Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 26, 2025, 9:46 a.m.	Feb. 26, 2025, 9:52 a.m.

Size	4.5MB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`b2485d947085da474eb8c19a810893c7`
SHA256	`37bff04bb2112e74bfdcaf070f47c3e94b21280e1110ea0ea1eae1246be7816b`
CRC32	`1BE42F6E`
ssdeep	`98304:ZC+ThXgKfKpQ3pRztNOqBRSxQABvbcl2wmN8Wkz3IC7iS:ZC+9gKfNRnR2hzMWkz3`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
2640
- ARPPRODUCTICON.exe "C:\Windows\Installer\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\ARPPRODUCTICON.exe"
  2904

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (6 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 26, 2025, 9:46 a.m.			0	0
IsDebuggerPresent Feb. 26, 2025, 9:46 a.m.			0	0
IsDebuggerPresent Feb. 26, 2025, 9:46 a.m.			0	0
IsDebuggerPresent Feb. 26, 2025, 9:46 a.m.			0	0
IsDebuggerPresent Feb. 26, 2025, 9:46 a.m.			0	0
IsDebuggerPresent Feb. 26, 2025, 9:46 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	ehhfoyyr
section	xyyqcjxo
section	.taggant

One or more processes crashed (50 out of 115 events)

Time & API	Arguments	Status
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: random+0xa750b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 10965177 exception.address: 0x15050b9 registers.esp: 4192520 registers.edi: 0 registers.eax: 1 registers.ebp: 4192536 registers.edx: 23908352 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 31 db 51 e9 7d 00 00 00 8b 34 24 83 c4 04 68 exception.symbol: random+0x7203b8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 7472056 exception.address: 0x11b03b8 registers.esp: 4192488 registers.edi: 1968898280 registers.eax: 27173 registers.ebp: 4008566804 registers.edx: 11075584 registers.ebx: 5493 registers.esi: 18573178 registers.ecx: 1969094656	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 55 89 e5 51 68 04 00 00 00 e9 bd fd ff ff 81 exception.symbol: random+0x72036a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 7471978 exception.address: 0x11b036a registers.esp: 4192488 registers.edi: 1968898280 registers.eax: 27173 registers.ebp: 4008566804 registers.edx: 11075584 registers.ebx: 4294942596 registers.esi: 18573178 registers.ecx: 2362247016	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 56 e9 f1 fd ff ff exception.symbol: random+0x720cce exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 7474382 exception.address: 0x11b0cce registers.esp: 4192488 registers.edi: 1968898280 registers.eax: 4294940544 registers.ebp: 4008566804 registers.edx: 1554699927 registers.ebx: 235753 registers.esi: 18579041 registers.ecx: 2362247016	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 f2 fc ff ff 51 68 a7 0b a4 4d e9 exception.symbol: random+0x89b03c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9023548 exception.address: 0x132b03c registers.esp: 4192488 registers.edi: 18585685 registers.eax: 32668 registers.ebp: 4008566804 registers.edx: 0 registers.ebx: 7385088 registers.esi: 20099271 registers.ecx: 1087122280	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 51 89 e1 55 bd 04 00 00 00 e9 99 01 00 00 8b exception.symbol: random+0x8a130c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9048844 exception.address: 0x133130c registers.esp: 4192488 registers.edi: 938 registers.eax: 20153748 registers.ebp: 4008566804 registers.edx: 50090 registers.ebx: 20117481 registers.esi: 38006 registers.ecx: 96	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb e9 57 fe ff ff 81 c2 4b 00 7b 76 56 be ae 79 exception.symbol: random+0x8a0e2d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9047597 exception.address: 0x1330e2d registers.esp: 4192488 registers.edi: 938 registers.eax: 20125020 registers.ebp: 4008566804 registers.edx: 202985 registers.ebx: 20117481 registers.esi: 38006 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 51 b9 2d a5 d1 5d 50 b8 be 23 db 1f 29 c1 8b exception.symbol: random+0x8a7b2d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9075501 exception.address: 0x1337b2d registers.esp: 4192484 registers.edi: 5189024 registers.eax: 31734 registers.ebp: 4008566804 registers.edx: 691510015 registers.ebx: 2015868829 registers.esi: 20150615 registers.ecx: 2015868829	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 52 89 0c 24 57 52 89 04 24 e9 0a 01 00 00 be exception.symbol: random+0x8a7ceb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9075947 exception.address: 0x1337ceb registers.esp: 4192488 registers.edi: 5189024 registers.eax: 31734 registers.ebp: 4008566804 registers.edx: 691510015 registers.ebx: 2015868829 registers.esi: 20182349 registers.ecx: 2015868829	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 57 e9 c0 f6 ff ff 8f 04 24 e9 76 f5 ff ff 01 exception.symbol: random+0x8a8487 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9077895 exception.address: 0x1338487 registers.esp: 4192488 registers.edi: 5189024 registers.eax: 1114345 registers.ebp: 4008566804 registers.edx: 691510015 registers.ebx: 0 registers.esi: 20153621 registers.ecx: 2015868829	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 ec 04 89 0c 24 81 ec exception.symbol: random+0x8aa567 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9086311 exception.address: 0x133a567 registers.esp: 4192480 registers.edi: 5189024 registers.eax: 1447909480 registers.ebp: 4008566804 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 20157785 registers.ecx: 20	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x8a9a32 exception.address: 0x1339a32 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 9083442 registers.esp: 4192480 registers.edi: 5189024 registers.eax: 1 registers.ebp: 4008566804 registers.edx: 22104 registers.ebx: 0 registers.esi: 20157785 registers.ecx: 20	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 86 36 2d 12 01 exception.symbol: random+0x8ae54a exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9102666 exception.address: 0x133e54a registers.esp: 4192480 registers.edi: 5189024 registers.eax: 1447909480 registers.ebp: 4008566804 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 20157785 registers.ecx: 10	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb e9 3a 00 00 00 68 f7 e3 53 75 89 14 24 ba 04 exception.symbol: random+0x8b2431 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9118769 exception.address: 0x1342431 registers.esp: 4192484 registers.edi: 5189024 registers.eax: 28331 registers.ebp: 4008566804 registers.edx: 2130566132 registers.ebx: 55261546 registers.esi: 10 registers.ecx: 20192778	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 31 f6 ff 34 0e ff 34 24 5f e9 5b fc ff ff 81 exception.symbol: random+0x8b279b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9119643 exception.address: 0x134279b registers.esp: 4192488 registers.edi: 5189024 registers.eax: 28331 registers.ebp: 4008566804 registers.edx: 2130566132 registers.ebx: 55261546 registers.esi: 10 registers.ecx: 20221109	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 53 e9 00 00 00 00 c7 04 24 d5 b8 05 26 e9 1a exception.symbol: random+0x8b2a02 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9120258 exception.address: 0x1342a02 registers.esp: 4192488 registers.edi: 2209636448 registers.eax: 28331 registers.ebp: 4008566804 registers.edx: 2130566132 registers.ebx: 55261546 registers.esi: 4294942132 registers.ecx: 20221109	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 6a 00 51 e8 03 00 00 00 20 59 c3 59 exception.symbol: random+0x8b2c81 exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 9120897 exception.address: 0x1342c81 registers.esp: 4192448 registers.edi: 0 registers.eax: 4192448 registers.ebp: 4008566804 registers.edx: 20212581 registers.ebx: 20196846 registers.esi: 4294902025 registers.ecx: 3527996320	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 68 5a b6 7a 76 e9 91 ff ff ff c1 e1 02 81 e9 exception.symbol: random+0x8c18ca exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9181386 exception.address: 0x13518ca registers.esp: 4192488 registers.edi: 18542574 registers.eax: 32234 registers.ebp: 4008566804 registers.edx: 6 registers.ebx: 55261768 registers.esi: 20286639 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 51 89 1c 24 50 89 0c 24 57 e9 d3 01 00 00 5c exception.symbol: random+0x8c1750 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9181008 exception.address: 0x1351750 registers.esp: 4192488 registers.edi: 18542574 registers.eax: 32234 registers.ebp: 4008566804 registers.edx: 6 registers.ebx: 607453008 registers.esi: 20257731 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 50 b8 32 2f 3d 77 e9 00 00 00 00 81 c7 d3 e4 exception.symbol: random+0x8c36e9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9189097 exception.address: 0x13536e9 registers.esp: 4192484 registers.edi: 20263631 registers.eax: 32456 registers.ebp: 4008566804 registers.edx: 964508388 registers.ebx: 607453008 registers.esi: 20257731 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb e9 f6 00 00 00 89 04 24 55 e9 da fa ff ff 81 exception.symbol: random+0x8c3c8f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9190543 exception.address: 0x1353c8f registers.esp: 4192488 registers.edi: 20296087 registers.eax: 32456 registers.ebp: 4008566804 registers.edx: 964508388 registers.ebx: 607453008 registers.esi: 20257731 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 55 e9 ea 00 00 00 5b 8b 04 24 83 c4 04 83 ec exception.symbol: random+0x8c369c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9189020 exception.address: 0x135369c registers.esp: 4192488 registers.edi: 20296087 registers.eax: 32456 registers.ebp: 4008566804 registers.edx: 4294937692 registers.ebx: 607453008 registers.esi: 20257731 registers.ecx: 3966876499	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 50 54 58 05 04 00 00 00 e9 12 00 00 00 89 ca exception.symbol: random+0x8c446e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9192558 exception.address: 0x135446e registers.esp: 4192488 registers.edi: 20296087 registers.eax: 20297425 registers.ebp: 4008566804 registers.edx: 4294937692 registers.ebx: 607453008 registers.esi: 20257731 registers.ecx: 589624050	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 68 6a fb c9 59 89 1c 24 57 52 55 68 f0 e1 77 exception.symbol: random+0x8c42fd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9192189 exception.address: 0x13542fd registers.esp: 4192488 registers.edi: 1092841 registers.eax: 20269753 registers.ebp: 4008566804 registers.edx: 0 registers.ebx: 607453008 registers.esi: 20257731 registers.ecx: 589624050	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 0c 24 e9 ef f8 ff ff c1 exception.symbol: random+0x8c9466 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9213030 exception.address: 0x1359466 registers.esp: 4192476 registers.edi: 20286537 registers.eax: 25398 registers.ebp: 4008566804 registers.edx: 0 registers.ebx: 607453008 registers.esi: 20257731 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 57 e9 25 02 00 00 81 c4 04 00 00 00 e9 10 01 exception.symbol: random+0x8c921b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9212443 exception.address: 0x135921b registers.esp: 4192480 registers.edi: 20311935 registers.eax: 25398 registers.ebp: 4008566804 registers.edx: 4294944396 registers.ebx: 607453008 registers.esi: 84201 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 e9 36 00 00 00 89 3c 24 e9 exception.symbol: random+0x8dc81e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9291806 exception.address: 0x136c81e registers.esp: 4192476 registers.edi: 2130566127 registers.eax: 20364811 registers.ebp: 4008566804 registers.edx: 2130566127 registers.ebx: 4079421507 registers.esi: 212100406 registers.ecx: 2150929028	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 57 57 89 34 24 be a1 51 ef 4d e9 e4 04 00 00 exception.symbol: random+0x8dbeeb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9289451 exception.address: 0x136beeb registers.esp: 4192480 registers.edi: 2130566127 registers.eax: 20391799 registers.ebp: 4008566804 registers.edx: 2130566127 registers.ebx: 4079421507 registers.esi: 212100406 registers.ecx: 2150929028	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 53 89 e3 81 c3 04 00 00 00 e9 25 03 00 00 8b exception.symbol: random+0x8dc403 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9290755 exception.address: 0x136c403 registers.esp: 4192480 registers.edi: 2130566127 registers.eax: 20368467 registers.ebp: 4008566804 registers.edx: 2130566127 registers.ebx: 0 registers.esi: 116969 registers.ecx: 2150929028	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb ba 16 6c 79 7f 83 ea ff c1 e2 08 50 b8 41 d6 exception.symbol: random+0x8efb5f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9370463 exception.address: 0x137fb5f registers.esp: 4192448 registers.edi: 1459645024 registers.eax: 0 registers.ebp: 4008566804 registers.edx: 2130566132 registers.ebx: 20447768 registers.esi: 20440541 registers.ecx: 2117206016	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 51 b9 bc 43 6f 6b 81 c3 bf dd ff 73 e9 00 00 exception.symbol: random+0x8f102c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9375788 exception.address: 0x138102c registers.esp: 4192444 registers.edi: 3398788745 registers.eax: 32072 registers.ebp: 4008566804 registers.edx: 1674769240 registers.ebx: 20449050 registers.esi: 20447798 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 29 d2 ff 34 1a ff 34 24 e9 6d 00 00 00 89 1c exception.symbol: random+0x8f0d6a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9375082 exception.address: 0x1380d6a registers.esp: 4192448 registers.edi: 3398788745 registers.eax: 32072 registers.ebp: 4008566804 registers.edx: 1674769240 registers.ebx: 20481122 registers.esi: 20447798 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 57 e9 48 fe ff ff 2d 8b a8 65 39 01 c2 e9 16 exception.symbol: random+0x8f0b46 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9374534 exception.address: 0x1380b46 registers.esp: 4192448 registers.edi: 3398788745 registers.eax: 32072 registers.ebp: 4008566804 registers.edx: 4294937900 registers.ebx: 20481122 registers.esi: 20447798 registers.ecx: 2107271254	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 81 c6 ee b7 1d 3e 52 51 b9 f0 d5 db 7f ba 27 exception.symbol: random+0x8f1334 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9376564 exception.address: 0x1381334 registers.esp: 4192444 registers.edi: 3398788745 registers.eax: 28521 registers.ebp: 4008566804 registers.edx: 1110725752 registers.ebx: 20481122 registers.esi: 20452115 registers.ecx: 2107271254	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 56 52 e9 0d f6 ff ff b9 00 82 fe 1f 50 b8 e7 exception.symbol: random+0x8f1d5c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9379164 exception.address: 0x1381d5c registers.esp: 4192448 registers.edi: 3398788745 registers.eax: 28521 registers.ebp: 4008566804 registers.edx: 1110725752 registers.ebx: 20481122 registers.esi: 20480636 registers.ecx: 2107271254	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 51 c7 04 24 65 1b e7 5f 50 b8 41 67 d5 6f e9 exception.symbol: random+0x8f1f5e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9379678 exception.address: 0x1381f5e registers.esp: 4192448 registers.edi: 2643157088 registers.eax: 28521 registers.ebp: 4008566804 registers.edx: 1110725752 registers.ebx: 0 registers.esi: 20455284 registers.ecx: 2107271254	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 68 ca 60 d8 43 89 1c 24 e9 91 00 00 00 89 e6 exception.symbol: random+0x8f2e43 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9383491 exception.address: 0x1382e43 registers.esp: 4192448 registers.edi: 2643157088 registers.eax: 950443405 registers.ebp: 4008566804 registers.edx: 20460401 registers.ebx: 1069940437 registers.esi: 20455284 registers.ecx: 0	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 68 be 0f ac 00 89 2c 24 89 14 24 ba 85 1a ab exception.symbol: random+0x8f7311 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9401105 exception.address: 0x1387311 registers.esp: 4192448 registers.edi: 20507290 registers.eax: 32145 registers.ebp: 4008566804 registers.edx: 20474570 registers.ebx: 65786 registers.esi: 20455284 registers.ecx: 1971716238	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 55 89 04 24 89 e0 e9 69 f9 ff ff c1 e7 06 81 exception.symbol: random+0x8f77fa exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9402362 exception.address: 0x13877fa registers.esp: 4192448 registers.edi: 20478166 registers.eax: 32145 registers.ebp: 4008566804 registers.edx: 92393 registers.ebx: 65786 registers.esi: 0 registers.ecx: 1971716238	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 52 c7 04 24 c5 b1 2f 39 89 14 24 89 3c 24 e9 exception.symbol: random+0x8fbae7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9419495 exception.address: 0x138bae7 registers.esp: 4192448 registers.edi: 4294942892 registers.eax: 27818 registers.ebp: 4008566804 registers.edx: 1049310804 registers.ebx: 1441237335 registers.esi: 20521662 registers.ecx: 1069801053	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 68 30 92 1e 67 89 14 24 57 bf 1e 2f 6f 7f 56 exception.symbol: random+0x8fc6b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9422521 exception.address: 0x138c6b9 registers.esp: 4192448 registers.edi: 4294942892 registers.eax: 31237 registers.ebp: 4008566804 registers.edx: 20528901 registers.ebx: 927743714 registers.esi: 20521662 registers.ecx: 867500329	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 56 e9 43 03 00 00 5f 87 34 24 5c 56 56 e9 7e exception.symbol: random+0x8fc8d6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9423062 exception.address: 0x138c8d6 registers.esp: 4192448 registers.edi: 4294942892 registers.eax: 31237 registers.ebp: 4008566804 registers.edx: 20500333 registers.ebx: 0 registers.esi: 20521662 registers.ecx: 3939837675	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb e9 6d 00 00 00 05 fb cf ce 7b 8b 34 24 81 c4 exception.symbol: random+0x90ee87 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9498247 exception.address: 0x139ee87 registers.esp: 4192444 registers.edi: 2757953696 registers.eax: 27341 registers.ebp: 4008566804 registers.edx: 20573486 registers.ebx: 20557168 registers.esi: 4964616 registers.ecx: 2117222656	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb e9 9e 04 00 00 8f 04 24 8b 24 24 53 bb 37 d4 exception.symbol: random+0x90eeb3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9498291 exception.address: 0x139eeb3 registers.esp: 4192448 registers.edi: 2757953696 registers.eax: 27341 registers.ebp: 4008566804 registers.edx: 20600827 registers.ebx: 20557168 registers.esi: 4964616 registers.ecx: 2117222656	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 50 56 e9 38 00 00 00 81 c4 04 exception.symbol: random+0x90f1ae exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9499054 exception.address: 0x139f1ae registers.esp: 4192448 registers.edi: 4294943088 registers.eax: 27341 registers.ebp: 4008566804 registers.edx: 20600827 registers.ebx: 20557168 registers.esi: 1206474579 registers.ecx: 2117222656	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb e9 ac 00 00 00 83 c4 04 e9 80 ff ff ff 33 14 exception.symbol: random+0x910224 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9503268 exception.address: 0x13a0224 registers.esp: 4192448 registers.edi: 4294943088 registers.eax: 27506 registers.ebp: 4008566804 registers.edx: 20604542 registers.ebx: 20557168 registers.esi: 1206474579 registers.ecx: 2117222656	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 55 56 c7 04 24 f8 6d ed 72 8b 2c 24 e9 8b 05 exception.symbol: random+0x90fbff exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9501695 exception.address: 0x139fbff registers.esp: 4192448 registers.edi: 4294943088 registers.eax: 27506 registers.ebp: 4008566804 registers.edx: 20604542 registers.ebx: 20557168 registers.esi: 2210564434 registers.ecx: 4294942848	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 68 a0 e8 f7 1f 89 34 24 56 e9 exception.symbol: random+0x91e334 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9560884 exception.address: 0x13ae334 registers.esp: 4192448 registers.edi: 20616022 registers.eax: 20664664 registers.ebp: 4008566804 registers.edx: 1498216 registers.ebx: 20581453 registers.esi: 20581449 registers.ecx: 2117206016	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb 51 89 3c 24 68 7d b6 03 1e 89 2c 24 e9 5a fc exception.symbol: random+0x91e89b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9562267 exception.address: 0x13ae89b registers.esp: 4192448 registers.edi: 20616022 registers.eax: 20639328 registers.ebp: 4008566804 registers.edx: 0 registers.ebx: 604292944 registers.esi: 20581449 registers.ecx: 2117206016	1
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: fb e9 a9 00 00 00 83 04 24 04 5f 68 86 c5 10 7e exception.symbol: random+0x9226b0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9578160 exception.address: 0x13b26b0 registers.esp: 4192444 registers.edi: 20616022 registers.eax: 28859 registers.ebp: 4008566804 registers.edx: 0 registers.ebx: 20682583 registers.esi: 4065071841 registers.ecx: 20651227	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (13 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 2842624 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a91000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00640000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00650000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02ad0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02ae0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2640 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02af0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x002b5200', u'virtual_address': u'0x00001000', u'entropy': 7.983857076146301, u'name': u' \\x00 ', u'virtual_size': u'0x0070b000'}

entropy

7.98385707615

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00002000', u'virtual_address': u'0x0070c000', u'entropy': 7.79157001867209, u'name': u'.rsrc', u'virtual_size': u'0x00010abc'}

entropy

7.79157001867

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x001c7000', u'virtual_address': u'0x00a75000', u'entropy': 7.920530556211924, u'name': u'ehhfoyyr', u'virtual_size': u'0x001c7000'}

entropy

7.92053055621

description

A section with a high entropy has been found

entropy

0.997722836695

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Yara rule detected in process memory (11 events)

description	Match Windows Http API call	rule	Str_Win32_Http_API
description	Communications over HTTP	rule	Network_HTTP
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Match Windows Inet API call	rule	Str_Win32_Internet_API

Allocates execute permission to another process indicative of possible code injection (2 events)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2904 region_size: 192512 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001b0		3221225496	0
NtAllocateVirtualMemory Feb. 26, 2025, 9:46 a.m.	process_identifier: 2904 region_size: 192512 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001b0	1	0	0

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (44 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 26, 2025, 9:46 a.m.	class_name: pediy06 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2640 called NtSetContextThread to modify thread in remote process 2904
NtSetContextThread Feb. 26, 2025, 9:46 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 759864 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000001c8 process_identifier: 2904	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2640 resumed a thread in remote process 2904
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c8 suspend_count: 1 process_identifier: 2904	1	0	0

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Feb. 26, 2025, 9:46 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 ec 04 89 0c 24 81 ec exception.symbol: random+0x8aa567 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 9086311 exception.address: 0x133a567 registers.esp: 4192480 registers.edi: 5189024 registers.eax: 1447909480 registers.ebp: 4008566804 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 20157785 registers.ecx: 20	1	0	0

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Feb. 26, 2025, 9:46 a.m.	ordinal: 0 function_address: 0x003ff599 function_name: wine_get_version module: ntdll module_address: 0x76f10000		3221225785	0

Executed a process and injected code into it, probably while unpacking (50 out of 69 events)

Time & API	Arguments	Status
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001b0	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001b0 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001b4	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001b4 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001b0	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001b0 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001b0	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001b0 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001b8	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001b8 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001b8	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001b8 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0	1
NtSetContextThread Feb. 26, 2025, 9:46 a.m.	registers.eip: 11491632 registers.esp: 235093340 registers.edi: 0 registers.eax: 0 registers.ebp: 141312 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000001c0 process_identifier: 2640	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0	1
NtSetContextThread Feb. 26, 2025, 9:46 a.m.	registers.eip: 11491632 registers.esp: 235093340 registers.edi: 0 registers.eax: 0 registers.ebp: 15 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000001c0 process_identifier: 2640	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0	1
NtSetContextThread Feb. 26, 2025, 9:46 a.m.	registers.eip: 11491632 registers.esp: 235093340 registers.edi: 0 registers.eax: 0 registers.ebp: 183895 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000001c0 process_identifier: 2640	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0	1
NtSetContextThread Feb. 26, 2025, 9:46 a.m.	registers.eip: 11491632 registers.esp: 235093340 registers.edi: 0 registers.eax: 0 registers.ebp: 200704 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000001c0 process_identifier: 2640	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0 suspend_count: 1 process_identifier: 2640	1
CreateProcessInternalW Feb. 26, 2025, 9:46 a.m.	thread_identifier: 0 thread_handle: 0x00000000 process_identifier: 0 current_directory: filepath: C:\Windows\Boot\PCAT\memtest.exe track: 0 command_line: filepath_r: C:\Windows\Boot\PCAT\memtest.exe stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000000
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001cc	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001cc suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c4	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c4 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c4	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c4 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c4	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c4 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c4	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c4 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c4	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c4 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0	1
NtResumeThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001c0 suspend_count: 1 process_identifier: 2640	1
NtGetContextThread Feb. 26, 2025, 9:46 a.m.	thread_handle: 0x000001d0	1

File has been identified by 37 AntiVirus engines on VirusTotal as malicious (37 events)

Bkav	W32.AIDetectMalware
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Generic.rc
ALYac	Trojan.GenericKDZ.109919
Cylance	Unsafe
VIPRE	Trojan.GenericKDZ.109919
CrowdStrike	win/malicious_confidence_90% (W)
BitDefender	Trojan.GenericKDZ.109919
Arcabit	Trojan.Generic.D1AD5F
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
Avast	Win32:Evo-gen [Trj]
Kaspersky	VHO:Backdoor.Win32.Agent.gen
MicroWorld-eScan	Trojan.GenericKDZ.109919
Rising	Trojan.Agent!1.128C8 (CLASSIC)
Emsisoft	Trojan.GenericKDZ.109919 (B)
F-Secure	Heuristic.HEUR/AGEN.1314794
McAfeeD	ti!37BFF04BB211
Trapmine	malicious.moderate.ml.score
CTX	exe.trojan.generickdz
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.b2485d947085da47
Google	Detected
Avira	HEUR/AGEN.1314794
Gridinsoft	Trojan.Heur!.038121A1
Microsoft	Trojan:Win32/Sabsik.FL.A!ml
GData	Trojan.GenericKDZ.109919
AhnLab-V3	Trojan/Win.Evo-gen.C5728871
DeepInstinct	MALICIOUS
VBA32	TScope.Malware-Cryptor.SB
Ikarus	Trojan-PSW.Agent
Panda	Trj/Genetic.gen
Zoner	Probably Heur.ExeHeaderL
Fortinet	W32/Themida.HZB!tr
AVG	Win32:Evo-gen [Trj]

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All