0x19d1fb exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1692155 exception.address: 0x101d1fb registers.esp: 4258412 registers.edi: 4796024 registers.eax: 1447909480 registers.ebp: 4005273620 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 16883974 registers.ecx: 20	1	0	0

Disables Windows Security features (6 events)

description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All