Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 13, 2025, 9:46 a.m.	March 13, 2025, 9:51 a.m.

Size	384.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f07b59eb2e079540ea519fdf9f03519c`
SHA256	`69952617a3441306cc846eaa2de8202cf1f46f789b5732149333a341cd1c1042`
CRC32	`1EF28074`
ssdeep	`6144:v1ZUqVGUrknevjrT2pQuoQzjZMyyF+atD2698d1/w5KA81IJ8GpF6nuTmOOU:v1ZUqHrknevjraLoqVMyyX4jjYKkJj6e`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

fireballs.exe "C:\Users\test22\AppData\Local\Temp\fireballs.exe"
2544

Name	Response	Post-Analysis Lookup
showip.net	A 162.55.60.2	162.55.60.2

IP Address	Status	Action
162.55.60.2	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49166 -> 162.55.60.2:80	2008987	ET POLICY IP Check Domain (showip in HTTP Host)	Attempted Information Leak
TCP 192.168.56.101:49166 -> 162.55.60.2:80	2047083	ET HUNTING [ANY.RUN] DARKCLOUD Style External IP Check	Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

Queries for the computername (6 events)

Time & API	Arguments	Status	Return
GetComputerNameW March 13, 2025, 9:47 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 13, 2025, 9:47 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 13, 2025, 9:47 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 13, 2025, 9:47 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 13, 2025, 9:47 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 13, 2025, 9:47 a.m.	computer_name: TEST22-PC	1	1

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

CUSTOM

One or more processes crashed (48 events)

Time & API	Arguments	Status
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1635032 registers.edi: 5265528 registers.eax: 1635032 registers.ebp: 1635112 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633992 registers.edi: 5265528 registers.eax: 1633992 registers.ebp: 1634072 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633992 registers.edi: 5265528 registers.eax: 1633992 registers.ebp: 1634072 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633992 registers.edi: 5265528 registers.eax: 1633992 registers.ebp: 1634072 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633992 registers.edi: 5265528 registers.eax: 1633992 registers.ebp: 1634072 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633916 registers.edi: 5265528 registers.eax: 1633916 registers.ebp: 1633996 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633916 registers.edi: 5265528 registers.eax: 1633916 registers.ebp: 1633996 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634284 registers.edi: 1634560 registers.eax: 1634284 registers.ebp: 1634364 registers.edx: 0 registers.ebx: 5265528 registers.esi: 1634560 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634284 registers.edi: 1634560 registers.eax: 1634284 registers.ebp: 1634364 registers.edx: 0 registers.ebx: 5265528 registers.esi: 1634560 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633308 registers.edi: 5265528 registers.eax: 1633308 registers.ebp: 1633388 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633916 registers.edi: 5265528 registers.eax: 1633916 registers.ebp: 1633996 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633916 registers.edi: 5265528 registers.eax: 1633916 registers.ebp: 1633996 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634284 registers.edi: 1634560 registers.eax: 1634284 registers.ebp: 1634364 registers.edx: 0 registers.ebx: 5265528 registers.esi: 1634560 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634284 registers.edi: 1634560 registers.eax: 1634284 registers.ebp: 1634364 registers.edx: 0 registers.ebx: 5265528 registers.esi: 1634560 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633308 registers.edi: 5265528 registers.eax: 1633308 registers.ebp: 1633388 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633916 registers.edi: 5265528 registers.eax: 1633916 registers.ebp: 1633996 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633916 registers.edi: 5265528 registers.eax: 1633916 registers.ebp: 1633996 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634284 registers.edi: 1634560 registers.eax: 1634284 registers.ebp: 1634364 registers.edx: 0 registers.ebx: 5265528 registers.esi: 1634560 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634284 registers.edi: 1634560 registers.eax: 1634284 registers.ebp: 1634364 registers.edx: 0 registers.ebx: 5265528 registers.esi: 1634560 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633308 registers.edi: 5265528 registers.eax: 1633308 registers.ebp: 1633388 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633916 registers.edi: 5265528 registers.eax: 1633916 registers.ebp: 1633996 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633916 registers.edi: 5265528 registers.eax: 1633916 registers.ebp: 1633996 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1633504 registers.edi: 5265528 registers.eax: 1633504 registers.ebp: 1633584 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634824 registers.edi: 5265528 registers.eax: 1634824 registers.ebp: 1634904 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634840 registers.edi: 5265528 registers.eax: 1634840 registers.ebp: 1634920 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634840 registers.edi: 5265528 registers.eax: 1634840 registers.ebp: 1634920 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634840 registers.edi: 5265528 registers.eax: 1634840 registers.ebp: 1634920 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634256 registers.edi: 5265528 registers.eax: 1634256 registers.ebp: 1634336 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634072 registers.edi: 5265528 registers.eax: 1634072 registers.ebp: 1634152 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634316 registers.edi: 1634592 registers.eax: 1634316 registers.ebp: 1634396 registers.edx: 0 registers.ebx: 5265528 registers.esi: 1634592 registers.ecx: 2	1
__exception__ March 13, 2025, 9:47 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1634480 registers.edi: 5265528 registers.eax: 1634480 registers.ebp: 1634560 registers.edx: 0 registers.ebx: 5265528 registers.esi: 5265528 registers.ecx: 2	1

Performs some HTTP requests (1 event)

request

GET http://showip.net/

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 13, 2025, 9:46 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1	0	0

Creates executable files on the filesystem (1 event)

file	C:\Users\Public\Libraries\vbsqlite3.dll

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 13, 2025, 9:46 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003f0000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00029000', u'virtual_address': u'0x00037000', u'entropy': 7.868355730245896, u'name': u'.rsrc', u'virtual_size': u'0x00028f38'}

entropy

7.86835573025

description

A section with a high entropy has been found

entropy

0.431578947368

description

Overall entropy of this PE file is high

Attempts to identify installed AV products by installation directory (1 event)

file	C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Dacic.i!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojanpws.Msil
Skyhigh	BehavesLike.Win32.Infected.fh
ALYac	Generic.Dacic.CDD4E759.A.0437B5F7
Cylance	Unsafe
VIPRE	Generic.Dacic.CDD4E759.A.0437B5F7
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Generic.Dacic.CDD4E759.A.0437B5F7
K7GW	NetWorm ( 700000151 )
K7AntiVirus	NetWorm ( 700000151 )
Arcabit	Generic.Dacic.CDD4E759.A.0437B5F7
VirIT	Trojan.Win32.VB_Heur.A
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Trojan.DarkCloud
ESET-NOD32	a variant of Win32/Spy.VB.OLN
APEX	Malicious
Avast	Win32:Darkcloud-A [Spy]
ClamAV	Win.Malware.Dacic-10015827-0
Kaspersky	VHO:Trojan-PSW.MSIL.Convagent.gen
Alibaba	TrojanSpy:Win32/Darkcloud.f0551457
MicroWorld-eScan	Generic.Dacic.CDD4E759.A.0437B5F7
Rising	Stealer.DarkCloud!1.10496 (CLASSIC)
Emsisoft	Generic.Dacic.CDD4E759.A.0437B5F7 (B)
F-Secure	Trojan.TR/VB.Downloader.Gen
DrWeb	Trojan.Siggen29.30022
McAfeeD	ti!69952617A344
Trapmine	suspicious.low.ml.score
CTX	exe.trojan.darkcloud
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.f07b59eb2e079540
Google	Detected
Avira	TR/VB.Downloader.Gen
Antiy-AVL	Trojan[Spy]/Win32.VB.oln
Kingsoft	malware.kb.a.999
Gridinsoft	Trojan.Win32.Gen.tr
Microsoft	Trojan:Win32/DarkCloud.EALN!MTB
GData	Win32.Trojan-Stealer.DarkCloud.A
Varist	W32/DarkCloud.A.gen!Eldorado
AhnLab-V3	Trojan/Win.PWS.R562305
McAfee	Trojan-FWFF!F07B59EB2E07
DeepInstinct	MALICIOUS
VBA32	Malware-Cryptor.VB.gen.1
Malwarebytes	Malware.AI.2702729048
Ikarus	Trojan-Spy.Win32.VB
TrendMicro-HouseCall	TROJ_GEN.R002H0CCA25
Tencent	Win32.Trojan.VB.Vgil

fireballs.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All