Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 31, 2025, 8:50 a.m.	March 31, 2025, 8:50 a.m.

Size	27.3MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`963d215cb1f7930e5cce65b6372bcca9`
SHA256	`511df10f87d1e3cc3d1058c232aad3e70089d945bc14713cd4eef9acc998a2b3`
CRC32	`291BB17D`
ssdeep	`786432:hbt1UTjjW4mSt99lUe8aTr6/FndJ8kUdxndlqUJRQDO:hbUTjZ9ie8aEdJ8DFlqkQ`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature mzp_file_format - MZP(Delphi) file format anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file

Bsoft.exe "C:\Users\test22\AppData\Local\Temp\Bsoft.exe"
2580

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA March 31, 2025, 8:50 a.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 31, 2025, 8:50 a.m.			0	0
IsDebuggerPresent March 31, 2025, 8:50 a.m.			0	0
IsDebuggerPresent March 31, 2025, 8:50 a.m.			0	0
IsDebuggerPresent March 31, 2025, 8:50 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	kpnpdizz
section	itmvedqj
section	.taggant

The file contains an unknown PE resource name possibly indicative of a packer (5 events)

resource name	DXNAVBARSKINS
resource name	DXSKINS
resource name	PNG
resource name	UNICODEDATA
resource name	XML

One or more processes crashed (50 out of 118 events)

Time & API	Arguments	Status
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: bsoft+0x619e0b9 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 102359225 exception.address: 0x659e0b9 registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 109576192 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 53 51 89 3c 24 bf 12 87 7f 67 exception.symbol: bsoft+0x528e7a0 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 86566816 exception.address: 0x568e7a0 registers.esp: 1638240 registers.edi: 1968898280 registers.eax: 26276 registers.ebp: 4075995156 registers.edx: 4194304 registers.ebx: 4254555902 registers.esi: 90758557 registers.ecx: 1969094656	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 55 51 c7 04 24 65 f7 fa 22 89 14 24 e9 25 fc exception.symbol: bsoft+0x528e6ca exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 86566602 exception.address: 0x568e6ca registers.esp: 1638244 registers.edi: 1968898280 registers.eax: 26276 registers.ebp: 4075995156 registers.edx: 0 registers.ebx: 4254555902 registers.esi: 90761293 registers.ecx: 12773717	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 52 89 04 24 53 bb 60 aa d7 5a 89 d8 5b 68 a6 exception.symbol: bsoft+0x528f06b exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 86569067 exception.address: 0x568f06b registers.esp: 1638244 registers.edi: 235753 registers.eax: 29160 registers.ebp: 4075995156 registers.edx: 90764907 registers.ebx: 507619382 registers.esi: 90761293 registers.ecx: 0	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 0c 24 c7 04 24 bf ce ef 7e 8b 0c exception.symbol: bsoft+0x52ef0f8 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 86962424 exception.address: 0x56ef0f8 registers.esp: 1638244 registers.edi: 91159388 registers.eax: 31742 registers.ebp: 4075995156 registers.edx: 90752893 registers.ebx: 49807360 registers.esi: 0 registers.ecx: 604292946	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 34 24 50 81 ec 04 00 00 exception.symbol: bsoft+0x52f5e04 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 86990340 exception.address: 0x56f5e04 registers.esp: 1638240 registers.edi: 0 registers.eax: 91182828 registers.ebp: 4075995156 registers.edx: 0 registers.ebx: 91178939 registers.esi: 18363 registers.ecx: 31	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 55 89 04 24 b8 21 71 ff 6f 0d 4f d9 ff 77 05 exception.symbol: bsoft+0x52f5956 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 86989142 exception.address: 0x56f5956 registers.esp: 1638244 registers.edi: 0 registers.eax: 91208972 registers.ebp: 4075995156 registers.edx: 0 registers.ebx: 4294943704 registers.esi: 18363 registers.ecx: 322689	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb e9 99 00 00 00 4b 43 81 eb 09 99 df f2 43 e9 exception.symbol: bsoft+0x52f69b6 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 86993334 exception.address: 0x56f69b6 registers.esp: 1638240 registers.edi: 0 registers.eax: 29816 registers.ebp: 4075995156 registers.edx: 1895800577 registers.ebx: 91185813 registers.esi: 18363 registers.ecx: 322689	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 55 c7 04 24 19 57 d7 70 89 14 24 c7 04 24 02 exception.symbol: bsoft+0x52f6ac3 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 86993603 exception.address: 0x56f6ac3 registers.esp: 1638244 registers.edi: 0 registers.eax: 29816 registers.ebp: 4075995156 registers.edx: 1895800577 registers.ebx: 91215629 registers.esi: 18363 registers.ecx: 322689	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 50 89 14 24 e9 00 00 00 00 ba 76 75 6f 3f 4a exception.symbol: bsoft+0x52f6d87 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 86994311 exception.address: 0x56f6d87 registers.esp: 1638244 registers.edi: 1259 registers.eax: 29816 registers.ebp: 4075995156 registers.edx: 1895800577 registers.ebx: 91188885 registers.esi: 0 registers.ecx: 322689	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 68 9b d2 11 04 89 2c 24 exception.symbol: bsoft+0x52fe1f8 exception.instruction: in eax, dx exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87024120 exception.address: 0x56fe1f8 registers.esp: 1638236 registers.edi: 110702183 registers.eax: 1447909480 registers.ebp: 4075995156 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 91218154 registers.ecx: 20	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: bsoft+0x530294b exception.address: 0x570294b exception.module: Bsoft.exe exception.exception_code: 0xc000001d exception.offset: 87042379 registers.esp: 1638236 registers.edi: 110702183 registers.eax: 1 registers.ebp: 4075995156 registers.edx: 22104 registers.ebx: 0 registers.esi: 91218154 registers.ecx: 20	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 e8 38 76 12 01 exception.symbol: bsoft+0x5302c9e exception.instruction: in eax, dx exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87043230 exception.address: 0x5702c9e registers.esp: 1638236 registers.edi: 110702183 registers.eax: 1447909480 registers.ebp: 4075995156 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 91218154 registers.ecx: 10	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 29 db ff 34 33 8b 14 24 53 c7 04 24 13 02 9f exception.symbol: bsoft+0x53069a8 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87058856 exception.address: 0x57069a8 registers.esp: 1638244 registers.edi: 110702183 registers.eax: 26378 registers.ebp: 4075995156 registers.edx: 2130566132 registers.ebx: 48063015 registers.esi: 91279475 registers.ecx: 1708064768	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 50 b8 9c 86 2c 0e 89 c2 8b 04 24 55 54 e9 5a exception.symbol: bsoft+0x5306a56 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87059030 exception.address: 0x5706a56 registers.esp: 1638244 registers.edi: 110702183 registers.eax: 26378 registers.ebp: 4075995156 registers.edx: 3397472608 registers.ebx: 4294943512 registers.esi: 91279475 registers.ecx: 1708064768	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 0f 84 15 00 00 00 60 8b c8 e8 0b 00 exception.symbol: bsoft+0x5307607 exception.instruction: int 1 exception.module: Bsoft.exe exception.exception_code: 0xc0000005 exception.offset: 87062023 exception.address: 0x5707607 registers.esp: 1638204 registers.edi: 0 registers.eax: 1638204 registers.ebp: 4075995156 registers.edx: 91256240 registers.ebx: 91256686 registers.esi: 1219651463 registers.ecx: 1562827275	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 e9 18 01 00 00 81 6c 24 04 exception.symbol: bsoft+0x5316a37 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87124535 exception.address: 0x5716a37 registers.esp: 1638244 registers.edi: 90756210 registers.eax: 91345795 registers.ebp: 4075995156 registers.edx: 6 registers.ebx: 48063237 registers.esi: 1968968720 registers.ecx: 0	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 53 54 5b 56 51 b9 e1 ad df 7e 51 e9 7d fc ff exception.symbol: bsoft+0x5316805 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87123973 exception.address: 0x5716805 registers.esp: 1638244 registers.edi: 90756210 registers.eax: 91319851 registers.ebp: 4075995156 registers.edx: 988370000 registers.ebx: 0 registers.esi: 1968968720 registers.ecx: 0	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 56 e9 26 06 00 00 56 e9 87 fe ff ff 58 89 dd exception.symbol: bsoft+0x5319950 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87136592 exception.address: 0x5719950 registers.esp: 1638244 registers.edi: 90756210 registers.eax: 30232 registers.ebp: 4075995156 registers.edx: 1329438797 registers.ebx: 0 registers.esi: 1968968720 registers.ecx: 91360639	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 57 e9 8b fc ff ff c1 e0 02 05 06 09 92 fc 31 exception.symbol: bsoft+0x5319f4a exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87138122 exception.address: 0x5719f4a registers.esp: 1638244 registers.edi: 90756210 registers.eax: 30232 registers.ebp: 4075995156 registers.edx: 262633 registers.ebx: 0 registers.esi: 4294940496 registers.ecx: 91360639	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 52 89 0c 24 68 66 0c 1e 1e 89 0c 24 e9 e0 02 exception.symbol: bsoft+0x531cff6 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87150582 exception.address: 0x571cff6 registers.esp: 1638236 registers.edi: 4294943064 registers.eax: 27049 registers.ebp: 4075995156 registers.edx: 91370804 registers.ebx: 1148432910 registers.esi: 1179202795 registers.ecx: 91360639	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 55 54 8b 2c 24 81 c4 04 00 00 00 e9 d9 fa ff exception.symbol: bsoft+0x531e800 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87156736 exception.address: 0x571e800 registers.esp: 1638232 registers.edi: 4294943064 registers.eax: 32100 registers.ebp: 4075995156 registers.edx: 91349128 registers.ebx: 1148432910 registers.esi: 1179202795 registers.ecx: 91360639	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 51 e9 28 fa ff ff 5b 81 c3 5b f3 ff 7f 5a e9 exception.symbol: bsoft+0x531e675 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87156341 exception.address: 0x571e675 registers.esp: 1638236 registers.edi: 4294937928 registers.eax: 32100 registers.ebp: 4075995156 registers.edx: 91381228 registers.ebx: 1148432910 registers.esi: 1179202795 registers.ecx: 2804799848	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 81 c7 bf b3 bc 5b e9 d6 03 00 00 55 bd 3a 7e exception.symbol: bsoft+0x533f3fe exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87290878 exception.address: 0x573f3fe registers.esp: 1638200 registers.edi: 91485095 registers.eax: 32414 registers.ebp: 4075995156 registers.edx: 2130566132 registers.ebx: 639743241 registers.esi: 91481170 registers.ecx: 1708064768	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 51 b9 de 5b 6f 3d e9 00 00 00 00 bb ab 84 4d exception.symbol: bsoft+0x533fdac exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87293356 exception.address: 0x573fdac registers.esp: 1638204 registers.edi: 91517509 registers.eax: 32414 registers.ebp: 4075995156 registers.edx: 2130566132 registers.ebx: 116969 registers.esi: 4294937676 registers.ecx: 1708064768	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 51 b9 74 7b ff 7b 29 ce 59 03 34 24 83 ec 04 exception.symbol: bsoft+0x5340731 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87295793 exception.address: 0x5740731 registers.esp: 1638200 registers.edi: 91517509 registers.eax: 30296 registers.ebp: 4075995156 registers.edx: 418834113 registers.ebx: 1982033494 registers.esi: 91489688 registers.ecx: 1708064768	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 55 e9 23 fb ff ff 5a c1 e2 01 e9 8f 00 00 00 exception.symbol: bsoft+0x5340fed exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87298029 exception.address: 0x5740fed registers.esp: 1638204 registers.edi: 91517509 registers.eax: 2508939360 registers.ebp: 4075995156 registers.edx: 0 registers.ebx: 1982033494 registers.esi: 91492776 registers.ecx: 1708064768	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 68 c0 d8 17 21 89 2c 24 53 e9 2e 07 00 00 be exception.symbol: bsoft+0x5341e29 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87301673 exception.address: 0x5741e29 registers.esp: 1638200 registers.edi: 91517509 registers.eax: 29583 registers.ebp: 4075995156 registers.edx: 1150595759 registers.ebx: 91494907 registers.esi: 91492776 registers.ecx: 671092461	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 53 89 2c 24 e9 27 02 00 00 09 de 5b 46 c1 ee exception.symbol: bsoft+0x5341eb8 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87301816 exception.address: 0x5741eb8 registers.esp: 1638204 registers.edi: 2355557728 registers.eax: 29583 registers.ebp: 4075995156 registers.edx: 1150595759 registers.ebx: 91498066 registers.esi: 91492776 registers.ecx: 0	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 68 31 48 95 5b e9 aa f5 ff ff 42 56 be 85 8b exception.symbol: bsoft+0x53436d1 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87307985 exception.address: 0x57436d1 registers.esp: 1638204 registers.edi: 91498743 registers.eax: 29774 registers.ebp: 4075995156 registers.edx: 1150595759 registers.ebx: 2034986686 registers.esi: 91528985 registers.ecx: 0	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 3c 24 68 af 97 5f 36 5f 50 b8 76 exception.symbol: bsoft+0x534378e exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87308174 exception.address: 0x574378e registers.esp: 1638204 registers.edi: 91498743 registers.eax: 29774 registers.ebp: 4075995156 registers.edx: 1150595759 registers.ebx: 0 registers.esi: 91502693 registers.ecx: 44777	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 81 e9 01 ef 7d 7e 83 ec 04 89 2c 24 e9 cc fe exception.symbol: bsoft+0x53441dd exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87310813 exception.address: 0x57441dd registers.esp: 1638200 registers.edi: 91498743 registers.eax: 28624 registers.ebp: 4075995156 registers.edx: 1174271743 registers.ebx: 1948170639 registers.esi: 91502693 registers.ecx: 91503297	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 81 ec 04 00 00 00 89 0c 24 89 exception.symbol: bsoft+0x53444e6 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87311590 exception.address: 0x57444e6 registers.esp: 1638204 registers.edi: 91498743 registers.eax: 28624 registers.ebp: 4075995156 registers.edx: 1174271743 registers.ebx: 1948170639 registers.esi: 91502693 registers.ecx: 91531921	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 69 41 7d 7a ff 34 24 e9 36 01 00 exception.symbol: bsoft+0x5343b29 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87309097 exception.address: 0x5743b29 registers.esp: 1638204 registers.edi: 91498743 registers.eax: 4294941548 registers.ebp: 4075995156 registers.edx: 1174271743 registers.ebx: 1948170639 registers.esi: 913087885 registers.ecx: 91531921	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 51 e9 8c f6 ff ff ff 34 24 8b 1c 24 83 c4 04 exception.symbol: bsoft+0x534a475 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87336053 exception.address: 0x574a475 registers.esp: 1638200 registers.edi: 91498743 registers.eax: 32568 registers.ebp: 4075995156 registers.edx: 0 registers.ebx: 91527832 registers.esi: 913087885 registers.ecx: 1971716238	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 31 c9 ff 34 19 e9 f9 00 00 00 ff 34 24 8b 14 exception.symbol: bsoft+0x534a3e3 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87335907 exception.address: 0x574a3e3 registers.esp: 1638204 registers.edi: 91498743 registers.eax: 32568 registers.ebp: 4075995156 registers.edx: 0 registers.ebx: 91560400 registers.esi: 913087885 registers.ecx: 1971716238	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 53 bb 66 6f bf 7a f7 d3 c1 e3 08 51 b9 d4 00 exception.symbol: bsoft+0x5349fab exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87334827 exception.address: 0x5749fab registers.esp: 1638204 registers.edi: 91498743 registers.eax: 32568 registers.ebp: 4075995156 registers.edx: 0 registers.ebx: 91560400 registers.esi: 80361 registers.ecx: 4294937592	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb e9 0a f8 ff ff 83 c6 04 87 34 24 5c 4e e9 e6 exception.symbol: bsoft+0x534b27a exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87339642 exception.address: 0x574b27a registers.esp: 1638200 registers.edi: 91498743 registers.eax: 91531408 registers.ebp: 4075995156 registers.edx: 0 registers.ebx: 91560400 registers.esi: 80361 registers.ecx: 698442554	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 55 bd 10 23 7f 6c exception.symbol: bsoft+0x534ab5a exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87337818 exception.address: 0x574ab5a registers.esp: 1638204 registers.edi: 91498743 registers.eax: 91563481 registers.ebp: 4075995156 registers.edx: 0 registers.ebx: 91560400 registers.esi: 80361 registers.ecx: 698442554	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 f7 00 00 00 81 c6 04 00 00 00 53 exception.symbol: bsoft+0x534afd9 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87338969 exception.address: 0x574afd9 registers.esp: 1638204 registers.edi: 91498743 registers.eax: 91534393 registers.ebp: 4075995156 registers.edx: 157417 registers.ebx: 91560400 registers.esi: 0 registers.ecx: 698442554	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb e9 8f 04 00 00 ff 34 24 59 81 c4 04 00 00 00 exception.symbol: bsoft+0x534bb8f exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87341967 exception.address: 0x574bb8f registers.esp: 1638200 registers.edi: 91498743 registers.eax: 91535440 registers.ebp: 4075995156 registers.edx: 157417 registers.ebx: 91560400 registers.esi: 0 registers.ecx: 79662096	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 29 db 68 31 0a 28 64 89 0c 24 89 d9 53 bb 85 exception.symbol: bsoft+0x534bf5e exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87342942 exception.address: 0x574bf5e registers.esp: 1638204 registers.edi: 91498743 registers.eax: 91561213 registers.ebp: 4075995156 registers.edx: 157417 registers.ebx: 91560400 registers.esi: 0 registers.ecx: 79662096	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 56 89 0c 24 57 bf 71 65 ff 5e 89 f9 5f c1 e1 exception.symbol: bsoft+0x534bc8f exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87342223 exception.address: 0x574bc8f registers.esp: 1638204 registers.edi: 3946456811 registers.eax: 91561213 registers.ebp: 4075995156 registers.edx: 157417 registers.ebx: 4294943908 registers.esi: 0 registers.ecx: 79662096	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 50 c7 04 24 c7 f7 5f 11 81 24 24 69 91 fe 3f exception.symbol: bsoft+0x5352530 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87369008 exception.address: 0x5752530 registers.esp: 1638204 registers.edi: 91588122 registers.eax: 4294944416 registers.ebp: 4075995156 registers.edx: 1584093032 registers.ebx: 2147483650 registers.esi: 91542551 registers.ecx: 1708064768	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 51 b9 b2 ba be 6f f7 d1 81 e9 2f 5a f6 7b 49 exception.symbol: bsoft+0x535ed5d exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87420253 exception.address: 0x575ed5d registers.esp: 1638200 registers.edi: 91591285 registers.eax: 30213 registers.ebp: 4075995156 registers.edx: 91612442 registers.ebx: 1971716070 registers.esi: 91566564 registers.ecx: 0	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 31 db ff 34 13 ff 34 24 ff 34 24 ff 34 24 58 exception.symbol: bsoft+0x535e9ec exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87419372 exception.address: 0x575e9ec registers.esp: 1638204 registers.edi: 91591285 registers.eax: 30213 registers.ebp: 4075995156 registers.edx: 91642655 registers.ebx: 1971716070 registers.esi: 91566564 registers.ecx: 0	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb e9 30 03 00 00 56 e9 33 01 00 00 89 fb 5f 01 exception.symbol: bsoft+0x535e93b exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87419195 exception.address: 0x575e93b registers.esp: 1638204 registers.edi: 91591285 registers.eax: 1149528936 registers.ebp: 4075995156 registers.edx: 91642655 registers.ebx: 4294939688 registers.esi: 91566564 registers.ecx: 0	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 81 e9 a2 21 3f 2d 81 c1 58 98 b5 7b 50 b8 11 exception.symbol: bsoft+0x536c302 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87474946 exception.address: 0x576c302 registers.esp: 1638200 registers.edi: 91647574 registers.eax: 29487 registers.ebp: 4075995156 registers.edx: 582600 registers.ebx: 91616451 registers.esi: 110412040 registers.ecx: 91667797	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 55 83 ec 04 89 14 24 51 83 ec 04 89 14 24 89 exception.symbol: bsoft+0x536bd6f exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87473519 exception.address: 0x576bd6f registers.esp: 1638204 registers.edi: 91647574 registers.eax: 0 registers.ebp: 4075995156 registers.edx: 582600 registers.ebx: 16312658 registers.esi: 110412040 registers.ecx: 91670516	1
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: fb 50 e9 be 00 00 00 8b 14 24 83 c4 04 57 bf d9 exception.symbol: bsoft+0x53756d3 exception.instruction: sti exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87512787 exception.address: 0x57756d3 registers.esp: 1638204 registers.edi: 91735092 registers.eax: 4294942828 registers.ebp: 4075995156 registers.edx: 2130566132 registers.ebx: 91672048 registers.esi: 25815376 registers.ecx: 1708064768	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 175 events)

Time & API	Arguments	Status
NtProtectVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 17457152 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a3d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a3e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a3f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a400000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a430000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a440000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a450000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a460000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a470000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a480000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a5a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a5b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a5c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a5d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a5e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a5f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a600000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a610000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a620000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a630000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0c960000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0c970000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0c980000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0c990000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0c9a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0c9b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0c9c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0c9d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0c9e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0c9f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0ca00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0ca10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0ca20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0ca30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0ca40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0ca50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 31, 2025, 8:50 a.m.	process_identifier: 2580 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0a410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_PORTUGUESE

filetype

data

sublanguage

SUBLANG_PORTUGUESE_BRAZILIAN

offset

0x0647e62e

size

0x00000340

File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 events)

Gridinsoft	Trojan.Heur!.018121A1
VBA32	BScope.Trojan.MSIL.Phpw

The binary likely contains encrypted or compressed data indicative of a packer (5 events)

section

{u'size_of_data': u'0x010a5a00', u'virtual_address': u'0x00001000', u'entropy': 7.985324461389795, u'name': u' \\x00 ', u'virtual_size': u'0x02f80000'}

entropy

7.98532446139

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x007c4800', u'virtual_address': u'0x02f81000', u'entropy': 7.98229771308369, u'name': u'.rsrc', u'virtual_size': u'0x02309c00'}

entropy

7.98229771308

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x002e0c00', u'virtual_address': u'0x0619e000', u'entropy': 7.675936419659922, u'name': u'kpnpdizz', u'virtual_size': u'0x002e1000'}

entropy

7.67593641966

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000200', u'virtual_address': u'0x0647f000', u'entropy': 7.256556854714713, u'name': u'itmvedqj', u'virtual_size': u'0x00001000'}

entropy

7.25655685471

description

A section with a high entropy has been found

entropy

0.999660198516

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (32 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA March 31, 2025, 8:50 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: Regmonclass window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: Filemonclass window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA March 31, 2025, 8:50 a.m.	class_name: pediy06 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Creates known Bancos Banking Trojan files, registry keys and/or mutexes

Detects VirtualBox through the presence of a registry key (1 event)

registry

HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ March 31, 2025, 8:50 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 68 9b d2 11 04 89 2c 24 exception.symbol: bsoft+0x52fe1f8 exception.instruction: in eax, dx exception.module: Bsoft.exe exception.exception_code: 0xc0000096 exception.offset: 87024120 exception.address: 0x56fe1f8 registers.esp: 1638236 registers.edi: 110702183 registers.eax: 1447909480 registers.ebp: 4075995156 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 91218154 registers.ecx: 20	1	0	0

Detects the presence of Wine emulator (1 event)

registry

HKEY_CURRENT_USER\Software\Wine

Bsoft.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All