Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Feb. 26, 2025, 9:45 a.m.	Feb. 26, 2025, 9:48 a.m.

Size	3.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`745d5cd64aee1b5c9f396c367c36e89a`
SHA256	`ed1f2d955de698f60b8624feb3d07891bf1903411dbccc65e41befce2fac3194`
CRC32	`5E100DD1`
ssdeep	`49152:CzNfq24YqGcluwrr3HTb79LIaMRmpbrbtRQZciM:CzNi24YqGmuwn3HTf9LE+RQZci`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
1076

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 26, 2025, 9:45 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (5 events)

section	\x00
section	.idata
section	zjhdmfah
section	hfdmpwzr
section	.taggant

One or more processes crashed (50 out of 116 events)

Time & API	Arguments	Status
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb 60 bd 14 c0 9d ee e9 00 02 00 00 8a 4b fc 11 exception.symbol: random+0x5dc1b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 384027 exception.address: 0xcadc1b registers.esp: 4389804 registers.edi: 0 registers.eax: 4389820 registers.ebp: 4389820 registers.edx: 4389812 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 52 89 0c 24 55 bd 04 26 54 30 89 e9 5d 57 e9 exception.symbol: random+0x5e8a2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 387234 exception.address: 0xcae8a2 registers.esp: 4389772 registers.edi: 0 registers.eax: 28348 registers.ebp: 4003315732 registers.edx: 13298299 registers.ebx: 2130567168 registers.esi: 606898513 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 51 b9 fd f2 7e 33 81 c9 97 c9 df 67 41 56 50 exception.symbol: random+0x5f619 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 390681 exception.address: 0xcaf619 registers.esp: 4389768 registers.edi: 0 registers.eax: 28177 registers.ebp: 4003315732 registers.edx: 13298299 registers.ebx: 13298660 registers.esi: 606898513 registers.ecx: 1207606327	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 00 9e ff 47 e9 1f 04 00 00 c7 04 24 a1 c5 exception.symbol: random+0x5efe0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 389088 exception.address: 0xcaefe0 registers.esp: 4389772 registers.edi: 0 registers.eax: 0 registers.ebp: 4003315732 registers.edx: 237801 registers.ebx: 13301693 registers.esi: 606898513 registers.ecx: 1207606327	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 52 89 3c 24 51 e9 91 03 00 00 ff 34 24 5e 81 exception.symbol: random+0x1d315f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1913183 exception.address: 0xe2315f registers.esp: 4389772 registers.edi: 13335575 registers.eax: 14825295 registers.ebp: 4003315732 registers.edx: 2130566132 registers.ebx: 13304011 registers.esi: 0 registers.ecx: 786409	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 ef 6b e3 f7 16 81 ef 86 2a e7 3e 81 c7 f3 exception.symbol: random+0x1d56fc exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1922812 exception.address: 0xe256fc registers.esp: 4389768 registers.edi: 14832935 registers.eax: 25597 registers.ebp: 4003315732 registers.edx: 756881058 registers.ebx: 14830411 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 31 db 50 89 14 24 53 ff 34 24 5a 81 c4 04 00 exception.symbol: random+0x1d55ea exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1922538 exception.address: 0xe255ea registers.esp: 4389772 registers.edi: 14858532 registers.eax: 25597 registers.ebp: 4003315732 registers.edx: 756881058 registers.ebx: 14830411 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 34 24 e9 04 fd ff ff 53 ff 74 24 exception.symbol: random+0x1d5eca exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1924810 exception.address: 0xe25eca registers.esp: 4389772 registers.edi: 14858532 registers.eax: 134889 registers.ebp: 4003315732 registers.edx: 756881058 registers.ebx: 4294944220 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 c7 15 a5 de 7d 50 51 e9 6a 01 00 00 68 b8 exception.symbol: random+0x1d9fe6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1941478 exception.address: 0xe29fe6 registers.esp: 4389768 registers.edi: 14850964 registers.eax: 30674 registers.ebp: 4003315732 registers.edx: 123969728 registers.ebx: 2107294650 registers.esi: 0 registers.ecx: 14288	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 cb e4 c5 28 89 34 24 50 b8 05 7b 7f 7f 52 exception.symbol: random+0x1da44e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1942606 exception.address: 0xe2a44e registers.esp: 4389772 registers.edi: 14881638 registers.eax: 30674 registers.ebp: 4003315732 registers.edx: 123969728 registers.ebx: 2107294650 registers.esi: 0 registers.ecx: 14288	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 55 e9 65 00 00 00 33 34 24 31 34 24 33 34 24 exception.symbol: random+0x1d9fd5 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1941461 exception.address: 0xe29fd5 registers.esp: 4389772 registers.edi: 14854134 registers.eax: 30674 registers.ebp: 4003315732 registers.edx: 123969728 registers.ebx: 2107294650 registers.esi: 202985 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 53 e9 dd eb ff ff bf 04 exception.symbol: random+0x1dfbbb exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1964987 exception.address: 0xe2fbbb registers.esp: 4389764 registers.edi: 5189240 registers.eax: 1447909480 registers.ebp: 4003315732 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 14868282 registers.ecx: 20	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x1e044f exception.address: 0xe3044f exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 1967183 registers.esp: 4389764 registers.edi: 5189240 registers.eax: 1 registers.ebp: 4003315732 registers.edx: 22104 registers.ebx: 0 registers.esi: 14868282 registers.ecx: 20	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 a2 38 2d 12 01 exception.symbol: random+0x1e2ce8 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1977576 exception.address: 0xe32ce8 registers.esp: 4389764 registers.edi: 5189240 registers.eax: 1447909480 registers.ebp: 4003315732 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 14868282 registers.ecx: 10	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 3b 00 00 00 f7 14 24 ff 04 24 81 0c 24 3d exception.symbol: random+0x1e7379 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1995641 exception.address: 0xe37379 registers.esp: 4389768 registers.edi: 5189240 registers.eax: 26031 registers.ebp: 4003315732 registers.edx: 2130566132 registers.ebx: 24115015 registers.esi: 14904184 registers.ecx: 787415040	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 57 89 34 24 be b5 ce fd 5f 68 e1 7d c5 65 e9 exception.symbol: random+0x1e7179 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1995129 exception.address: 0xe37179 registers.esp: 4389772 registers.edi: 5189240 registers.eax: 4294944076 registers.ebp: 4003315732 registers.edx: 2130566132 registers.ebx: 24115015 registers.esi: 14930215 registers.ecx: 1392536160	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 e8 0e 00 00 00 a0 7b 18 75 d0 6a 7e exception.symbol: random+0x1e78e7 exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 1997031 exception.address: 0xe378e7 registers.esp: 4389732 registers.edi: 0 registers.eax: 4389732 registers.ebp: 4003315732 registers.edx: 1877112832 registers.ebx: 14907956 registers.esi: 30720 registers.ecx: 14907392	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 fc 01 00 00 51 68 5d 4e 9f 2e 89 24 24 81 exception.symbol: random+0x1f61e3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2056675 exception.address: 0xe461e3 registers.esp: 4389768 registers.edi: 14966655 registers.eax: 27249 registers.ebp: 4003315732 registers.edx: 6 registers.ebx: 24115237 registers.esi: 1971262480 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 5a 0a 5a 01 ff 34 24 ff 34 24 8b 1c 24 56 exception.symbol: random+0x1f6356 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2057046 exception.address: 0xe46356 registers.esp: 4389772 registers.edi: 14993904 registers.eax: 4294942764 registers.ebp: 4003315732 registers.edx: 6 registers.ebx: 24115237 registers.esi: 1971262480 registers.ecx: 884969	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 31 f6 83 ec 04 89 14 24 56 52 51 b9 b4 84 fe exception.symbol: random+0x1fb567 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2078055 exception.address: 0xe4b567 registers.esp: 4389772 registers.edi: 4000909796 registers.eax: 15013436 registers.ebp: 4003315732 registers.edx: 6 registers.ebx: 8421709 registers.esi: 1986256384 registers.ecx: 14980447	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 52 51 89 1c 24 50 b8 73 3c bf 7c 56 68 13 13 exception.symbol: random+0x1fb153 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2077011 exception.address: 0xe4b153 registers.esp: 4389772 registers.edi: 271018071 registers.eax: 15013436 registers.ebp: 4003315732 registers.edx: 6 registers.ebx: 8421709 registers.esi: 4294944204 registers.ecx: 14980447	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 e9 70 05 00 00 81 ea 42 b3 exception.symbol: random+0x1fbe8d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2080397 exception.address: 0xe4be8d registers.esp: 4389768 registers.edi: 271018071 registers.eax: 31466 registers.ebp: 4003315732 registers.edx: 14990735 registers.ebx: 1113970979 registers.esi: 4294944204 registers.ecx: 14980447	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 e9 d7 f7 ff ff 81 c7 00 e8 exception.symbol: random+0x1fc6e9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2082537 exception.address: 0xe4c6e9 registers.esp: 4389772 registers.edi: 271018071 registers.eax: 31466 registers.ebp: 4003315732 registers.edx: 15022201 registers.ebx: 1113970979 registers.esi: 4294944204 registers.ecx: 14980447	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 57 89 2c 24 e9 48 04 00 00 bb aa f7 fe 51 01 exception.symbol: random+0x1fc0af exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2080943 exception.address: 0xe4c0af registers.esp: 4389772 registers.edi: 262633 registers.eax: 31466 registers.ebp: 4003315732 registers.edx: 15022201 registers.ebx: 1113970979 registers.esi: 4294938884 registers.ecx: 14980447	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 51 68 a0 ed b4 7f ff 34 24 59 53 89 e3 81 c3 exception.symbol: random+0x1ff693 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2094739 exception.address: 0xe4f693 registers.esp: 4389764 registers.edi: 262633 registers.eax: 15036072 registers.ebp: 4003315732 registers.edx: 670314913 registers.ebx: 1113970979 registers.esi: 4294938884 registers.ecx: 381019555	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 52 ba c5 6d af 77 4a 56 89 e6 81 c6 04 00 00 exception.symbol: random+0x1ff9ae exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2095534 exception.address: 0xe4f9ae registers.esp: 4389764 registers.edi: 262633 registers.eax: 15006472 registers.ebp: 4003315732 registers.edx: 84201 registers.ebx: 0 registers.esi: 4294938884 registers.ecx: 381019555	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 50 89 3c 24 bf 19 2f ff 45 53 50 55 bd b8 2b exception.symbol: random+0x20ffdd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2162653 exception.address: 0xe5ffdd registers.esp: 4389764 registers.edi: 15101626 registers.eax: 29794 registers.ebp: 4003315732 registers.edx: 4294940344 registers.ebx: 1426090592 registers.esi: 485400746 registers.ecx: 2145603406	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 1e 09 00 00 8b 2c 24 83 c4 04 5b 57 89 f7 exception.symbol: random+0x22311f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2240799 exception.address: 0xe7311f registers.esp: 4389728 registers.edi: 15150922 registers.eax: 30867 registers.ebp: 4003315732 registers.edx: 2130566132 registers.ebx: 2976929825 registers.esi: 15151359 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 52 89 1c 24 c7 04 24 f5 4f bf 1f c1 2c 24 05 exception.symbol: random+0x223879 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2242681 exception.address: 0xe73879 registers.esp: 4389732 registers.edi: 15150922 registers.eax: 715104 registers.ebp: 4003315732 registers.edx: 2130566132 registers.ebx: 2976929825 registers.esi: 15154114 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 9a 00 00 00 89 fb 8b 3c 24 e9 c5 fd ff ff exception.symbol: random+0x224983 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2247043 exception.address: 0xe74983 registers.esp: 4389728 registers.edi: 15150922 registers.eax: 27780 registers.ebp: 4003315732 registers.edx: 1698970095 registers.ebx: 1597492504 registers.esi: 15155948 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 57 89 e7 81 c7 04 00 00 00 81 ef 04 00 00 00 exception.symbol: random+0x2247e6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2246630 exception.address: 0xe747e6 registers.esp: 4389732 registers.edi: 15150922 registers.eax: 27780 registers.ebp: 4003315732 registers.edx: 1698970095 registers.ebx: 1597492504 registers.esi: 15183728 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 51 54 59 e9 1e ff ff ff 50 b8 00 00 00 00 e9 exception.symbol: random+0x224cb0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2247856 exception.address: 0xe74cb0 registers.esp: 4389732 registers.edi: 15150922 registers.eax: 27780 registers.ebp: 4003315732 registers.edx: 604292947 registers.ebx: 1597492504 registers.esi: 15183728 registers.ecx: 4294942072	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 50 53 c7 04 24 d2 1f 3f 4e e9 22 fe ff ff 89 exception.symbol: random+0x225341 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2249537 exception.address: 0xe75341 registers.esp: 4389728 registers.edi: 15150922 registers.eax: 25343 registers.ebp: 4003315732 registers.edx: 1475033433 registers.ebx: 477758603 registers.esi: 15183728 registers.ecx: 15158918	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 88 ff ff ff 83 c4 04 68 94 95 f5 71 89 0c exception.symbol: random+0x225048 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2248776 exception.address: 0xe75048 registers.esp: 4389732 registers.edi: 15150922 registers.eax: 25343 registers.ebp: 4003315732 registers.edx: 1475033433 registers.ebx: 477758603 registers.esi: 15183728 registers.ecx: 15184261	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 5c 00 00 00 5b 58 81 c1 2b 64 ea 5f 01 d9 exception.symbol: random+0x2258df exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2250975 exception.address: 0xe758df registers.esp: 4389732 registers.edi: 15150922 registers.eax: 25343 registers.ebp: 4003315732 registers.edx: 1475033433 registers.ebx: 44777 registers.esi: 0 registers.ecx: 15161725	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 6e f9 ff ff 5f ff 34 24 5e 83 c4 04 81 ec exception.symbol: random+0x229c06 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2268166 exception.address: 0xe79c06 registers.esp: 4389732 registers.edi: 15150922 registers.eax: 29440 registers.ebp: 4003315732 registers.edx: 15206343 registers.ebx: 65804 registers.esi: 0 registers.ecx: 1969225870	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 56 83 ec 04 e9 4f fb ff ff 81 c2 3d 3e eb 7e exception.symbol: random+0x229bb4 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2268084 exception.address: 0xe79bb4 registers.esp: 4389732 registers.edi: 0 registers.eax: 29440 registers.ebp: 4003315732 registers.edx: 15179951 registers.ebx: 938909069 registers.esi: 0 registers.ecx: 1969225870	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 3c 24 51 c7 04 24 c1 a6 exception.symbol: random+0x22beb0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2277040 exception.address: 0xe7beb0 registers.esp: 4389732 registers.edi: 0 registers.eax: 25345 registers.ebp: 4003315732 registers.edx: 65531227 registers.ebx: 15212501 registers.esi: 0 registers.ecx: 139456150	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 75 a9 40 42 89 3c 24 89 34 24 53 bb 45 20 exception.symbol: random+0x22c3f0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2278384 exception.address: 0xe7c3f0 registers.esp: 4389732 registers.edi: 0 registers.eax: 4294944520 registers.ebp: 4003315732 registers.edx: 65531227 registers.ebx: 15212501 registers.esi: 0 registers.ecx: 85993	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 65 fa ff ff 8b 34 24 83 c4 04 56 89 04 24 exception.symbol: random+0x22d194 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2281876 exception.address: 0xe7d194 registers.esp: 4389728 registers.edi: 0 registers.eax: 28622 registers.ebp: 4003315732 registers.edx: 1641160773 registers.ebx: 1852458497 registers.esi: 0 registers.ecx: 15190522	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb e9 31 02 00 00 51 e9 67 ff ff ff 8f 04 24 8b exception.symbol: random+0x22cb60 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2280288 exception.address: 0xe7cb60 registers.esp: 4389732 registers.edi: 0 registers.eax: 28622 registers.ebp: 4003315732 registers.edx: 1641160773 registers.ebx: 1852458497 registers.esi: 0 registers.ecx: 15219144	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 68 23 e9 85 0d 89 34 24 50 b8 2e 4e ff 7c e9 exception.symbol: random+0x22d29e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2282142 exception.address: 0xe7d29e registers.esp: 4389732 registers.edi: 0 registers.eax: 28622 registers.ebp: 4003315732 registers.edx: 1641160773 registers.ebx: 0 registers.esi: 157417 registers.ecx: 15193392	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 57 bf 11 23 bf 7f 81 c7 03 24 7e 7f f7 df 51 exception.symbol: random+0x22db73 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2284403 exception.address: 0xe7db73 registers.esp: 4389732 registers.edi: 81129 registers.eax: 15225578 registers.ebp: 4003315732 registers.edx: 21731961 registers.ebx: 0 registers.esi: 157417 registers.ecx: 4294938996	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 57 e9 e0 02 00 00 5e 83 c0 04 50 ff 74 24 04 exception.symbol: random+0x2384e2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2327778 exception.address: 0xe884e2 registers.esp: 4389728 registers.edi: 4003324334 registers.eax: 26776 registers.ebp: 4003315732 registers.edx: 15238136 registers.ebx: 2147483650 registers.esi: 15207651 registers.ecx: 787415040	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 56 c7 04 24 06 e2 04 2b 89 34 24 89 3c 24 c7 exception.symbol: random+0x2385b2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2327986 exception.address: 0xe885b2 registers.esp: 4389732 registers.edi: 4003324334 registers.eax: 26776 registers.ebp: 4003315732 registers.edx: 15264912 registers.ebx: 2147483650 registers.esi: 15207651 registers.ecx: 787415040	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 57 50 89 14 24 ba 00 94 6d 6f bf 97 78 81 00 exception.symbol: random+0x238b73 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2329459 exception.address: 0xe88b73 registers.esp: 4389732 registers.edi: 4003324334 registers.eax: 26776 registers.ebp: 4003315732 registers.edx: 15240804 registers.ebx: 2147483650 registers.esi: 605325651 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 52 89 0c 24 e9 8d fe ff ff 89 2c 24 68 5a f2 exception.symbol: random+0x24ec96 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2419862 exception.address: 0xe9ec96 registers.esp: 4389732 registers.edi: 76616448 registers.eax: 15356071 registers.ebp: 4003315732 registers.edx: 15027610 registers.ebx: 604292944 registers.esi: 78295304 registers.ecx: 4294943936	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 50 52 e9 0e 00 00 00 5e f7 de 81 f6 5e 3f 69 exception.symbol: random+0x254ace exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2443982 exception.address: 0xea4ace registers.esp: 4389732 registers.edi: 15385803 registers.eax: 604277073 registers.ebp: 4003315732 registers.edx: 2130566132 registers.ebx: 604292944 registers.esi: 78295304 registers.ecx: 4294938832	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 e9 3e 00 00 00 51 exception.symbol: random+0x25d12e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2478382 exception.address: 0xead12e registers.esp: 4389732 registers.edi: 15414698 registers.eax: 28479 registers.ebp: 4003315732 registers.edx: 15027610 registers.ebx: 15364285 registers.esi: 3260396 registers.ecx: 2738257991	1
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: fb 53 89 3c 24 bf 88 01 e2 5f 52 56 be 60 ea da exception.symbol: random+0x25ccf3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2477299 exception.address: 0xeaccf3 registers.esp: 4389732 registers.edi: 15389162 registers.eax: 28479 registers.ebp: 4003315732 registers.edx: 607947091 registers.ebx: 15364285 registers.esi: 3260396 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7793f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 364544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c51000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00600000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00610000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00be0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bf0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:45 a.m.	process_identifier: 1076 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00059000', u'virtual_address': u'0x00001000', u'entropy': 7.124338289372752, u'name': u' \\x00 ', u'virtual_size': u'0x00059000'}

entropy

7.12433828937

description

A section with a high entropy has been found

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:45 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Feb. 26, 2025, 9:45 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 53 e9 dd eb ff ff bf 04 exception.symbol: random+0x1dfbbb exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1964987 exception.address: 0xe2fbbb registers.esp: 4389764 registers.edi: 5189240 registers.eax: 1447909480 registers.ebp: 4003315732 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 14868282 registers.ecx: 20	1	0	0

File has been identified by 39 AntiVirus engines on VirusTotal as malicious (39 events)

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
MicroWorld-eScan	Gen:Variant.Zusy.569213
Skyhigh	BehavesLike.Win32.Generic.vh
ALYac	Gen:Variant.Zusy.569213
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.569213
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/malicious_confidence_100% (D)
BitDefender	Gen:Variant.Zusy.569213
Arcabit	Trojan.Zusy.D8AF7D
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan.Win32.DInvoke.gen
Emsisoft	Gen:Variant.Zusy.569213 (B)
F-Secure	Trojan.TR/Crypt.TPM.Gen
McAfeeD	Real Protect-LS!745D5CD64AEE
Trapmine	malicious.high.ml.score
CTX	exe.unknown.zusy
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.745d5cd64aee1b5c
Google	Detected
Avira	TR/Crypt.TPM.Gen
Kingsoft	malware.kb.a.993
Gridinsoft	Trojan.Heur!.030120A1
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Zusy.569213
Varist	W32/Themida.CT.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R693230
DeepInstinct	MALICIOUS
Ikarus	Trojan.Win32.LummaStealer
Zoner	Probably Heur.ExeHeaderL
Fortinet	W32/Themida.HZB!tr
AVG	Win32:Evo-gen [Trj]

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All