Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 3, 2025, 9:37 a.m.	April 3, 2025, 9:39 a.m.

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bb5db889590bda43732d55cf4b69de5e`
SHA256	`b94491e54c22ef851717ec4a47475d91e6f768efb970862532ef4777f695f214`
CRC32	`3162BF1F`
ssdeep	`49152:fEkYwhCQbk0P8UQZ5N82yjH7JMfKBuBR9zkvs:8kth1bkdUQubjbcvBzA`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 3, 2025, 9:37 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	akserivd
section	mbrgtkng
section	.taggant

One or more processes crashed (50 out of 126 events)

Time & API	Arguments	Status
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: random+0x31f0b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3272889 exception.address: 0x32f0b9 registers.esp: 8190772 registers.edi: 0 registers.eax: 1 registers.ebp: 8190788 registers.edx: 5074944 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb e9 fc fa ff ff 5d 29 fd e9 95 fb ff ff ff 74 exception.symbol: random+0x6455c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 410972 exception.address: 0x7455c registers.esp: 8190740 registers.edi: 1968898280 registers.eax: 25974 registers.ebp: 3990495252 registers.edx: 65536 registers.ebx: 1968909691 registers.esi: 3 registers.ecx: 500561	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb e9 32 f9 ff ff 89 44 24 04 e9 00 00 00 00 58 exception.symbol: random+0x64939 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 411961 exception.address: 0x74939 registers.esp: 8190740 registers.edi: 1968898280 registers.eax: 4294944312 registers.ebp: 3990495252 registers.edx: 65536 registers.ebx: 239849 registers.esi: 3 registers.ecx: 500561	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb e9 ce fb ff ff 89 0c 24 c7 04 24 f5 04 97 15 exception.symbol: random+0x65590 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 415120 exception.address: 0x75590 registers.esp: 8190740 registers.edi: 1968898280 registers.eax: 28516 registers.ebp: 3990495252 registers.edx: 627923746 registers.ebx: 239849 registers.esi: 507440 registers.ecx: 2048828724	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 e9 31 00 00 00 51 b9 d2 5a exception.symbol: random+0x653cb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 414667 exception.address: 0x753cb registers.esp: 8190740 registers.edi: 1259 registers.eax: 28516 registers.ebp: 3990495252 registers.edx: 627923746 registers.ebx: 239849 registers.esi: 507440 registers.ecx: 4294941376	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 05 07 cf 99 6f 05 88 ee fb 6e 51 b9 71 2b f7 exception.symbol: random+0x1f396c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2046316 exception.address: 0x20396c registers.esp: 8190736 registers.edi: 513890 registers.eax: 2111411 registers.ebp: 3990495252 registers.edx: 2130566132 registers.ebx: 58327930 registers.esi: 2094024 registers.ecx: 890	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 52 ba 44 e5 f7 6d 51 b9 57 31 08 92 01 ca 59 exception.symbol: random+0x1f3b67 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2046823 exception.address: 0x203b67 registers.esp: 8190740 registers.edi: 513890 registers.eax: 2137504 registers.ebp: 3990495252 registers.edx: 2130566132 registers.ebx: 58327930 registers.esi: 2094024 registers.ecx: 890	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 52 e9 00 00 00 00 52 89 0c 24 c7 04 24 39 97 exception.symbol: random+0x1f41cb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2048459 exception.address: 0x2041cb registers.esp: 8190740 registers.edi: 513890 registers.eax: 2114356 registers.ebp: 3990495252 registers.edx: 658921 registers.ebx: 58327930 registers.esi: 2094024 registers.ecx: 0	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 57 bf 22 58 ef 75 e9 33 01 00 00 5f 81 c4 04 exception.symbol: random+0x1f5787 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2054023 exception.address: 0x205787 registers.esp: 8190736 registers.edi: 513890 registers.eax: 25808 registers.ebp: 3990495252 registers.edx: 309304177 registers.ebx: 553647060 registers.esi: 2094024 registers.ecx: 2117694	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 68 3e 53 ec 21 89 34 24 e9 c5 07 00 00 5b 87 exception.symbol: random+0x1f5058 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2052184 exception.address: 0x205058 registers.esp: 8190740 registers.edi: 513890 registers.eax: 1549541099 registers.ebp: 3990495252 registers.edx: 0 registers.ebx: 553647060 registers.esi: 2094024 registers.ecx: 2120518	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 53 e9 ba fd ff ff 29 c8 e9 83 01 00 00 59 83 exception.symbol: random+0x1fcacd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2083533 exception.address: 0x20cacd registers.esp: 8190736 registers.edi: 23392 registers.eax: 2147986 registers.ebp: 3990495252 registers.edx: 2097303330 registers.ebx: 2120544 registers.esi: 0 registers.ecx: 14288	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb e9 9a fe ff ff 81 eb bc 8b f4 1c 89 da 5b f7 exception.symbol: random+0x1fc964 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2083172 exception.address: 0x20c964 registers.esp: 8190740 registers.edi: 23392 registers.eax: 2177595 registers.ebp: 3990495252 registers.edx: 2097303330 registers.ebx: 2120544 registers.esi: 0 registers.ecx: 14288	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 50 e9 00 00 00 00 57 bf a8 3e 37 5a 68 a0 d3 exception.symbol: random+0x1fd0ab exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2085035 exception.address: 0x20d0ab registers.esp: 8190740 registers.edi: 23392 registers.eax: 2177595 registers.ebp: 3990495252 registers.edx: 2097303330 registers.ebx: 4294940316 registers.esi: 0 registers.ecx: 202985	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 55 89 3c 24 54 8b 3c 24 exception.symbol: random+0x201e2d exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2104877 exception.address: 0x211e2d registers.esp: 8190732 registers.edi: 11218336 registers.eax: 1447909480 registers.ebp: 3990495252 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 2156977 registers.ecx: 20	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x201726 exception.address: 0x211726 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 2103078 registers.esp: 8190732 registers.edi: 11218336 registers.eax: 1 registers.ebp: 3990495252 registers.edx: 22104 registers.ebx: 0 registers.esi: 2156977 registers.ecx: 20	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 5e 2b 2d 12 01 exception.symbol: random+0x1feed5 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2092757 exception.address: 0x20eed5 registers.esp: 8190732 registers.edi: 11218336 registers.eax: 1447909480 registers.ebp: 3990495252 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 2156977 registers.ecx: 10	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 53 bb fb 68 df 7f 81 ea 23 a1 ed 67 81 ea fc exception.symbol: random+0x207630 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2127408 exception.address: 0x217630 registers.esp: 8190736 registers.edi: 11218336 registers.eax: 27297 registers.ebp: 3990495252 registers.edx: 2192313 registers.ebx: 40860968 registers.esi: 10 registers.ecx: 2112880640	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 50 89 e0 05 04 00 00 00 e9 b4 fa ff ff 58 05 exception.symbol: random+0x207a04 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2128388 exception.address: 0x217a04 registers.esp: 8190740 registers.edi: 11218336 registers.eax: 27297 registers.ebp: 3990495252 registers.edx: 2195382 registers.ebx: 40860968 registers.esi: 0 registers.ecx: 1392536160	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 0f 8e 02 00 00 00 8b f3 6a 00 50 e8 exception.symbol: random+0x2081f4 exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 2130420 exception.address: 0x2181f4 registers.esp: 8190700 registers.edi: 0 registers.eax: 8190700 registers.ebp: 3990495252 registers.edx: 239068284 registers.ebx: 2196156 registers.esi: 490074553 registers.ecx: 1392536160	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 51 b9 4a bd fb 77 c1 e9 05 83 e9 01 50 b8 b2 exception.symbol: random+0x21759a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2192794 exception.address: 0x22759a registers.esp: 8190736 registers.edi: 467022 registers.eax: 30860 registers.ebp: 3990495252 registers.edx: 6 registers.ebx: 40861190 registers.esi: 2257879 registers.ecx: 0	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 50 89 e0 57 bf 04 00 00 00 05 6f 1d ef 3f 01 exception.symbol: random+0x2178ad exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2193581 exception.address: 0x2278ad registers.esp: 8190740 registers.edi: 467022 registers.eax: 30860 registers.ebp: 3990495252 registers.edx: 6 registers.ebx: 0 registers.esi: 2261331 registers.ecx: 606898514	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 89 14 24 e9 1a 05 00 00 59 exception.symbol: random+0x21855b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2196827 exception.address: 0x22855b registers.esp: 8190740 registers.edi: 467022 registers.eax: 2291198 registers.ebp: 3990495252 registers.edx: 1518662850 registers.ebx: 0 registers.esi: 2261331 registers.ecx: 606898514	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 56 c7 04 24 c4 86 b2 7f 59 c1 e1 02 53 56 be exception.symbol: random+0x218d93 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2198931 exception.address: 0x228d93 registers.esp: 8190740 registers.edi: 467022 registers.eax: 2265042 registers.ebp: 3990495252 registers.edx: 322689 registers.ebx: 0 registers.esi: 2261331 registers.ecx: 0	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 52 ba ea 62 3e 7e 29 d3 5a 81 c3 d9 18 27 7b exception.symbol: random+0x21a940 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2206016 exception.address: 0x22a940 registers.esp: 8190736 registers.edi: 467022 registers.eax: 30147 registers.ebp: 3990495252 registers.edx: 322689 registers.ebx: 2271225 registers.esi: 4719075 registers.ecx: 2592095	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 53 89 14 24 89 1c 24 89 34 24 68 e0 59 c7 6f exception.symbol: random+0x21b190 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2208144 exception.address: 0x22b190 registers.esp: 8190740 registers.edi: 467022 registers.eax: 4294940104 registers.ebp: 3990495252 registers.edx: 322689 registers.ebx: 2301372 registers.esi: 4719075 registers.ecx: 262633	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 57 89 04 24 e9 8f 09 00 00 81 f5 77 7f ef 37 exception.symbol: random+0x224332 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2245426 exception.address: 0x234332 registers.esp: 8190728 registers.edi: 467022 registers.eax: 28612 registers.ebp: 3990495252 registers.edx: 2130566132 registers.ebx: 1005136030 registers.esi: 2310508 registers.ecx: 2112880640	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 55 68 e4 33 80 32 89 14 24 57 bf 2a 99 be 6d exception.symbol: random+0x224bfd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2247677 exception.address: 0x234bfd registers.esp: 8190732 registers.edi: 467022 registers.eax: 28612 registers.ebp: 3990495252 registers.edx: 2130566132 registers.ebx: 1005136030 registers.esi: 2339120 registers.ecx: 2112880640	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb e9 26 fc ff ff 81 c4 04 00 00 00 c1 e0 01 51 exception.symbol: random+0x22484f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2246735 exception.address: 0x23484f registers.esp: 8190732 registers.edi: 467022 registers.eax: 0 registers.ebp: 3990495252 registers.edx: 2130566132 registers.ebx: 1005136030 registers.esi: 2313480 registers.ecx: 84201	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 55 bd 72 1f 93 6e 50 51 89 2c 24 e9 ba fe ff exception.symbol: random+0x23f218 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2355736 exception.address: 0x24f218 registers.esp: 8190700 registers.edi: 1966240654 registers.eax: 0 registers.ebp: 3990495252 registers.edx: 2130566132 registers.ebx: 1948149619 registers.esi: 2423900 registers.ecx: 2345569120	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb e9 c7 02 00 00 89 04 24 89 3c 24 51 e9 3c 03 exception.symbol: random+0x2404d7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2360535 exception.address: 0x2504d7 registers.esp: 8190696 registers.edi: 1966240654 registers.eax: 2425950 registers.ebp: 3990495252 registers.edx: 1855135602 registers.ebx: 1188229590 registers.esi: 2423900 registers.ecx: 2345569120	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 57 54 5f 81 c7 04 00 00 00 e9 27 01 00 00 50 exception.symbol: random+0x24094e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2361678 exception.address: 0x25094e registers.esp: 8190700 registers.edi: 1966240654 registers.eax: 2458452 registers.ebp: 3990495252 registers.edx: 1855135602 registers.ebx: 4294937452 registers.esi: 2423900 registers.ecx: 452946	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 81 ef 20 4e fa 62 50 e9 7b ff ff ff ff 34 24 exception.symbol: random+0x241252 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2363986 exception.address: 0x251252 registers.esp: 8190696 registers.edi: 2429086 registers.eax: 30154 registers.ebp: 3990495252 registers.edx: 1855135602 registers.ebx: 4294937452 registers.esi: 2423900 registers.ecx: 1293729056	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 c7 04 24 5e 0d ac exception.symbol: random+0x241772 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2365298 exception.address: 0x251772 registers.esp: 8190700 registers.edi: 2459240 registers.eax: 30154 registers.ebp: 3990495252 registers.edx: 1855135602 registers.ebx: 4294937452 registers.esi: 2423900 registers.ecx: 1293729056	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 52 89 e2 81 c2 04 00 00 00 83 ea 04 33 14 24 exception.symbol: random+0x2412c8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2364104 exception.address: 0x2512c8 registers.esp: 8190700 registers.edi: 2432120 registers.eax: 0 registers.ebp: 3990495252 registers.edx: 1855135602 registers.ebx: 4294937452 registers.esi: 2423900 registers.ecx: 1392536160	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 31 ff e9 a5 03 00 00 4a 81 ca d4 9c f6 39 81 exception.symbol: random+0x24260a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2369034 exception.address: 0x25260a registers.esp: 8190700 registers.edi: 2432964 registers.eax: 25396 registers.ebp: 3990495252 registers.edx: 1855135602 registers.ebx: 1836076119 registers.esi: 2432148 registers.ecx: 2458899	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb e9 fd fd ff ff b8 db 88 1f 33 68 e7 76 35 7d exception.symbol: random+0x2425a7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2368935 exception.address: 0x2525a7 registers.esp: 8190700 registers.edi: 4294944716 registers.eax: 882447976 registers.ebp: 3990495252 registers.edx: 1855135602 registers.ebx: 1836076119 registers.esi: 2432148 registers.ecx: 2458899	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 68 8e 3c 88 68 89 3c 24 e9 00 00 00 00 bf 35 exception.symbol: random+0x248512 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2393362 exception.address: 0x258512 registers.esp: 8190700 registers.edi: 304449496 registers.eax: 20769109 registers.ebp: 3990495252 registers.edx: 2485520 registers.ebx: 65786 registers.esi: 2409568 registers.ecx: 4294942556	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 81 c7 f1 6e 62 3f 50 b8 43 43 bd 6d 81 c7 32 exception.symbol: random+0x24c509 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2409737 exception.address: 0x25c509 registers.esp: 8190696 registers.edi: 2475015 registers.eax: 25852 registers.ebp: 3990495252 registers.edx: 2486102 registers.ebx: 477794 registers.esi: 304406342 registers.ecx: 4950606	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb ba 2a 3d 3f 7f e9 97 f7 ff ff 58 81 f7 ba 17 exception.symbol: random+0x24cd33 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2411827 exception.address: 0x25cd33 registers.esp: 8190700 registers.edi: 2500867 registers.eax: 25852 registers.ebp: 3990495252 registers.edx: 2486102 registers.ebx: 477794 registers.esi: 304406342 registers.ecx: 4950606	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 68 f6 70 53 7b 89 04 24 e9 06 00 00 00 51 e9 exception.symbol: random+0x24cc0d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2411533 exception.address: 0x25cc0d registers.esp: 8190700 registers.edi: 2477939 registers.eax: 25852 registers.ebp: 3990495252 registers.edx: 0 registers.ebx: 477794 registers.esi: 607947091 registers.ecx: 4950606	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 68 b2 25 db 7f ff exception.symbol: random+0x24d788 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2414472 exception.address: 0x25d788 registers.esp: 8190700 registers.edi: 2477939 registers.eax: 0 registers.ebp: 3990495252 registers.edx: 2480992 registers.ebx: 7453288 registers.esi: 607947091 registers.ecx: 146621440	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb e9 1f 01 00 00 8b 2c 24 81 c4 04 00 00 00 8f exception.symbol: random+0x24df25 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2416421 exception.address: 0x25df25 registers.esp: 8190700 registers.edi: 2477939 registers.eax: 29114 registers.ebp: 3990495252 registers.edx: 1531388618 registers.ebx: 2510531 registers.esi: 607947091 registers.ecx: 146621440	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 55 89 e5 e9 ad fb ff ff 89 34 24 be f4 35 db exception.symbol: random+0x24e531 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2417969 exception.address: 0x25e531 registers.esp: 8190700 registers.edi: 2477939 registers.eax: 29114 registers.ebp: 3990495252 registers.edx: 157417 registers.ebx: 2510531 registers.esi: 607947091 registers.ecx: 4294940712	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 68 03 70 07 56 e9 07 fd ff ff c1 e3 06 51 e9 exception.symbol: random+0x2589d3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2460115 exception.address: 0x2689d3 registers.esp: 8190696 registers.edi: 2485645 registers.eax: 31253 registers.ebp: 3990495252 registers.edx: 2130566132 registers.ebx: 2147483650 registers.esi: 2489352 registers.ecx: 2523756	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 68 52 27 fe 56 89 1c 24 68 81 3a 2a 75 89 04 exception.symbol: random+0x258630 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2459184 exception.address: 0x268630 registers.esp: 8190700 registers.edi: 604801366 registers.eax: 31253 registers.ebp: 3990495252 registers.edx: 4294938828 registers.ebx: 2147483650 registers.esi: 2489352 registers.ecx: 2555009	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 53 89 3c 24 bf 0b 00 74 5e 81 e9 2b 85 ef 56 exception.symbol: random+0x264d64 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2510180 exception.address: 0x274d64 registers.esp: 8190696 registers.edi: 2551320 registers.eax: 32030 registers.ebp: 3990495252 registers.edx: 7004600 registers.ebx: 2551288 registers.esi: 2551284 registers.ecx: 2575508	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 29 d2 ff 34 11 ff 34 24 5f e9 00 00 00 00 51 exception.symbol: random+0x26554d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2512205 exception.address: 0x27554d registers.esp: 8190700 registers.edi: 2551320 registers.eax: 32030 registers.ebp: 3990495252 registers.edx: 7004600 registers.ebx: 2551288 registers.esi: 2551284 registers.ecx: 2607538	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 57 e9 b7 fb ff ff 89 d7 ff 34 24 e9 fd fd ff exception.symbol: random+0x2652ce exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2511566 exception.address: 0x2752ce registers.esp: 8190700 registers.edi: 2444656488 registers.eax: 32030 registers.ebp: 3990495252 registers.edx: 4294937728 registers.ebx: 2551288 registers.esi: 2551284 registers.ecx: 2607538	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 52 89 04 24 b8 52 fb 7b 7f 55 bd de 2e df 2f exception.symbol: random+0x27491e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2574622 exception.address: 0x28491e registers.esp: 8190696 registers.edi: 2638177 registers.eax: 27577 registers.ebp: 3990495252 registers.edx: 7004600 registers.ebx: 2597753 registers.esi: 8831240 registers.ecx: 2112880640	1
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: fb 51 e9 bf 07 00 00 81 eb d4 5d 1f 4d 89 de 5b exception.symbol: random+0x2743c3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2573251 exception.address: 0x2843c3 registers.esp: 8190700 registers.edi: 2665754 registers.eax: 27577 registers.ebp: 3990495252 registers.edx: 604292950 registers.ebx: 2597753 registers.esi: 8831240 registers.ecx: 4294942472	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 188416 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00011000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 3, 2025, 9:37 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x0002e000', u'virtual_address': u'0x00001000', u'entropy': 7.981066261354259, u'name': u' \\x00 ', u'virtual_size': u'0x0005f000'}

entropy

7.98106626135

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x001a7000', u'virtual_address': u'0x0031f000', u'entropy': 7.954197811342933, u'name': u'akserivd', u'virtual_size': u'0x001a7000'}

entropy

7.95419781134

description

A section with a high entropy has been found

entropy

0.993907284768

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA April 3, 2025, 9:37 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA April 3, 2025, 9:37 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 3, 2025, 9:37 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 55 89 3c 24 54 8b 3c 24 exception.symbol: random+0x201e2d exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2104877 exception.address: 0x211e2d registers.esp: 8190732 registers.edi: 11218336 registers.eax: 1447909480 registers.ebp: 3990495252 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 2156977 registers.ecx: 20	1	0	0

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Generic.tc
ALYac	Gen:Variant.Symmi.83490
Cylance	Unsafe
VIPRE	Gen:Variant.Symmi.83490
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
BitDefender	Gen:Variant.Symmi.83490
Arcabit	Trojan.Symmi.D14622
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	VHO:Trojan-PSW.Win32.Stealerc.gen
MicroWorld-eScan	Gen:Variant.Symmi.83490
Rising	Trojan.Agent!1.127FD (CLASSIC)
Emsisoft	Gen:Variant.Symmi.83490 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
Trapmine	malicious.high.ml.score
CTX	exe.unknown.symmi
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.bb5db889590bda43
Google	Detected
Avira	TR/Crypt.XPACK.Gen
Kingsoft	malware.kb.b.998
Gridinsoft	Trojan.Heur!.038120A1
Microsoft	Trojan:Win32/Sabsik.FL.A!ml
GData	Gen:Variant.Symmi.83490
Varist	W32/Themida.CT.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R695326
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.Amadey
Ikarus	Trojan.Win32.LummaStealer
Zoner	Probably Heur.ExeHeaderL
TrendMicro-HouseCall	Trojan.Win32.VSX.PE04C9V
Tencent	Trojan-DL.Win32.Deyma.kh
huorong	Trojan/FakeApp.bf
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Themida.HZB!tr
AVG	Win32:Evo-gen [Trj]

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All