Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 21, 2025, 1:13 p.m.	April 21, 2025, 1:41 p.m.

Size	1.5MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`011393e1dc0e2d3e6f5ec857ca92a88c`
SHA256	`6dc22f5219df313970b7cdb63a64113f8be9a3edc80e9893eeff2987e9eb3623`
CRC32	`4F8B7B1E`
ssdeep	`24576:nDNKUldHuzRUNOjeainTlphynSddWfunnrwQXvSaZPcKjqMDIHoE1L1VhK6oTmxn:DXHnAjexlXynKdWfulXKaZPhjqYMrJz5`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature IsPE64 - (no description)

dwinxp64.exe "C:\Users\test22\AppData\Local\Temp\dwinxp64.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section
section	.themida
section	.boot

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4fa49d dwinxp64+0x183ffa @ 0x140183ffa dwinxp64+0x4311d @ 0x14004311d HeapWalk-0x1ce0 kernel32+0x0 @ 0x76c10000 0x22ff28 0x22ff28 0x22ff28 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefd4fa49d registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1
__exception__ April 21, 2025, 1:06 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2291744 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293552 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2293576 registers.rdi: 5368840192 registers.rax: 1992605560 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 21, 2025, 1:06 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e27000 process_handle: 0xffffffffffffffff	1	0	0
NtProtectVirtualMemory April 21, 2025, 1:06 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d80000 process_handle: 0xffffffffffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x0000be00', u'virtual_address': u'0x00001000', u'entropy': 7.97636830294022, u'name': u' ', u'virtual_size': u'0x000176b0'}

entropy

7.97636830294

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000200', u'virtual_address': u'0x0001a000', u'entropy': 7.421835893392523, u'name': u' ', u'virtual_size': u'0x000002e0'}

entropy

7.42183589339

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00166000', u'virtual_address': u'0x002dc000', u'entropy': 7.95404760708908, u'name': u'.boot', u'virtual_size': u'0x00166000'}

entropy

7.95404760709

description

A section with a high entropy has been found

entropy

0.99730458221

description

Overall entropy of this PE file is high

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ April 21, 2025, 1:06 p.m.	tid: 2556 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

dwinxp64.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All