Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 26, 2025, 9:45 a.m.	Feb. 26, 2025, 9:58 a.m.

Size	2.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7e3f7e223336ef778dfb47afee043852`
SHA256	`cba61e7810b00bc7267605f2f82db6df712add8e285ee078968f2d8e797c20df`
CRC32	`C904B417`
ssdeep	`49152:Ij0XmVoB//qwCu5j0D27851EgwfOjy4oM/oI/m:c0W6x/ZCMjJ85agwfOj9oI/`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
2540

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 26, 2025, 9:45 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (5 events)

section	\x00
section	.idata
section	ucisigvk
section	jldnxetx
section	.taggant

One or more processes crashed (50 out of 112 events)

Time & API	Arguments	Status
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: fb 60 bd 14 c0 86 ee e9 00 02 00 00 7c 70 ab 96 exception.symbol: random+0x5dc42 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 384066 exception.address: 0xb3dc42 registers.esp: 4587288 registers.edi: 0 registers.eax: 4587304 registers.ebp: 4587304 registers.edx: 4587296 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 89 14 24 57 52 e9 exception.symbol: random+0x5e27f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 385663 exception.address: 0xb3e27f registers.esp: 4587256 registers.edi: 0 registers.eax: 25932 registers.ebp: 4001808404 registers.edx: 4587296 registers.ebx: 2130567168 registers.esi: 241897 registers.ecx: 11791522	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 53 89 04 24 e9 b7 f7 ff ff 31 f2 31 d6 87 34 exception.symbol: random+0x5fc09 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 392201 exception.address: 0xb3fc09 registers.esp: 4587252 registers.edi: 0 registers.eax: 25778 registers.ebp: 4001808404 registers.edx: 1576821223 registers.ebx: 2130567168 registers.esi: 241897 registers.ecx: 11792946	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 56 e9 6d 00 00 00 55 68 50 52 40 08 89 04 24 exception.symbol: random+0x5fdbb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 392635 exception.address: 0xb3fdbb registers.esp: 4587256 registers.edi: 0 registers.eax: 1259 registers.ebp: 4001808404 registers.edx: 1576821223 registers.ebx: 0 registers.esi: 241897 registers.ecx: 11796052	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 eb 89 ba 55 61 03 1c 24 55 53 bb 89 ba 55 exception.symbol: random+0x1e1fd8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1974232 exception.address: 0xcc1fd8 registers.esp: 4587252 registers.edi: 11827551 registers.eax: 31359 registers.ebp: 4001808404 registers.edx: 2130566132 registers.ebx: 13376366 registers.esi: 13360017 registers.ecx: 687	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 08 fd ff ff 58 83 c1 04 87 0c 24 e9 7b 00 exception.symbol: random+0x1e25ea exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1975786 exception.address: 0xcc25ea registers.esp: 4587256 registers.edi: 11827551 registers.eax: 31359 registers.ebp: 4001808404 registers.edx: 2130566132 registers.ebx: 13407725 registers.esi: 13360017 registers.ecx: 687	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 55 e9 d1 f9 ff ff b8 5c 75 fb 4c f7 d0 c1 e0 exception.symbol: random+0x1e2487 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1975431 exception.address: 0xcc2487 registers.esp: 4587256 registers.edi: 11827551 registers.eax: 493801 registers.ebp: 4001808404 registers.edx: 4294939240 registers.ebx: 13407725 registers.esi: 13360017 registers.ecx: 687	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 50 e9 33 00 00 00 31 74 24 04 5e ff 34 24 58 exception.symbol: random+0x1e45be exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1983934 exception.address: 0xcc45be registers.esp: 4587256 registers.edi: 13388842 registers.eax: 0 registers.ebp: 4001808404 registers.edx: 50665 registers.ebx: 13382576 registers.esi: 2135575594 registers.ecx: 13387945	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 8f fc ff ff 8b 24 24 68 4f 64 3c 31 89 2c exception.symbol: random+0x1e5a27 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1989159 exception.address: 0xcc5a27 registers.esp: 4587256 registers.edi: 13388842 registers.eax: 30249 registers.ebp: 4001808404 registers.edx: 858806229 registers.ebx: 13382576 registers.esi: 2135575594 registers.ecx: 13420577	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 4f fe ff ff 81 eb 0c 43 7c 3d e9 03 ff ff exception.symbol: random+0x1e587c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1988732 exception.address: 0xcc587c registers.esp: 4587256 registers.edi: 4294939888 registers.eax: 1259 registers.ebp: 4001808404 registers.edx: 858806229 registers.ebx: 13382576 registers.esi: 2135575594 registers.ecx: 13420577	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 51 89 2c 24 68 f1 9a a1 exception.symbol: random+0x1f0d9c exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2035100 exception.address: 0xcd0d9c registers.esp: 4587248 registers.edi: 4861344 registers.eax: 1447909480 registers.ebp: 4001808404 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 13422573 registers.ecx: 20	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x1f1e43 exception.address: 0xcd1e43 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 2039363 registers.esp: 4587248 registers.edi: 4861344 registers.eax: 1 registers.ebp: 4001808404 registers.edx: 22104 registers.ebx: 0 registers.esi: 13422573 registers.ecx: 20	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 ff 2f 2d 12 01 exception.symbol: random+0x1efd1d exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2030877 exception.address: 0xccfd1d registers.esp: 4587248 registers.edi: 4861344 registers.eax: 1447909480 registers.ebp: 4001808404 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13422573 registers.ecx: 10	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 57 0f 80 02 00 00 00 56 59 59 6a 00 exception.symbol: random+0x1f5a3f exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 2054719 exception.address: 0xcd5a3f registers.esp: 4587216 registers.edi: 0 registers.eax: 4587216 registers.ebp: 4001808404 registers.edx: 0 registers.ebx: 13458299 registers.esi: 2130566132 registers.ecx: 13458943	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 56 54 5e 81 c6 04 00 00 00 81 ee 04 00 00 00 exception.symbol: random+0x1f67ae exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2058158 exception.address: 0xcd67ae registers.esp: 4587256 registers.edi: 4861344 registers.eax: 27389 registers.ebp: 4001808404 registers.edx: 0 registers.ebx: 26461515 registers.esi: 13462192 registers.ecx: 6379	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 57 68 c8 cd de 01 89 0c 24 e9 97 04 00 00 5d exception.symbol: random+0x205779 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2119545 exception.address: 0xce5779 registers.esp: 4587256 registers.edi: 11780218 registers.eax: 13552714 registers.ebp: 4001808404 registers.edx: 6 registers.ebx: 26461737 registers.esi: 3441518677 registers.ecx: 4294938940	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 53 68 b6 38 d5 7f e9 6c f4 ff ff bd 04 00 00 exception.symbol: random+0x206bf3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2124787 exception.address: 0xce6bf3 registers.esp: 4587256 registers.edi: 13556253 registers.eax: 31424 registers.ebp: 4001808404 registers.edx: 6 registers.ebx: 26461737 registers.esi: 3441518677 registers.ecx: 1661249702	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 b4 f8 ff ff 50 89 e0 05 04 00 00 exception.symbol: random+0x206ab2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2124466 exception.address: 0xce6ab2 registers.esp: 4587256 registers.edi: 13528233 registers.eax: 31424 registers.ebp: 4001808404 registers.edx: 6 registers.ebx: 262633 registers.esi: 0 registers.ecx: 1661249702	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 22 00 00 00 83 ec 04 89 34 24 89 e6 55 51 exception.symbol: random+0x20c2a1 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2146977 exception.address: 0xcec2a1 registers.esp: 4587244 registers.edi: 3997740221 registers.eax: 31131 registers.ebp: 4001808404 registers.edx: 702552429 registers.ebx: 13548049 registers.esi: 13528233 registers.ecx: 716098681	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb ba 97 9c ef 7d 81 c2 11 1e 6e 67 81 ea 2a 94 exception.symbol: random+0x20bb13 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2145043 exception.address: 0xcebb13 registers.esp: 4587248 registers.edi: 4294938840 registers.eax: 31131 registers.ebp: 4001808404 registers.edx: 702552429 registers.ebx: 13579180 registers.esi: 2179369302 registers.ecx: 716098681	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 c3 4b 71 7d 75 55 e9 f3 fe ff ff 50 e9 d3 exception.symbol: random+0x20fcc8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2161864 exception.address: 0xcefcc8 registers.esp: 4587244 registers.edi: 293163212 registers.eax: 30719 registers.ebp: 4001808404 registers.edx: 1100908569 registers.ebx: 13564537 registers.esi: 2179340846 registers.ecx: 1114463646	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb ba 2f 6d fe 0d c1 e2 04 83 ec 04 89 34 24 be exception.symbol: random+0x20ffcc exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2162636 exception.address: 0xceffcc registers.esp: 4587248 registers.edi: 84201 registers.eax: 0 registers.ebp: 4001808404 registers.edx: 1100908569 registers.ebx: 13567336 registers.esi: 2179340846 registers.ecx: 1114463646	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 1c 24 bb d0 55 bf 71 81 c3 4a e9 exception.symbol: random+0x2322ac exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2302636 exception.address: 0xd122ac registers.esp: 4587216 registers.edi: 3894681197 registers.eax: 32039 registers.ebp: 4001808404 registers.edx: 13735261 registers.ebx: 13651361 registers.esi: 13697877 registers.ecx: 2114125824	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 b6 d6 ce 67 89 04 24 53 bb c1 14 df 6e 50 exception.symbol: random+0x232036 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2302006 exception.address: 0xd12036 registers.esp: 4587216 registers.edi: 496339296 registers.eax: 32039 registers.ebp: 4001808404 registers.edx: 13706197 registers.ebx: 13651361 registers.esi: 0 registers.ecx: 2114125824	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 53 89 0c 24 52 68 ee 34 be 7d 8b 14 24 e9 62 exception.symbol: random+0x232dc3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2305475 exception.address: 0xd12dc3 registers.esp: 4587216 registers.edi: 13706775 registers.eax: 0 registers.ebp: 4001808404 registers.edx: 103675404 registers.ebx: 2298801283 registers.esi: 13706227 registers.ecx: 13709997	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 ee ff 68 29 78 57 bf e0 de cb 5f 51 e9 2e exception.symbol: random+0x233f76 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2310006 exception.address: 0xd13f76 registers.esp: 4587212 registers.edi: 13706775 registers.eax: 31660 registers.ebp: 4001808404 registers.edx: 103675404 registers.ebx: 411365267 registers.esi: 13710495 registers.ecx: 547989985	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 57 89 14 24 56 68 ea 0c 7f 7f ff 34 24 5e 81 exception.symbol: random+0x233c2a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2309162 exception.address: 0xd13c2a registers.esp: 4587216 registers.edi: 5106007 registers.eax: 31660 registers.ebp: 4001808404 registers.edx: 4294938840 registers.ebx: 411365267 registers.esi: 13742155 registers.ecx: 547989985	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 51 b9 9f 54 bf 5e 29 c8 59 2d 91 f9 f7 73 03 exception.symbol: random+0x234b1b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2312987 exception.address: 0xd14b1b registers.esp: 4587212 registers.edi: 5106007 registers.eax: 13714130 registers.ebp: 4001808404 registers.edx: 4294938840 registers.ebx: 486812884 registers.esi: 13742155 registers.ecx: 1704351107	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 56 e9 e5 ff ff ff 89 c8 59 01 c7 e9 8d fb ff exception.symbol: random+0x234cd3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2313427 exception.address: 0xd14cd3 registers.esp: 4587216 registers.edi: 5106007 registers.eax: 13745853 registers.ebp: 4001808404 registers.edx: 4294938840 registers.ebx: 486812884 registers.esi: 13742155 registers.ecx: 1704351107	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 52 e9 5b 02 00 00 b8 b8 bb fe 6e 57 bf cf 46 exception.symbol: random+0x2346cc exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2311884 exception.address: 0xd146cc registers.esp: 4587216 registers.edi: 5106007 registers.eax: 13717685 registers.ebp: 4001808404 registers.edx: 0 registers.ebx: 486812884 registers.esi: 1426090592 registers.ecx: 1704351107	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 55 68 97 2f 3b 7f 8b 2c 24 52 e9 9c 04 00 00 exception.symbol: random+0x235d7d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2317693 exception.address: 0xd15d7d registers.esp: 4587212 registers.edi: 5106007 registers.eax: 29217 registers.ebp: 4001808404 registers.edx: 13720091 registers.ebx: 11792139 registers.esi: 1426090592 registers.ecx: 1704351107	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 e9 2d 01 00 00 b8 e3 12 9e exception.symbol: random+0x235e3c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2317884 exception.address: 0xd15e3c registers.esp: 4587216 registers.edi: 5106007 registers.eax: 29217 registers.ebp: 4001808404 registers.edx: 13749308 registers.ebx: 11792139 registers.esi: 1426090592 registers.ecx: 1704351107	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 52 c7 04 24 62 9e 26 75 ff 34 24 e9 6d fd ff exception.symbol: random+0x235f92 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2318226 exception.address: 0xd15f92 registers.esp: 4587216 registers.edi: 5106007 registers.eax: 29217 registers.ebp: 4001808404 registers.edx: 13749308 registers.ebx: 607422802 registers.esi: 4294941116 registers.ecx: 1704351107	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 57 89 34 24 52 ba 4d 05 b7 6f 53 c7 04 24 b3 exception.symbol: random+0x23d840 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2349120 exception.address: 0xd1d840 registers.esp: 4587216 registers.edi: 4006291779 registers.eax: 13782181 registers.ebp: 4001808404 registers.edx: 0 registers.ebx: 65786 registers.esi: 5079827 registers.ecx: 1971716238	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 56 54 5e 81 c6 04 00 00 00 55 e9 00 00 00 00 exception.symbol: random+0x23e034 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2351156 exception.address: 0xd1e034 registers.esp: 4587216 registers.edi: 157417 registers.eax: 13754513 registers.ebp: 4001808404 registers.edx: 0 registers.ebx: 65786 registers.esi: 5079827 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 50 b8 02 42 6e 3e e9 00 00 00 00 29 c2 e9 1d exception.symbol: random+0x23ea89 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2353801 exception.address: 0xd1ea89 registers.esp: 4587212 registers.edi: 157417 registers.eax: 25660 registers.ebp: 4001808404 registers.edx: 13757022 registers.ebx: 1518859971 registers.esi: 5079827 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 56 e9 a5 fc ff ff 5a e9 bc 00 00 00 5c 89 e8 exception.symbol: random+0x23ef1f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2354975 exception.address: 0xd1ef1f registers.esp: 4587216 registers.edi: 3939837675 registers.eax: 25660 registers.ebp: 4001808404 registers.edx: 13759838 registers.ebx: 0 registers.esi: 5079827 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb be 1f af 91 3f 50 e9 fb fc ff ff 4d 81 f5 d5 exception.symbol: random+0x2419eb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2365931 exception.address: 0xd219eb registers.esp: 4587216 registers.edi: 0 registers.eax: 31415 registers.ebp: 4001808404 registers.edx: 1488949388 registers.ebx: 13765812 registers.esi: 27462837 registers.ecx: 13799127	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 79 bf bb 73 e9 00 00 00 00 81 2c exception.symbol: random+0x241e27 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2367015 exception.address: 0xd21e27 registers.esp: 4587216 registers.edi: 0 registers.eax: 31415 registers.ebp: 4001808404 registers.edx: 1488949388 registers.ebx: 2304201047 registers.esi: 4294938980 registers.ecx: 13799127	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 c2 00 57 f3 7a e9 7f 01 00 00 c1 24 24 02 exception.symbol: random+0x24ee09 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2420233 exception.address: 0xd2ee09 registers.esp: 4587212 registers.edi: 0 registers.eax: 27054 registers.ebp: 4001808404 registers.edx: 13822651 registers.ebx: 13792708 registers.esi: 3457288 registers.ecx: 45947	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 6f 40 e4 6b 89 04 24 e9 9d f6 ff ff b9 57 exception.symbol: random+0x24f453 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2421843 exception.address: 0xd2f453 registers.esp: 4587216 registers.edi: 0 registers.eax: 1060049768 registers.ebp: 4001808404 registers.edx: 13849705 registers.ebx: 4294943136 registers.esi: 3457288 registers.ecx: 45947	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 ee 40 22 b7 6f 81 ec 04 00 00 00 89 0c 24 exception.symbol: random+0x24fdaf exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2424239 exception.address: 0xd2fdaf registers.esp: 4587212 registers.edi: 0 registers.eax: 32028 registers.ebp: 4001808404 registers.edx: 13849705 registers.ebx: 1978462618 registers.esi: 13826045 registers.ecx: 45947	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 57 50 e9 09 04 00 00 29 c6 81 c6 9c bd 84 56 exception.symbol: random+0x24feb6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2424502 exception.address: 0xd2feb6 registers.esp: 4587216 registers.edi: 0 registers.eax: 32028 registers.ebp: 4001808404 registers.edx: 13849705 registers.ebx: 1978462618 registers.esi: 13858073 registers.ecx: 45947	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 28 04 12 62 e9 7d ff ff ff 81 ea 2c 83 d7 exception.symbol: random+0x24fd7c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2424188 exception.address: 0xd2fd7c registers.esp: 4587216 registers.edi: 0 registers.eax: 32028 registers.ebp: 4001808404 registers.edx: 13849705 registers.ebx: 45017429 registers.esi: 13829157 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 51 89 14 24 89 2c 24 52 ba 70 b9 ff 7f bd 43 exception.symbol: random+0x265b3a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2513722 exception.address: 0xd45b3a registers.esp: 4587212 registers.edi: 13914523 registers.eax: 27459 registers.ebp: 4001808404 registers.edx: 2350872 registers.ebx: 4006965183 registers.esi: 27741667 registers.ecx: 16263638	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 5d a8 df 7f 59 81 c9 bf 82 f3 5e e9 86 04 exception.symbol: random+0x265330 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2511664 exception.address: 0xd45330 registers.esp: 4587216 registers.edi: 13917454 registers.eax: 27459 registers.ebp: 4001808404 registers.edx: 2170180690 registers.ebx: 4006965183 registers.esi: 27741667 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 43 00 00 00 29 d6 5a e9 0d fb ff ff 01 c3 exception.symbol: random+0x271391 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2560913 exception.address: 0xd51391 registers.esp: 4587212 registers.edi: 0 registers.eax: 31531 registers.ebp: 4001808404 registers.edx: 3174605401 registers.ebx: 13960840 registers.esi: 17418128 registers.ecx: 13962577	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 50 89 34 24 54 5e 81 c6 04 00 00 00 83 ee 04 exception.symbol: random+0x271519 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2561305 exception.address: 0xd51519 registers.esp: 4587216 registers.edi: 0 registers.eax: 31531 registers.ebp: 4001808404 registers.edx: 3174605401 registers.ebx: 13960840 registers.esi: 17418128 registers.ecx: 13994108	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 53 bb b7 18 c2 1a 53 89 e3 50 83 ec 04 89 1c exception.symbol: random+0x2712e6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2560742 exception.address: 0xd512e6 registers.esp: 4587216 registers.edi: 0 registers.eax: 31531 registers.ebp: 4001808404 registers.edx: 3174605401 registers.ebx: 4294938528 registers.esi: 604292946 registers.ecx: 13994108	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 51 55 e9 99 00 00 00 89 1c 24 bb 00 66 bf 5b exception.symbol: random+0x27c95f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2607455 exception.address: 0xd5c95f registers.esp: 4587216 registers.edi: 0 registers.eax: 322689 registers.ebp: 4001808404 registers.edx: 14011294 registers.ebx: 13979004 registers.esi: 0 registers.ecx: 12	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 172032 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ae1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x021f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 2540 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00029a00', u'virtual_address': u'0x00001000', u'entropy': 7.982164099330973, u'name': u' \\x00 ', u'virtual_size': u'0x00059000'}

entropy

7.98216409933

description

A section with a high entropy has been found

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 51 89 2c 24 68 f1 9a a1 exception.symbol: random+0x1f0d9c exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2035100 exception.address: 0xcd0d9c registers.esp: 4587248 registers.edi: 4861344 registers.eax: 1447909480 registers.ebp: 4001808404 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 13422573 registers.ecx: 20	1	0	0

File has been identified by 41 AntiVirus engines on VirusTotal as malicious (41 events)

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Variant.Jaik.245242
Skyhigh	BehavesLike.Win32.Generic.vh
ALYac	Gen:Variant.Jaik.245242
Cylance	Unsafe
VIPRE	Gen:Variant.Jaik.245242
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/malicious_confidence_100% (D)
BitDefender	Gen:Variant.Jaik.245242
Arcabit	Trojan.Jaik.D3BDFA
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.Gen.BGZ
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Cynet	Malicious (score: 99)
Kaspersky	VHO:Trojan-Downloader.Win32.Convagent.gen
Emsisoft	Gen:Variant.Jaik.245242 (B)
F-Secure	Trojan.TR/Crypt.TPM.Gen
McAfeeD	Real Protect-LS!7E3F7E223336
Trapmine	malicious.high.ml.score
CTX	exe.unknown.jaik
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.7e3f7e223336ef77
Google	Detected
Avira	TR/Crypt.TPM.Gen
Kingsoft	Win32.Trojan.Generic.a
Gridinsoft	Trojan.Heur!.030120A1
Microsoft	Trojan:Win32/Amadey.BSA!MTB
GData	Gen:Variant.Jaik.245242
Varist	W32/Themida.CT.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R693230
DeepInstinct	MALICIOUS
Ikarus	Trojan.Win32.LummaStealer
Zoner	Probably Heur.ExeHeaderL
Tencent	Win32.Trojan.Generic.Kcnw
Fortinet	W32/Themida.HZB!tr
AVG	Win32:Evo-gen [Trj]
Paloalto	generic.ml

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All