Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 8, 2025, 12:08 p.m.	March 8, 2025, 12:42 p.m.

Size	2.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a62fe491673f0de54e959defbfebd0dd`
SHA256	`936d17e301a6f5b6878b1a6f46a215d5af02d8254c65dc64a8679f7b2ff25213`
CRC32	`0ED54A59`
ssdeep	`49152:2XgU4282P9ies0OHGdQJXu3dUM1SqM5L:2Q07QniQNuv1SqYL`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file

yUI6F6C.exe "C:\Users\test22\AppData\Local\Temp\yUI6F6C.exe"
2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
45.83.31.35	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 8, 2025, 12:08 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	mzhehwmc
section	roelxloa
section	.taggant

One or more processes crashed (50 out of 116 events)

Time & API	Arguments	Status
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: yui6f6c+0x2ff0b9 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 3141817 exception.address: 0x3ef0b9 registers.esp: 6945536 registers.edi: 0 registers.eax: 1 registers.ebp: 6945552 registers.edx: 5795840 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 05 02 e8 7e 75 05 01 a9 ba 7e 03 04 24 2d 01 exception.symbol: yui6f6c+0x642de exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 410334 exception.address: 0x1542de registers.esp: 6945500 registers.edi: 1968898280 registers.eax: 1392147 registers.ebp: 3991412756 registers.edx: 983040 registers.ebx: 4232047090 registers.esi: 3 registers.ecx: 1969094656	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 12 05 00 00 5a 81 c4 04 00 00 00 81 ec 04 exception.symbol: yui6f6c+0x640df exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 409823 exception.address: 0x1540df registers.esp: 6945504 registers.edi: 1968898280 registers.eax: 1419369 registers.ebp: 3991412756 registers.edx: 983040 registers.ebx: 4232047090 registers.esi: 3 registers.ecx: 1969094656	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 53 e9 a5 fe ff ff 5b 81 f1 14 25 9f 7f e9 2c exception.symbol: yui6f6c+0x6457b exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 411003 exception.address: 0x15457b registers.esp: 6945504 registers.edi: 4294943008 registers.eax: 1419369 registers.ebp: 3991412756 registers.edx: 983040 registers.ebx: 237801 registers.esi: 3 registers.ecx: 1969094656	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 68 48 78 d7 5a 89 0c 24 e9 39 f5 ff ff 51 b9 exception.symbol: yui6f6c+0x659e2 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 416226 exception.address: 0x1559e2 registers.esp: 6945504 registers.edi: 4294943008 registers.eax: 1259 registers.ebp: 3991412756 registers.edx: 651176153 registers.ebx: 4294941796 registers.esi: 3 registers.ecx: 1424851	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 05 a4 b2 ff 36 51 b9 82 2d df 7f 53 bb 7c ab exception.symbol: yui6f6c+0x1dd0a9 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 1953961 exception.address: 0x2cd0a9 registers.esp: 6945500 registers.edi: 1431701 registers.eax: 2936760 registers.ebp: 3991412756 registers.edx: 389120 registers.ebx: 389120 registers.esi: 2936347 registers.ecx: 2056781824	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 14 01 00 00 33 1c 24 31 1c 24 33 1c 24 5c exception.symbol: yui6f6c+0x1dd327 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 1954599 exception.address: 0x2cd327 registers.esp: 6945504 registers.edi: 1431701 registers.eax: 2967030 registers.ebp: 3991412756 registers.edx: 4294940048 registers.ebx: 2179434839 registers.esi: 2936347 registers.ecx: 2056781824	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 73 00 00 00 81 c4 04 00 00 00 81 f2 c5 55 exception.symbol: yui6f6c+0x1e3286 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 1979014 exception.address: 0x2d3286 registers.esp: 6945504 registers.edi: 1431701 registers.eax: 31501 registers.ebp: 3991412756 registers.edx: 2130566132 registers.ebx: 46072511 registers.esi: 2992359 registers.ecx: 703	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 68 13 e4 43 03 89 2c 24 83 ec 04 89 34 24 e9 exception.symbol: yui6f6c+0x1e2f79 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 1978233 exception.address: 0x2d2f79 registers.esp: 6945504 registers.edi: 1431701 registers.eax: 31501 registers.ebp: 3991412756 registers.edx: 2130566132 registers.ebx: 1549541099 registers.esi: 2963463 registers.ecx: 0	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 81 c1 57 c2 fc 7f 57 bf 25 dc df 67 57 bf 8b exception.symbol: yui6f6c+0x1e4c03 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 1985539 exception.address: 0x2d4c03 registers.esp: 6945500 registers.edi: 7876009 registers.eax: 27927 registers.ebp: 3991412756 registers.edx: 21446 registers.ebx: 2963489 registers.esi: 0 registers.ecx: 2968024	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 50 e9 9a fe ff ff 33 0c 24 31 0c 24 33 0c 24 exception.symbol: yui6f6c+0x1e4c33 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 1985587 exception.address: 0x2d4c33 registers.esp: 6945504 registers.edi: 7876009 registers.eax: 0 registers.ebp: 3991412756 registers.edx: 21446 registers.ebx: 2963489 registers.esi: 1259 registers.ecx: 2971235	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 56 54 5e 52 ba 04 00 00 exception.symbol: yui6f6c+0x1eea3d exception.instruction: in eax, dx exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2026045 exception.address: 0x2dea3d registers.esp: 6945496 registers.edi: 7876009 registers.eax: 1447909480 registers.ebp: 3991412756 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 2998272 registers.ecx: 20	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: yui6f6c+0x1ef853 exception.address: 0x2df853 exception.module: yUI6F6C.exe exception.exception_code: 0xc000001d exception.offset: 2029651 registers.esp: 6945496 registers.edi: 7876009 registers.eax: 1 registers.ebp: 3991412756 registers.edx: 22104 registers.ebx: 0 registers.esi: 2998272 registers.ecx: 20	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 0a 2a 2d 12 01 exception.symbol: yui6f6c+0x1ef491 exception.instruction: in eax, dx exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2028689 exception.address: 0x2df491 registers.esp: 6945496 registers.edi: 7876009 registers.eax: 1447909480 registers.ebp: 3991412756 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 2998272 registers.ecx: 10	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: cd 01 eb 00 66 8b d0 6a 00 50 e8 03 00 00 00 20 exception.symbol: yui6f6c+0x1f48d4 exception.instruction: int 1 exception.module: yUI6F6C.exe exception.exception_code: 0xc0000005 exception.offset: 2050260 exception.address: 0x2e48d4 registers.esp: 6945464 registers.edi: 0 registers.eax: 6945464 registers.ebp: 3991412756 registers.edx: 1981564416 registers.ebx: 3033673 registers.esi: 1981589122 registers.ecx: 41507072	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 57 e9 90 fe ff ff 51 b9 aa 0e exception.symbol: yui6f6c+0x1f5ac3 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2054851 exception.address: 0x2e5ac3 registers.esp: 6945504 registers.edi: 7876009 registers.eax: 3064728 registers.ebp: 3991412756 registers.edx: 336535860 registers.ebx: 55260624 registers.esi: 22864 registers.ecx: 2056781824	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 68 77 6e 59 4e e9 e0 fd ff exception.symbol: yui6f6c+0x1f54a1 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2053281 exception.address: 0x2e54a1 registers.esp: 6945504 registers.edi: 7876009 registers.eax: 3038316 registers.ebp: 3991412756 registers.edx: 0 registers.ebx: 2283 registers.esi: 22864 registers.ecx: 2056781824	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 57 89 e7 81 c7 04 00 00 00 e9 00 00 00 00 81 exception.symbol: yui6f6c+0x2042d9 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2114265 exception.address: 0x2f42d9 registers.esp: 6945504 registers.edi: 3122913 registers.eax: 27387 registers.ebp: 3991412756 registers.edx: 6 registers.ebx: 55260846 registers.esi: 1103849 registers.ecx: 4294942408	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 68 60 aa b5 12 89 0c 24 89 e1 81 c1 04 00 00 exception.symbol: yui6f6c+0x208406 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2130950 exception.address: 0x2f8406 registers.esp: 6945496 registers.edi: 3114467 registers.eax: 30211 registers.ebp: 3991412756 registers.edx: 0 registers.ebx: 1177194865 registers.esi: 1103849 registers.ecx: 1179202795	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 51 50 52 ba 52 5e ff 7f 89 54 exception.symbol: yui6f6c+0x20aad9 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2140889 exception.address: 0x2faad9 registers.esp: 6945496 registers.edi: 3114467 registers.eax: 84201 registers.ebp: 3991412756 registers.edx: 0 registers.ebx: 415644707 registers.esi: 1103849 registers.ecx: 3124497	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 f6 fd ff ff 81 ee 00 b1 7e 33 5f 89 f0 8b exception.symbol: yui6f6c+0x20eff1 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2158577 exception.address: 0x2feff1 registers.esp: 6945492 registers.edi: 3114467 registers.eax: 30920 registers.ebp: 3991412756 registers.edx: 2130566132 registers.ebx: 3140796 registers.esi: 1103849 registers.ecx: 2056781824	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 31 d2 ff 34 13 8b 0c 24 56 89 1c 24 e9 3d ff exception.symbol: yui6f6c+0x20f064 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2158692 exception.address: 0x2ff064 registers.esp: 6945496 registers.edi: 3114467 registers.eax: 30920 registers.ebp: 3991412756 registers.edx: 2130566132 registers.ebx: 3171716 registers.esi: 1103849 registers.ecx: 2056781824	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 e8 ff ff ff f7 14 24 59 81 e9 5d 5c 2f ea exception.symbol: yui6f6c+0x20f50d exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2159885 exception.address: 0x2ff50d registers.esp: 6945496 registers.edi: 3114467 registers.eax: 30920 registers.ebp: 3991412756 registers.edx: 4294938828 registers.ebx: 3171716 registers.esi: 1103849 registers.ecx: 1783979243	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 51 b9 7d 1d d9 66 e9 3c 03 00 00 c1 ef 06 81 exception.symbol: yui6f6c+0x22a367 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2270055 exception.address: 0x31a367 registers.esp: 6945460 registers.edi: 3252646 registers.eax: 28741 registers.ebp: 3991412756 registers.edx: 2130566132 registers.ebx: 894964836 registers.esi: 3247227 registers.ecx: 2056781824	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 31 db ff 34 3b ff 34 24 59 55 89 e5 53 e9 56 exception.symbol: yui6f6c+0x22a86f exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2271343 exception.address: 0x31a86f registers.esp: 6945464 registers.edi: 3281387 registers.eax: 28741 registers.ebp: 3991412756 registers.edx: 2130566132 registers.ebx: 894964836 registers.esi: 3247227 registers.ecx: 2056781824	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 f3 00 00 00 57 89 e7 81 c7 04 00 00 00 e9 exception.symbol: yui6f6c+0x22a6df exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2270943 exception.address: 0x31a6df registers.esp: 6945464 registers.edi: 3281387 registers.eax: 28741 registers.ebp: 3991412756 registers.edx: 2130566132 registers.ebx: 4294941200 registers.esi: 3247227 registers.ecx: 604292949	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 68 de ad b3 0f 89 14 24 89 34 24 89 e6 50 b8 exception.symbol: yui6f6c+0x22b0bb exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2273467 exception.address: 0x31b0bb registers.esp: 6945464 registers.edi: 3281387 registers.eax: 32448 registers.ebp: 3991412756 registers.edx: 3288128 registers.ebx: 2076164398 registers.esi: 3247227 registers.ecx: 604292949	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 68 f7 0c 10 3d 89 1c 24 bb 25 35 6f 5f 81 ec exception.symbol: yui6f6c+0x22adfb exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2272763 exception.address: 0x31adfb registers.esp: 6945464 registers.edi: 3281387 registers.eax: 32448 registers.ebp: 3991412756 registers.edx: 3288128 registers.ebx: 4294937760 registers.esi: 780644712 registers.ecx: 604292949	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 56 51 68 e1 67 93 2e 89 04 24 55 89 34 24 be exception.symbol: yui6f6c+0x22c0e5 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2277605 exception.address: 0x31c0e5 registers.esp: 6945464 registers.edi: 3288441 registers.eax: 29424 registers.ebp: 3991412756 registers.edx: 1315861349 registers.ebx: 4294937760 registers.esi: 780644712 registers.ecx: 5920321	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 3e fa ff ff 4b 81 e3 62 a9 b3 7f 81 eb 4b exception.symbol: yui6f6c+0x22c303 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2278147 exception.address: 0x31c303 registers.esp: 6945464 registers.edi: 3262045 registers.eax: 0 registers.ebp: 3991412756 registers.edx: 1315861349 registers.ebx: 4294937760 registers.esi: 1392536160 registers.ecx: 5920321	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 81 c6 1f 13 f9 0d 83 ec 04 e9 a0 fb ff ff 50 exception.symbol: yui6f6c+0x22d6da exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2283226 exception.address: 0x31d6da registers.esp: 6945460 registers.edi: 3264362 registers.eax: 30234 registers.ebp: 3991412756 registers.edx: 670154475 registers.ebx: 4294937760 registers.esi: 3264873 registers.ecx: 0	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 56 89 04 24 e9 49 02 00 00 53 bb 7a f8 8b 8b exception.symbol: yui6f6c+0x22d19b exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2281883 exception.address: 0x31d19b registers.esp: 6945464 registers.edi: 3264362 registers.eax: 0 registers.ebp: 3991412756 registers.edx: 670154475 registers.ebx: 4294937760 registers.esi: 3267855 registers.ecx: 44777	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 bc fc ff ff 89 14 24 53 e9 b0 fe ff ff b9 exception.symbol: yui6f6c+0x231fa3 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2301859 exception.address: 0x321fa3 registers.esp: 6945460 registers.edi: 3282608 registers.eax: 26139 registers.ebp: 3991412756 registers.edx: 0 registers.ebx: 65786 registers.esi: 3267855 registers.ecx: 1971716238	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 68 dc d6 49 72 e9 79 01 00 00 59 e9 f3 07 00 exception.symbol: yui6f6c+0x231745 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2299717 exception.address: 0x321745 registers.esp: 6945464 registers.edi: 3308747 registers.eax: 26139 registers.ebp: 3991412756 registers.edx: 0 registers.ebx: 4294944624 registers.esi: 715562381 registers.ecx: 1971716238	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 74 f9 ff ff 89 04 24 51 56 be 04 00 00 00 exception.symbol: yui6f6c+0x233223 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2306595 exception.address: 0x323223 registers.esp: 6945460 registers.edi: 3308747 registers.eax: 28655 registers.ebp: 3991412756 registers.edx: 1122146633 registers.ebx: 1395386 registers.esi: 715562381 registers.ecx: 3286977	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 50 89 1c 24 e9 29 04 00 00 81 f7 a7 1c e1 2f exception.symbol: yui6f6c+0x232c6b exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2305131 exception.address: 0x322c6b registers.esp: 6945464 registers.edi: 3308747 registers.eax: 24811 registers.ebp: 3991412756 registers.edx: 1122146633 registers.ebx: 1395386 registers.esi: 4294941676 registers.ecx: 3315632	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 29 db ff 34 3b ff 34 24 ff 34 24 e9 1b 00 00 exception.symbol: yui6f6c+0x237089 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2322569 exception.address: 0x327089 registers.esp: 6945464 registers.edi: 3334947 registers.eax: 31408 registers.ebp: 3991412756 registers.edx: 903847443 registers.ebx: 302088707 registers.esi: 3302791 registers.ecx: 27783	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 55 bd d7 eb 7c 5f ba 4a f5 a2 df 01 ea 5d c1 exception.symbol: yui6f6c+0x2369a1 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2320801 exception.address: 0x3269a1 registers.esp: 6945464 registers.edi: 3334947 registers.eax: 81129 registers.ebp: 3991412756 registers.edx: 903847443 registers.ebx: 4294938612 registers.esi: 3302791 registers.ecx: 27783	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 14 24 89 34 24 56 c7 04 exception.symbol: yui6f6c+0x238736 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2328374 exception.address: 0x328736 registers.esp: 6945464 registers.edi: 3334947 registers.eax: 0 registers.ebp: 3991412756 registers.edx: 3311450 registers.ebx: 730869715 registers.esi: 2298801283 registers.ecx: 1514816816	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 b8 fe ff ff 5a 81 f2 da ed dd 77 e9 41 04 exception.symbol: yui6f6c+0x24622f exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2384431 exception.address: 0x33622f registers.esp: 6945464 registers.edi: 3332766 registers.eax: 30141 registers.ebp: 3991412756 registers.edx: 2130566132 registers.ebx: 1971716070 registers.esi: 3396634 registers.ecx: 0	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 0c 24 e9 eb 02 00 00 c1 exception.symbol: yui6f6c+0x246256 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2384470 exception.address: 0x336256 registers.esp: 6945464 registers.edi: 3332766 registers.eax: 0 registers.ebp: 3991412756 registers.edx: 2130566132 registers.ebx: 1239381 registers.esi: 3369346 registers.ecx: 0	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 55 e9 4b fa ff ff 81 f7 c3 exception.symbol: yui6f6c+0x24a12d exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2400557 exception.address: 0x33a12d registers.esp: 6945464 registers.edi: 11528535 registers.eax: 25906 registers.ebp: 3991412756 registers.edx: 2010346985 registers.ebx: 941335777 registers.esi: 3407007 registers.ecx: 4294944268	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 ad 05 00 00 81 c2 4b 96 30 5a 31 d5 5a c1 exception.symbol: yui6f6c+0x259cdf exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2464991 exception.address: 0x349cdf registers.esp: 6945464 registers.edi: 3435893 registers.eax: 3739833942 registers.ebp: 3991412756 registers.edx: 0 registers.ebx: 3408800 registers.esi: 34849032 registers.ecx: 3450051	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 81 c2 00 73 bf 6f e9 07 fe ff ff b8 27 10 77 exception.symbol: yui6f6c+0x2633a8 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2503592 exception.address: 0x3533a8 registers.esp: 6945460 registers.edi: 3990637921 registers.eax: 26704 registers.ebp: 3991412756 registers.edx: 3484463 registers.ebx: 1898760357 registers.esi: 156172462 registers.ecx: 107	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 53 52 89 e2 e9 7a 00 00 00 83 2c 24 ff 81 2c exception.symbol: yui6f6c+0x26300f exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2502671 exception.address: 0x35300f registers.esp: 6945464 registers.edi: 3990637921 registers.eax: 26704 registers.ebp: 3991412756 registers.edx: 3487431 registers.ebx: 322689 registers.esi: 0 registers.ecx: 107	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 57 54 8b 3c 24 81 c4 04 00 00 00 83 ec 04 89 exception.symbol: yui6f6c+0x2692c4 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2527940 exception.address: 0x3592c4 registers.esp: 6945464 registers.edi: 42133842 registers.eax: 29083 registers.ebp: 3991412756 registers.edx: 3539463 registers.ebx: 3488787 registers.esi: 34849032 registers.ecx: 4294940548	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb e9 9f f9 ff ff c1 24 24 03 81 34 24 60 65 96 exception.symbol: yui6f6c+0x279c7f exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2595967 exception.address: 0x369c7f registers.esp: 6945464 registers.edi: 0 registers.eax: 3606482 registers.ebp: 3991412756 registers.edx: 2130566132 registers.ebx: 1023831144 registers.esi: 4294941156 registers.ecx: 2056781824	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 52 50 50 c7 04 24 7e 57 f6 3e 56 be 1a a8 bf exception.symbol: yui6f6c+0x282d28 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2633000 exception.address: 0x372d28 registers.esp: 6945464 registers.edi: 3646673 registers.eax: 31456 registers.ebp: 3991412756 registers.edx: 395049983 registers.ebx: 16910336 registers.esi: 3286223 registers.ecx: 3738837507	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 55 50 e9 69 f9 ff ff 35 3b 78 cf 67 40 48 35 exception.symbol: yui6f6c+0x283332 exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2634546 exception.address: 0x373332 registers.esp: 6945464 registers.edi: 3618237 registers.eax: 31456 registers.ebp: 3991412756 registers.edx: 395049983 registers.ebx: 0 registers.esi: 3286223 registers.ecx: 2298801283	1
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: fb 55 bd 5e 91 af 77 83 c5 ff e9 5a 01 00 00 5a exception.symbol: yui6f6c+0x283dab exception.instruction: sti exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2637227 exception.address: 0x373dab registers.esp: 6945460 registers.edi: 3618237 registers.eax: 31537 registers.ebp: 3991412756 registers.edx: 342409336 registers.ebx: 1288289258 registers.esi: 3286223 registers.ecx: 3618722	1

Allocates read-write-execute memory (usually to unpack itself) (16 events)

Time & API	Arguments	Status
NtProtectVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 389120 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000f1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02230000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02400000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02510000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02560000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02570000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02580000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02590000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02570000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02570000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02570000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02570000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:08 p.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02570000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x0005f000', u'virtual_address': u'0x00001000', u'entropy': 7.169833059547753, u'name': u' \\x00 ', u'virtual_size': u'0x0005f000'}

entropy

7.16983305955

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00196200', u'virtual_address': u'0x002ff000', u'entropy': 7.953537250716953, u'name': u'mzhehwmc', u'virtual_size': u'0x00197000'}

entropy

7.95353725072

description

A section with a high entropy has been found

entropy

0.994542297197

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Communicates with host for which no DNS query was performed (1 event)

host

45.83.31.35

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA March 8, 2025, 12:08 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA March 8, 2025, 12:08 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ March 8, 2025, 12:08 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 56 54 5e 52 ba 04 00 00 exception.symbol: yui6f6c+0x1eea3d exception.instruction: in eax, dx exception.module: yUI6F6C.exe exception.exception_code: 0xc0000096 exception.offset: 2026045 exception.address: 0x2dea3d registers.esp: 6945496 registers.edi: 7876009 registers.eax: 1447909480 registers.ebp: 3991412756 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 2998272 registers.ecx: 20	1	0	0

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Themida.4!c
tehtris	Generic.Malware
Cynet	Malicious (score: 99)
CAT-QuickHeal	cld.trojan.generic
Skyhigh	BehavesLike.Win32.Themida.tc
ALYac	Gen:Variant.Symmi.84601
Cylance	Unsafe
VIPRE	Gen:Variant.Symmi.84601
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Variant.Symmi.84601
Arcabit	Trojan.Symmi.D14A79
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	Trojan.Win32.Phpw.bvme
Alibaba	Packed:Win32/Themida.bd36af34
MicroWorld-eScan	Gen:Variant.Symmi.84601
Rising	Stealer.RisePro!8.176E1 (TFE:2:dqobFSWndi)
Emsisoft	Gen:Variant.Symmi.84601 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	Trojan.PWS.Lumma.1819
McAfeeD	Real Protect-LS!A62FE491673F
Trapmine	malicious.high.ml.score
CTX	exe.trojan.themida
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.a62fe491673f0de5
Google	Detected
Avira	TR/Crypt.XPACK.Gen
Kingsoft	Win32.Trojan.Convagent.gen
Gridinsoft	Spy.Win32.Gen.tr
Microsoft	Trojan:Win32/LummaStealer!rfn
ViRobot	Trojan.Win.Z.Symmi.2067968.B
GData	Gen:Variant.Symmi.84601
Varist	W32/Themida.CT.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R693419
McAfee	Artemis!A62FE491673F
DeepInstinct	MALICIOUS
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	Trojan.Amadey
Ikarus	Win32.Outbreak
Panda	Trj/Chgt.AD
Zoner	Probably Heur.ExeHeaderL
Tencent	Win32.Trojan.Generic.Dkjl
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Themida.HZB!tr

yUI6F6C.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All