Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 26, 2025, 9:45 a.m.	Feb. 26, 2025, 9:50 a.m.

Size	2.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2f66c209686505c412ab4a5a9ec53af2`
SHA256	`6f0ae03408c8e95da5d4ba881ec7787674e91e87e34564fb39839f7fe4d0d606`
CRC32	`881FA15E`
ssdeep	`49152:thySzpXAW5KjpJVSbe4NpID3ywu+WgeQA8jVT:bySzpwW5KjpJEhID3ylbVMl`
Yara	themida_packer - themida packer CryptBot_IN - CryptBot PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
2628

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 26, 2025, 9:45 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (5 events)

section	\x00
section	.idata
section	vconuysk
section	tljzxcdi
section	.taggant

One or more processes crashed (50 out of 124 events)

Time & API	Arguments	Status
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: fb 60 bd 14 d0 99 ee e9 00 02 00 00 2c ab 6d be exception.symbol: random+0x5ec7f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 388223 exception.address: 0xc6ec7f registers.esp: 3406240 registers.edi: 0 registers.eax: 3406256 registers.ebp: 3406256 registers.edx: 3406248 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 99 4f 24 17 89 34 24 89 04 24 c7 04 24 d1 exception.symbol: random+0x5fb60 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 392032 exception.address: 0xc6fb60 registers.esp: 3406208 registers.edi: 0 registers.eax: 30170 registers.ebp: 4003057684 registers.edx: 3406248 registers.ebx: 2130567168 registers.esi: 13067812 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 55 e9 1d 00 00 00 81 c6 c1 d2 ff 7f 8b 14 24 exception.symbol: random+0x5f7ce exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 391118 exception.address: 0xc6f7ce registers.esp: 3406208 registers.edi: 0 registers.eax: 237801 registers.ebp: 4003057684 registers.edx: 3406248 registers.ebx: 2130567168 registers.esi: 13040704 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 e9 c6 63 a3 7e 81 e9 47 b0 5c 77 e9 32 fd exception.symbol: random+0x60463 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 394339 exception.address: 0xc70463 registers.esp: 3406204 registers.edi: 0 registers.eax: 27609 registers.ebp: 4003057684 registers.edx: 1958540047 registers.ebx: 2130567168 registers.esi: 13040704 registers.ecx: 13041982	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 29 f6 ff 34 0e ff 34 24 ff 34 24 e9 82 f7 ff exception.symbol: random+0x609c9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 395721 exception.address: 0xc709c9 registers.esp: 3406208 registers.edi: 0 registers.eax: 27609 registers.ebp: 4003057684 registers.edx: 1958540047 registers.ebx: 2130567168 registers.esi: 13040704 registers.ecx: 13069591	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 55 89 04 24 51 b9 00 bd 3f 77 b8 31 c3 bd cc exception.symbol: random+0x60767 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 395111 exception.address: 0xc70767 registers.esp: 3406208 registers.edi: 1259 registers.eax: 27609 registers.ebp: 4003057684 registers.edx: 1958540047 registers.ebx: 2130567168 registers.esi: 4294942424 registers.ecx: 13069591	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 00 00 00 00 ff 34 24 e9 ba fd ff ff 81 ea exception.symbol: random+0x1df6ac exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1963692 exception.address: 0xdef6ac registers.esp: 3406208 registers.edi: 13077474 registers.eax: 27568 registers.ebp: 4003057684 registers.edx: 2130566132 registers.ebx: 4063294 registers.esi: 14592184 registers.ecx: 14637524	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 6e fe ff ff 8b 14 24 81 c4 04 00 00 00 5e exception.symbol: random+0x1df042 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1962050 exception.address: 0xdef042 registers.esp: 3406208 registers.edi: 13077474 registers.eax: 27568 registers.ebp: 4003057684 registers.edx: 4294942528 registers.ebx: 4063294 registers.esi: 215017 registers.ecx: 14637524	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 15 00 00 00 53 51 68 60 ad 67 7f 59 81 e9 exception.symbol: random+0x1e1a2b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1972779 exception.address: 0xdf1a2b registers.esp: 3406204 registers.edi: 14620036 registers.eax: 27139 registers.ebp: 4003057684 registers.edx: 95 registers.ebx: 14617671 registers.esi: 0 registers.ecx: 95	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 ae fd ff ff 29 e9 5d 01 ca 59 e9 e8 fe ff exception.symbol: random+0x1e1e11 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1973777 exception.address: 0xdf1e11 registers.esp: 3406208 registers.edi: 14623375 registers.eax: 27139 registers.ebp: 4003057684 registers.edx: 134889 registers.ebx: 0 registers.esi: 0 registers.ecx: 95	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 0c 24 e9 00 00 00 00 54 59 e9 26 exception.symbol: random+0x1e91f2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2003442 exception.address: 0xdf91f2 registers.esp: 3406204 registers.edi: 6303136 registers.eax: 26055 registers.ebp: 4003057684 registers.edx: 2016086774 registers.ebx: 2045372769 registers.esi: 0 registers.ecx: 14649624	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 57 89 14 24 55 89 14 24 57 bf 44 20 98 12 e9 exception.symbol: random+0x1e8b00 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2001664 exception.address: 0xdf8b00 registers.esp: 3406208 registers.edi: 6303136 registers.eax: 26055 registers.ebp: 4003057684 registers.edx: 4294943672 registers.ebx: 2045372769 registers.esi: 1114345 registers.ecx: 14675679	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 55 54 5d e9 52 3a 00 00 exception.symbol: random+0x1ec187 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2015623 exception.address: 0xdfc187 registers.esp: 3406200 registers.edi: 6303136 registers.eax: 1447909480 registers.ebp: 4003057684 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 14656219 registers.ecx: 20	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x1ea775 exception.address: 0xdfa775 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 2008949 registers.esp: 3406200 registers.edi: 6303136 registers.eax: 1 registers.ebp: 4003057684 registers.edx: 22104 registers.ebx: 0 registers.esi: 14656219 registers.ecx: 20	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 89 2f 2d 12 01 exception.symbol: random+0x1ebdd4 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2014676 exception.address: 0xdfbdd4 registers.esp: 3406200 registers.edi: 6303136 registers.eax: 1447909480 registers.ebp: 4003057684 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 14656219 registers.ecx: 10	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 7a a7 c2 3b 89 14 24 ba 50 eb bf 7e 81 ef exception.symbol: random+0x1f2f29 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2043689 exception.address: 0xe02f29 registers.esp: 3406204 registers.edi: 14691443 registers.eax: 26734 registers.ebp: 4003057684 registers.edx: 2130566132 registers.ebx: 21661984 registers.esi: 10 registers.ecx: 1642528768	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 f5 f8 ff ff 89 5c 24 04 e9 46 f5 ff ff 60 exception.symbol: random+0x1f392e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2046254 exception.address: 0xe0392e registers.esp: 3406208 registers.edi: 14694713 registers.eax: 26734 registers.ebp: 4003057684 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 1426090592 registers.ecx: 1642528768	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 0f bf d6 60 66 ba 24 ba 66 81 f2 f6 exception.symbol: random+0x1f3bb9 exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 2046905 exception.address: 0xe03bb9 registers.esp: 3406168 registers.edi: 0 registers.eax: 3406168 registers.ebp: 4003057684 registers.edx: 3031865771 registers.ebx: 14695622 registers.esi: 43 registers.ecx: 65323	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb ba bd 15 df 5f c1 ea 06 c1 ea 08 51 b9 00 b9 exception.symbol: random+0x1fbb58 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2079576 exception.address: 0xe0bb58 registers.esp: 3406208 registers.edi: 14694713 registers.eax: 14757529 registers.ebp: 4003057684 registers.edx: 2179041617 registers.ebx: 1731518506 registers.esi: 49038077 registers.ecx: 4294937920	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 29 f6 ff 34 37 52 ba 12 cd f6 5b 31 54 24 04 exception.symbol: random+0x206a7b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2124411 exception.address: 0xe16a7b registers.esp: 3406200 registers.edi: 14803019 registers.eax: 31153 registers.ebp: 4003057684 registers.edx: 6 registers.ebx: 21662206 registers.esi: 1968968720 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 51 56 e9 2c f8 ff ff 01 c1 81 c1 7e a7 ba 75 exception.symbol: random+0x207137 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2126135 exception.address: 0xe17137 registers.esp: 3406200 registers.edi: 14803019 registers.eax: 31153 registers.ebp: 4003057684 registers.edx: 6 registers.ebx: 2298801283 registers.esi: 4294939276 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 46 ff ff ff 43 81 c3 7b 17 61 6f 81 c3 ed exception.symbol: random+0x20954d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2135373 exception.address: 0xe1954d registers.esp: 3406200 registers.edi: 14803019 registers.eax: 27802 registers.ebp: 4003057684 registers.edx: 1179202795 registers.ebx: 2298801283 registers.esi: 0 registers.ecx: 14784188	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 51 e9 00 00 00 00 b9 ab c1 98 7d 29 cf 59 81 exception.symbol: random+0x20c256 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2146902 exception.address: 0xe1c256 registers.esp: 3406196 registers.edi: 14792680 registers.eax: 26968 registers.ebp: 4003057684 registers.edx: 1758358642 registers.ebx: 1935586003 registers.esi: 0 registers.ecx: 1758358642	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 50 e9 e8 f8 ff ff 81 c6 06 52 ee 2d 59 21 f2 exception.symbol: random+0x20bfd2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2146258 exception.address: 0xe1bfd2 registers.esp: 3406200 registers.edi: 14819648 registers.eax: 4294943212 registers.ebp: 4003057684 registers.edx: 1758358642 registers.ebx: 2210988136 registers.esi: 0 registers.ecx: 1758358642	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 52 56 be c5 fe ff 6f c1 ee 01 46 e9 8c 00 00 exception.symbol: random+0x21ad01 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2206977 exception.address: 0xe2ad01 registers.esp: 3406196 registers.edi: 713316915 registers.eax: 14854007 registers.ebp: 4003057684 registers.edx: 2130566132 registers.ebx: 14849989 registers.esi: 2130509824 registers.ecx: 1642528768	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb b8 67 6b ec 10 bb ef f0 51 77 57 51 68 d6 1e exception.symbol: random+0x21a82c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2205740 exception.address: 0xe2a82c registers.esp: 3406200 registers.edi: 713316915 registers.eax: 14884535 registers.ebp: 4003057684 registers.edx: 2130566132 registers.ebx: 14849989 registers.esi: 1442867808 registers.ecx: 4294939272	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 52 89 0c 24 e9 c4 00 00 00 89 2c 24 89 e5 56 exception.symbol: random+0x22e4c0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2286784 exception.address: 0xe3e4c0 registers.esp: 3406164 registers.edi: 14776876 registers.eax: 30234 registers.ebp: 4003057684 registers.edx: 2130566132 registers.ebx: 14932723 registers.esi: 14927372 registers.ecx: 1642528768	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 8c f9 ff ff 48 e9 00 00 00 00 40 40 52 ba exception.symbol: random+0x22e2ba exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2286266 exception.address: 0xe3e2ba registers.esp: 3406168 registers.edi: 14776876 registers.eax: 30234 registers.ebp: 4003057684 registers.edx: 2130566132 registers.ebx: 14962957 registers.esi: 14927372 registers.ecx: 1642528768	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 50 89 34 24 e9 04 04 00 00 81 c4 04 00 00 00 exception.symbol: random+0x22dedb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2285275 exception.address: 0xe3dedb registers.esp: 3406168 registers.edi: 14776876 registers.eax: 30234 registers.ebp: 4003057684 registers.edx: 4294940500 registers.ebx: 14962957 registers.esi: 14927372 registers.ecx: 3753316192	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 29 c9 ff 34 11 8b 04 24 83 ec 04 e9 3c 01 00 exception.symbol: random+0x22f985 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2292101 exception.address: 0xe3f985 registers.esp: 3406168 registers.edi: 14936857 registers.eax: 30905 registers.ebp: 4003057684 registers.edx: 14969872 registers.ebx: 928514048 registers.esi: 14936189 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 e1 01 00 00 05 20 68 ba 4b 29 c3 8b 04 24 exception.symbol: random+0x22f839 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2291769 exception.address: 0xe3f839 registers.esp: 3406168 registers.edi: 14936857 registers.eax: 80171094 registers.ebp: 4003057684 registers.edx: 14969872 registers.ebx: 928514048 registers.esi: 14936189 registers.ecx: 4294938732	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 57 68 35 fd 97 53 89 04 24 e9 95 01 00 00 81 exception.symbol: random+0x230322 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2294562 exception.address: 0xe40322 registers.esp: 3406168 registers.edi: 14936857 registers.eax: 604292944 registers.ebp: 4003057684 registers.edx: 14968881 registers.ebx: 183378611 registers.esi: 4294943080 registers.ecx: 4294938732	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 57 00 00 00 8b 2c 24 e9 e3 04 00 00 81 f7 exception.symbol: random+0x2349d3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2312659 exception.address: 0xe449d3 registers.esp: 3406168 registers.edi: 14936857 registers.eax: 14989771 registers.ebp: 4003057684 registers.edx: 0 registers.ebx: 65786 registers.esi: 4294943080 registers.ecx: 1971716238	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 73 35 aa 50 89 14 24 e9 5e fb ff ff f7 d2 exception.symbol: random+0x234b5f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2313055 exception.address: 0xe44b5f registers.esp: 3406168 registers.edi: 14936857 registers.eax: 14962687 registers.ebp: 4003057684 registers.edx: 44777 registers.ebx: 65786 registers.esi: 4294943080 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 50 e9 cb fa ff ff 5c 56 89 04 24 55 bd df e1 exception.symbol: random+0x237b47 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2325319 exception.address: 0xe47b47 registers.esp: 3406164 registers.edi: 14936857 registers.eax: 30136 registers.ebp: 4003057684 registers.edx: 1795149823 registers.ebx: 13041109 registers.esi: 4294943080 registers.ecx: 14970754	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 06 03 00 00 5e 83 ec 04 89 3c 24 89 e7 e9 exception.symbol: random+0x23779a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2324378 exception.address: 0xe4779a registers.esp: 3406168 registers.edi: 0 registers.eax: 1747206504 registers.ebp: 4003057684 registers.edx: 1795149823 registers.ebx: 13041109 registers.esi: 4294943080 registers.ecx: 14973978	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 c7 f8 ff ff 59 ff 34 24 58 81 c4 04 00 00 exception.symbol: random+0x23b2f5 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2339573 exception.address: 0xe4b2f5 registers.esp: 3406164 registers.edi: 0 registers.eax: 30450 registers.ebp: 4003057684 registers.edx: 14986048 registers.ebx: 4279960229 registers.esi: 4003033468 registers.ecx: 1810133964	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 29 c9 e9 2b 00 00 00 51 b9 d8 48 be 7d 01 ca exception.symbol: random+0x23b155 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2339157 exception.address: 0xe4b155 registers.esp: 3406168 registers.edi: 0 registers.eax: 30450 registers.ebp: 4003057684 registers.edx: 15016498 registers.ebx: 4279960229 registers.esi: 4003033468 registers.ecx: 1810133964	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 89 03 00 00 83 ec 04 89 0c 24 b9 01 00 00 exception.symbol: random+0x23b010 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2338832 exception.address: 0xe4b010 registers.esp: 3406168 registers.edi: 0 registers.eax: 157417 registers.ebp: 4003057684 registers.edx: 15016498 registers.ebx: 4279960229 registers.esi: 4003033468 registers.ecx: 4294939556	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 e9 f9 ff ff 68 3d 0e 07 19 89 1c 24 e9 6b exception.symbol: random+0x23da3d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2349629 exception.address: 0xe4da3d registers.esp: 3406164 registers.edi: 4003057684 registers.eax: 29299 registers.ebp: 4003057684 registers.edx: 178192021 registers.ebx: 34816 registers.esi: 14995815 registers.ecx: 193185808	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 6a 25 ef 1f 89 34 24 be 39 01 ff 3b e9 86 exception.symbol: random+0x23d2d3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2347731 exception.address: 0xe4d2d3 registers.esp: 3406168 registers.edi: 4003057684 registers.eax: 29299 registers.ebp: 4003057684 registers.edx: 178192021 registers.ebx: 4294940880 registers.esi: 15025114 registers.ecx: 81129	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 f3 d4 63 01 89 0c 24 89 2c 24 52 e9 16 fb exception.symbol: random+0x250f5c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2428764 exception.address: 0xe60f5c registers.esp: 3406168 registers.edi: 15051038 registers.eax: 30120 registers.ebp: 4003057684 registers.edx: 2130566132 registers.ebx: 1971716070 registers.esi: 15025235 registers.ecx: 15104456	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 53 e9 8a ff ff ff 5e c1 2c 24 05 81 34 24 92 exception.symbol: random+0x2506e7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2426599 exception.address: 0xe606e7 registers.esp: 3406168 registers.edi: 15051038 registers.eax: 30120 registers.ebp: 4003057684 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 322689 registers.ecx: 15077288	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 ca 02 00 00 5e c1 ea 04 4a 81 c2 b3 81 7f exception.symbol: random+0x25c719 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2475801 exception.address: 0xe6c719 registers.esp: 3406164 registers.edi: 15078666 registers.eax: 15123448 registers.ebp: 4003057684 registers.edx: 1970012160 registers.ebx: 15078666 registers.esi: 3850504 registers.ecx: 2560000172	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 56 c7 04 24 62 10 bf 2b 81 34 24 e6 19 b7 6c exception.symbol: random+0x25c884 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2476164 exception.address: 0xe6c884 registers.esp: 3406168 registers.edi: 15078666 registers.eax: 15148842 registers.ebp: 4003057684 registers.edx: 1970012160 registers.ebx: 15078666 registers.esi: 3850504 registers.ecx: 2560000172	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 f9 15 50 0b e9 89 00 00 00 89 e2 81 c2 04 exception.symbol: random+0x25cbb4 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2476980 exception.address: 0xe6cbb4 registers.esp: 3406168 registers.edi: 15078666 registers.eax: 15148842 registers.ebp: 4003057684 registers.edx: 1970012160 registers.ebx: 4294944788 registers.esi: 3850504 registers.ecx: 4286424168	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 0c 05 00 00 ba c5 e4 fc 7d 31 d7 e9 e5 fe exception.symbol: random+0x262da3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2502051 exception.address: 0xe72da3 registers.esp: 3406168 registers.edi: 15152885 registers.eax: 30565 registers.ebp: 4003057684 registers.edx: 322689 registers.ebx: 586697697 registers.esi: 3850504 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 29 ff ff 34 3b 8b 34 24 68 21 8d 08 10 e9 96 exception.symbol: random+0x26e3db exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2548699 exception.address: 0xe7e3db registers.esp: 3406168 registers.edi: 15154220 registers.eax: 28425 registers.ebp: 4003057684 registers.edx: 108 registers.ebx: 15224024 registers.esi: 3855187806 registers.ecx: 109	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 6b 03 00 00 5c e9 36 01 00 00 8f 04 24 e9 exception.symbol: random+0x26de55 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2547285 exception.address: 0xe7de55 registers.esp: 3406168 registers.edi: 4294941632 registers.eax: 28425 registers.ebp: 4003057684 registers.edx: 108 registers.ebx: 15224024 registers.esi: 607947089 registers.ecx: 109	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 c2 00 00 00 29 c3 81 c3 96 a9 72 exception.symbol: random+0x27a0da exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2597082 exception.address: 0xe8a0da registers.esp: 3406168 registers.edi: 0 registers.eax: 2179107154 registers.ebp: 4003057684 registers.edx: 11 registers.ebx: 15247016 registers.esi: 3850504 registers.ecx: 12	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 172032 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c11000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00450000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00530000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00540000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00590000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00590000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00590000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00590000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00590000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2628 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00590000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00029c00', u'virtual_address': u'0x00001000', u'entropy': 7.983243961555983, u'name': u' \\x00 ', u'virtual_size': u'0x0005a000'}

entropy

7.98324396156

description

A section with a high entropy has been found

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 55 54 5d e9 52 3a 00 00 exception.symbol: random+0x1ec187 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2015623 exception.address: 0xdfc187 registers.esp: 3406200 registers.edi: 6303136 registers.eax: 1447909480 registers.ebp: 4003057684 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 14656219 registers.ecx: 20	1	0	0

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Generic.vh
ALYac	Gen:Trojan.Heur.TP.3AW@bmEwOUm
Cylance	Unsafe
VIPRE	Gen:Trojan.Heur.TP.3AW@bmEwOUm
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/malicious_confidence_100% (D)
BitDefender	Gen:Trojan.Heur.TP.3AW@bmEwOUm
Arcabit	Trojan.Heur.TP.ECE2DD
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	VHO:Trojan.Win32.Convagent.gen
MicroWorld-eScan	Gen:Trojan.Heur.TP.3AW@bmEwOUm
Rising	Trojan.Agent!1.128C8 (CLASSIC)
Emsisoft	Gen:Trojan.Heur.TP.3AW@bmEwOUm (B)
F-Secure	Trojan.TR/Crypt.TPM.Gen
McAfeeD	Real Protect-LS!2F66C2096865
Trapmine	malicious.high.ml.score
CTX	exe.trojan.bmewoum
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.2f66c209686505c4
Google	Detected
Avira	TR/Crypt.TPM.Gen
Kingsoft	Win32.Trojan.Generic.a
Gridinsoft	Trojan.Heur!.030120A1
Microsoft	Trojan:Win32/LummaStealer.DSK!MTB
GData	Gen:Trojan.Heur.TP.3AW@bmEwOUm
Varist	W32/Themida.CT.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R693230
DeepInstinct	MALICIOUS
VBA32	TScope.Malware-Cryptor.SB
Ikarus	Trojan.Win32.LummaStealer
Zoner	Probably Heur.ExeHeaderL
Tencent	Win32.Trojan.Generic.Gkjl
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Themida.HZB!tr
AVG	Win32:Evo-gen [Trj]
Paloalto	generic.ml

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All