Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 23, 2025, 6:32 p.m.	April 23, 2025, 6:34 p.m.

Size	2.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8bd13d01b95f170d2653a4a30198e948`
SHA256	`6c3f7a020691f02ec004c99f190aff071998a1bc22cf78ad07b2ce1fb583f730`
CRC32	`EF592BC7`
ssdeep	`49152:KsXOJADAOAPTirWIJeyxlF/XgiqoitQXnwQR7DZU9:QrOAPVKtJ1i4DZ`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
808

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 23, 2025, 6:32 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	atjlbefw
section	skirpaij
section	.taggant

One or more processes crashed (50 out of 116 events)

Time & API	Arguments	Status
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: random+0x3110b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3215545 exception.address: 0x4c10b9 registers.esp: 9501996 registers.edi: 0 registers.eax: 1 registers.ebp: 9502012 registers.edx: 6709248 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 68 d1 9c df 5f 8b 14 24 e9 5c 00 00 00 51 e9 exception.symbol: random+0x61536 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 398646 exception.address: 0x211536 registers.esp: 9501964 registers.edi: 1971192040 registers.eax: 2195220 registers.ebp: 3992186900 registers.edx: 1769472 registers.ebx: 9638 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 53 89 e3 81 c3 04 00 00 00 81 eb 04 00 00 00 exception.symbol: random+0x617ff exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 399359 exception.address: 0x2117ff registers.esp: 9501964 registers.edi: 1971192040 registers.eax: 2169568 registers.ebp: 3992186900 registers.edx: 0 registers.ebx: 607422802 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 51 55 bd 1e 4c 75 75 f7 d5 c1 ed 07 87 cd f7 exception.symbol: random+0x6255d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 402781 exception.address: 0x21255d registers.esp: 9501964 registers.edi: 4294942740 registers.eax: 27436 registers.ebp: 3992186900 registers.edx: 0 registers.ebx: 4768670 registers.esi: 240873 registers.ecx: 2197414	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb e9 f1 fa ff ff 81 c1 b2 5d f3 7e 29 c1 81 e9 exception.symbol: random+0x1e2df2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1977842 exception.address: 0x392df2 registers.esp: 9501960 registers.edi: 2205919 registers.eax: 31089 registers.ebp: 3992186900 registers.edx: 2130566132 registers.ebx: 3014702 registers.esi: 3727668 registers.ecx: 3744416	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 55 bd 20 d6 ff 7f e9 e5 fa ff ff e7 fa ef b2 exception.symbol: random+0x1e2e89 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1977993 exception.address: 0x392e89 registers.esp: 9501964 registers.edi: 2205919 registers.eax: 31089 registers.ebp: 3992186900 registers.edx: 2130566132 registers.ebx: 3014702 registers.esi: 3727668 registers.ecx: 3775505	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb e9 75 02 00 00 81 f6 43 6c 1b 1f 5b e9 e5 05 exception.symbol: random+0x1e257f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1975679 exception.address: 0x39257f registers.esp: 9501964 registers.edi: 2205919 registers.eax: 31089 registers.ebp: 3992186900 registers.edx: 4294939264 registers.ebx: 150505 registers.esi: 3727668 registers.ecx: 3775505	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 56 e9 d9 fb ff ff c1 e3 04 f7 db 81 f3 fa 1c exception.symbol: random+0x1e427d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1983101 exception.address: 0x39427d registers.esp: 9501964 registers.edi: 2205919 registers.eax: 29201 registers.ebp: 3992186900 registers.edx: 50665 registers.ebx: 3780237 registers.esi: 4294940820 registers.ecx: 1783624467	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 29 ff ff 34 07 ff 34 24 ff 34 24 5e 51 51 c7 exception.symbol: random+0x1e779c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1996700 exception.address: 0x39779c registers.esp: 9501964 registers.edi: 0 registers.eax: 3793332 registers.ebp: 3992186900 registers.edx: 3757790 registers.ebx: 3755750 registers.esi: 424089922 registers.ecx: 3755750	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb e9 6b 01 00 00 31 fa 5f 29 d3 5a 81 f3 43 2a exception.symbol: random+0x1e793e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1997118 exception.address: 0x39793e registers.esp: 9501964 registers.edi: 4294942756 registers.eax: 3793332 registers.ebp: 3992186900 registers.edx: 3757790 registers.ebx: 3755750 registers.esi: 202985 registers.ecx: 3755750	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 81 ec 04 00 00 00 e9 e5 exception.symbol: random+0x1ef983 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2029955 exception.address: 0x39f983 registers.esp: 9501956 registers.edi: 12791416 registers.eax: 1447909480 registers.ebp: 3992186900 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 3790232 registers.ecx: 20	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x1f23e1 exception.address: 0x3a23e1 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 2040801 registers.esp: 9501956 registers.edi: 12791416 registers.eax: 1 registers.ebp: 3992186900 registers.edx: 22104 registers.ebx: 0 registers.esi: 3790232 registers.ecx: 20	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 cf 3a 2d 12 01 exception.symbol: random+0x1ee32b exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2024235 exception.address: 0x39e32b registers.esp: 9501956 registers.edi: 12791416 registers.eax: 1447909480 registers.ebp: 3992186900 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 3790232 registers.ecx: 10	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 52 89 e2 81 c2 04 00 00 00 e9 4f 00 00 00 81 exception.symbol: random+0x1f6057 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2056279 exception.address: 0x3a6057 registers.esp: 9501964 registers.edi: 12791416 registers.eax: 31576 registers.ebp: 3992186900 registers.edx: 2130566132 registers.ebx: 21714421 registers.esi: 3856102 registers.ecx: 748552192	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 53 55 bd fa ac ef 6d 81 f5 5f 7f 63 5a 81 cd exception.symbol: random+0x1f5ccd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2055373 exception.address: 0x3a5ccd registers.esp: 9501964 registers.edi: 12791416 registers.eax: 0 registers.ebp: 3992186900 registers.edx: 6379 registers.ebx: 21714421 registers.esi: 3827778 registers.ecx: 748552192	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: cd 01 eb 00 6a 00 50 e8 03 00 00 00 20 58 c3 58 exception.symbol: random+0x1f6cdd exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 2059485 exception.address: 0x3a6cdd registers.esp: 9501924 registers.edi: 0 registers.eax: 9501924 registers.ebp: 3992186900 registers.edx: 1922287105 registers.ebx: 3829265 registers.esi: 3829265 registers.ecx: 1800051424	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 2b fe ff ff 5a 51 e9 32 00 00 00 exception.symbol: random+0x1fdf84 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2088836 exception.address: 0x3adf84 registers.esp: 9501964 registers.edi: 12791416 registers.eax: 25613 registers.ebp: 3992186900 registers.edx: 3840476 registers.ebx: 21714421 registers.esi: 1705422653 registers.ecx: 3883378	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb e9 f4 fb ff ff 52 89 f2 89 d1 5a 89 ca 8b 0c exception.symbol: random+0x1fe251 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2089553 exception.address: 0x3ae251 registers.esp: 9501964 registers.edi: 12791416 registers.eax: 0 registers.ebp: 3992186900 registers.edx: 3840476 registers.ebx: 1567062 registers.esi: 1705422653 registers.ecx: 3860786	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 29 c0 ff 34 07 ff 34 24 ff 34 24 5e e9 dc fd exception.symbol: random+0x20c4d6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2147542 exception.address: 0x3bc4d6 registers.esp: 9501956 registers.edi: 3942095 registers.eax: 27377 registers.ebp: 3992186900 registers.edx: 6 registers.ebx: 21714643 registers.esi: 1971262480 registers.ecx: 6	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 2c 24 56 e9 06 05 00 00 exception.symbol: random+0x20be4e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2145870 exception.address: 0x3bbe4e registers.esp: 9501956 registers.edi: 3942095 registers.eax: 4294942832 registers.ebp: 3992186900 registers.edx: 6 registers.ebx: 21714643 registers.esi: 1632597 registers.ecx: 6	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 68 51 6c f0 36 89 2c 24 52 e9 50 00 00 00 8b exception.symbol: random+0x20cc5f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2149471 exception.address: 0x3bcc5f registers.esp: 9501956 registers.edi: 3948528 registers.eax: 30489 registers.ebp: 3992186900 registers.edx: 4294940104 registers.ebx: 604292946 registers.esi: 1632597 registers.ecx: 1444229463	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 68 7b 83 8a 3e 89 34 24 89 e6 e9 aa fd ff ff exception.symbol: random+0x20dfad exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2154413 exception.address: 0x3bdfad registers.esp: 9501952 registers.edi: 3948528 registers.eax: 32102 registers.ebp: 3992186900 registers.edx: 3921732 registers.ebx: 922344542 registers.esi: 1632597 registers.ecx: 857238226	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 52 83 ec 04 89 24 24 83 04 24 04 8b 14 24 83 exception.symbol: random+0x20d76b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2152299 exception.address: 0x3bd76b registers.esp: 9501956 registers.edi: 3948528 registers.eax: 32102 registers.ebp: 3992186900 registers.edx: 3953834 registers.ebx: 922344542 registers.esi: 1632597 registers.ecx: 857238226	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 57 89 e7 81 c7 04 00 00 00 e9 cb fe ff ff bb exception.symbol: random+0x20dcef exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2153711 exception.address: 0x3bdcef registers.esp: 9501956 registers.edi: 3948528 registers.eax: 3909414019 registers.ebp: 3992186900 registers.edx: 3924762 registers.ebx: 922344542 registers.esi: 1632597 registers.ecx: 0	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 31 d2 ff 34 0a ff 34 24 8b 3c 24 52 89 e2 53 exception.symbol: random+0x22c09b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2277531 exception.address: 0x3dc09b registers.esp: 9501924 registers.edi: 0 registers.eax: 31557 registers.ebp: 3992186900 registers.edx: 2130566132 registers.ebx: 272 registers.esi: 4042799 registers.ecx: 4078289	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb e9 e2 01 00 00 01 da e9 9c fd ff ff 81 2c 24 exception.symbol: random+0x22c44f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2278479 exception.address: 0x3dc44f registers.esp: 9501924 registers.edi: 116969 registers.eax: 31557 registers.ebp: 3992186900 registers.edx: 4294938468 registers.ebx: 272 registers.esi: 4042799 registers.ecx: 4078289	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 50 b8 11 86 f7 7f e9 c1 f6 ff ff 58 e9 cf fa exception.symbol: random+0x22e284 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2286212 exception.address: 0x3de284 registers.esp: 9501920 registers.edi: 116969 registers.eax: 26326 registers.ebp: 3992186900 registers.edx: 4052807 registers.ebx: 272 registers.esi: 4042799 registers.ecx: 24515907	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb e9 82 03 00 00 56 e9 a5 03 00 00 b8 23 fc ff exception.symbol: random+0x22d7a9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2283433 exception.address: 0x3dd7a9 registers.esp: 9501924 registers.edi: 116969 registers.eax: 837118035 registers.ebp: 3992186900 registers.edx: 4079133 registers.ebx: 4294943964 registers.esi: 4042799 registers.ecx: 24515907	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb e9 01 08 00 00 ff 34 24 58 e9 0d 06 00 00 5b exception.symbol: random+0x22e4c4 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2286788 exception.address: 0x3de4c4 registers.esp: 9501924 registers.edi: 4294942804 registers.eax: 4083908 registers.ebp: 3992186900 registers.edx: 3909414019 registers.ebx: 4294943964 registers.esi: 4042799 registers.ecx: 24515907	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb e9 2f 01 00 00 f7 db e9 ba 03 00 00 81 e1 90 exception.symbol: random+0x22f5ea exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2291178 exception.address: 0x3df5ea registers.esp: 9501920 registers.edi: 4294942804 registers.eax: 4059852 registers.ebp: 3992186900 registers.edx: 1402928523 registers.ebx: 4294943964 registers.esi: 4042799 registers.ecx: 24515907	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb e9 94 01 00 00 81 c2 cb a0 f7 6f 8b 04 24 81 exception.symbol: random+0x22fde8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2293224 exception.address: 0x3dfde8 registers.esp: 9501924 registers.edi: 2338742368 registers.eax: 4063297 registers.ebp: 3992186900 registers.edx: 1402928523 registers.ebx: 4294943964 registers.esi: 4042799 registers.ecx: 0	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 56 89 3c 24 bf 8d ed f6 7f 01 f8 8b 3c 24 83 exception.symbol: random+0x230d4e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2297166 exception.address: 0x3e0d4e registers.esp: 9501920 registers.edi: 4092034 registers.eax: 4064371 registers.ebp: 3992186900 registers.edx: 955033925 registers.ebx: 4294943964 registers.esi: 0 registers.ecx: 0	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 68 3f 20 31 3b 89 14 24 54 5a 81 c2 04 00 00 exception.symbol: random+0x23085e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2295902 exception.address: 0x3e085e registers.esp: 9501924 registers.edi: 4294937764 registers.eax: 4096725 registers.ebp: 3992186900 registers.edx: 607947093 registers.ebx: 4294943964 registers.esi: 0 registers.ecx: 0	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 68 01 3c 95 73 89 34 24 e9 6e 00 00 00 89 e8 exception.symbol: random+0x239c64 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2333796 exception.address: 0x3e9c64 registers.esp: 9501924 registers.edi: 4103793 registers.eax: 0 registers.ebp: 3992186900 registers.edx: 0 registers.ebx: 89065 registers.esi: 305256588 registers.ecx: 1969225870	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 0c 24 b9 ae 9c ff 7f e9 18 01 00 exception.symbol: random+0x23be3f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2342463 exception.address: 0x3ebe3f registers.esp: 9501924 registers.edi: 4294937896 registers.eax: 32385 registers.ebp: 3992186900 registers.edx: 157417 registers.ebx: 925971 registers.esi: 305268850 registers.ecx: 4142755	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 0c 24 57 e9 15 fa ff ff ff 74 24 exception.symbol: random+0x23d538 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2348344 exception.address: 0x3ed538 registers.esp: 9501920 registers.edi: 4294937896 registers.eax: 27703 registers.ebp: 3992186900 registers.edx: 1422454405 registers.ebx: 89399179 registers.esi: 4116116 registers.ecx: 4142755	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 1a 2f db 3d e9 3f fa ff ff 89 d0 exception.symbol: random+0x23d932 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2349362 exception.address: 0x3ed932 registers.esp: 9501924 registers.edi: 4294937896 registers.eax: 0 registers.ebp: 3992186900 registers.edx: 1422454405 registers.ebx: 89399179 registers.esi: 4118867 registers.ecx: 3939837675	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 53 e9 91 00 00 00 53 e9 8f ff ff ff 83 ec 04 exception.symbol: random+0x24efe1 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2420705 exception.address: 0x3fefe1 registers.esp: 9501924 registers.edi: 4164142 registers.eax: 32370 registers.ebp: 3992186900 registers.edx: 1170600 registers.ebx: 4164110 registers.esi: 4220381 registers.ecx: 748552192	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 54 8b 1c 24 e9 3f exception.symbol: random+0x24f322 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2421538 exception.address: 0x3ff322 registers.esp: 9501924 registers.edi: 4164142 registers.eax: 32370 registers.ebp: 3992186900 registers.edx: 4294937940 registers.ebx: 3992794984 registers.esi: 4220381 registers.ecx: 748552192	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 4d 01 00 00 59 29 dd 5b e9 0a 0b exception.symbol: random+0x24f562 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2422114 exception.address: 0x3ff562 registers.esp: 9501924 registers.edi: 3832466280 registers.eax: 4219634 registers.ebp: 3992186900 registers.edx: 4294942308 registers.ebx: 630825768 registers.esi: 4220381 registers.ecx: 1991331910	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb e9 af 00 00 00 8b 2c 24 50 54 58 05 04 00 00 exception.symbol: random+0x261044 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2494532 exception.address: 0x411044 registers.esp: 9501924 registers.edi: 604292944 registers.eax: 4264195 registers.ebp: 3992186900 registers.edx: 1170600 registers.ebx: 0 registers.esi: 7847916 registers.ecx: 748552192	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 e9 0c 02 00 00 01 c7 58 31 exception.symbol: random+0x26576f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2512751 exception.address: 0x41576f registers.esp: 9501924 registers.edi: 4284124 registers.eax: 30958 registers.ebp: 3992186900 registers.edx: 9 registers.ebx: 0 registers.esi: 4143211491 registers.ecx: 604292946	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 53 bb 00 3e ff 7a e9 f0 fc ff ff 81 44 24 04 exception.symbol: random+0x276f06 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2584326 exception.address: 0x426f06 registers.esp: 9501920 registers.edi: 7847916 registers.eax: 27277 registers.ebp: 3992186900 registers.edx: 11 registers.ebx: 4322308 registers.esi: 7847916 registers.ecx: 4351262	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 56 51 e9 30 00 00 00 83 c4 04 81 c4 04 00 00 exception.symbol: random+0x27714d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2584909 exception.address: 0x42714d registers.esp: 9501924 registers.edi: 0 registers.eax: 604292951 registers.ebp: 3992186900 registers.edx: 11 registers.ebx: 4322308 registers.esi: 7847916 registers.ecx: 4354615	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 68 00 ce b4 35 89 3c 24 89 0c 24 b9 94 e3 bf exception.symbol: random+0x2801dd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2621917 exception.address: 0x4301dd registers.esp: 9501920 registers.edi: 0 registers.eax: 4390268 registers.ebp: 3992186900 registers.edx: 2130566132 registers.ebx: 4322308 registers.esi: 2005598220 registers.ecx: 748552192	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 31 d2 ff 34 10 ff 34 24 8b 3c 24 83 c4 04 53 exception.symbol: random+0x28054f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2622799 exception.address: 0x43054f registers.esp: 9501924 registers.edi: 0 registers.eax: 4417015 registers.ebp: 3992186900 registers.edx: 2130566132 registers.ebx: 4322308 registers.esi: 2005598220 registers.ecx: 748552192	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 04 24 e9 f7 00 00 00 52 exception.symbol: random+0x280122 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2621730 exception.address: 0x430122 registers.esp: 9501924 registers.edi: 2179041617 registers.eax: 4417015 registers.ebp: 3992186900 registers.edx: 4294943120 registers.ebx: 4322308 registers.esi: 2005598220 registers.ecx: 748552192	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 57 89 1c 24 e9 52 fc ff ff 55 bd 92 d0 f7 6b exception.symbol: random+0x282b92 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2632594 exception.address: 0x432b92 registers.esp: 9501920 registers.edi: 1813150021 registers.eax: 31237 registers.ebp: 3992186900 registers.edx: 1337832318 registers.ebx: 1817410045 registers.esi: 4184639837 registers.ecx: 4398983	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb 68 f4 a4 98 41 89 0c 24 c7 04 24 00 20 fb 20 exception.symbol: random+0x282721 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2631457 exception.address: 0x432721 registers.esp: 9501924 registers.edi: 1813150021 registers.eax: 31237 registers.ebp: 3992186900 registers.edx: 1337832318 registers.ebx: 1817410045 registers.esi: 4184639837 registers.ecx: 4430220	1
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: fb e9 a9 fb ff ff 68 00 00 00 00 29 0c 24 59 e9 exception.symbol: random+0x28251a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2630938 exception.address: 0x43251a registers.esp: 9501924 registers.edi: 22538576 registers.eax: 31237 registers.ebp: 3992186900 registers.edx: 1337832318 registers.ebx: 1817410045 registers.esi: 0 registers.ecx: 4402296	1

Allocates read-write-execute memory (usually to unpack itself) (16 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7793f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 376832 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x001b1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ae0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bb0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 23, 2025, 6:32 p.m.	process_identifier: 808 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x0005c000', u'virtual_address': u'0x00001000', u'entropy': 7.1074062818550425, u'name': u' \\x00 ', u'virtual_size': u'0x0005c000'}

entropy

7.10740628186

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x001a4000', u'virtual_address': u'0x00311000', u'entropy': 7.954638635829488, u'name': u'atjlbefw', u'virtual_size': u'0x001a4000'}

entropy

7.95463863583

description

A section with a high entropy has been found

entropy

0.994416120418

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA April 23, 2025, 6:32 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA April 23, 2025, 6:32 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 23, 2025, 6:32 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 81 ec 04 00 00 00 e9 e5 exception.symbol: random+0x1ef983 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2029955 exception.address: 0x39f983 registers.esp: 9501956 registers.edi: 12791416 registers.eax: 1447909480 registers.ebp: 3992186900 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 3790232 registers.ecx: 20	1	0	0

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Generic.vc
ALYac	Gen:Variant.Symmi.84601
Cylance	Unsafe
VIPRE	Gen:Variant.Symmi.84601
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (D)
BitDefender	Gen:Variant.Symmi.84601
Arcabit	Trojan.Symmi.D14A79
Symantec	Trojan.Sox5systemz!g2
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	HEUR:Trojan-PSW.Win32.Stealerc.gen
MicroWorld-eScan	Gen:Variant.Symmi.84601
Rising	Trojan.Agent!1.12B48 (CLASSIC)
Emsisoft	Gen:Variant.Symmi.84601 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
McAfeeD	Real Protect-LS!8BD13D01B95F
Trapmine	malicious.high.ml.score
CTX	exe.unknown.symmi
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
Google	Detected
Avira	TR/Crypt.XPACK.Gen
Kingsoft	malware.kb.a.990
Gridinsoft	Trojan.Heur!.038120A1
Microsoft	Trojan:Win32/Sabsik.EN.D!ml
GData	Gen:Variant.Symmi.84601
Varist	W32/Themida.CT.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R695326
DeepInstinct	MALICIOUS
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	Trojan.Amadey
Ikarus	Trojan.Win32.LummaStealer
Zoner	Probably Heur.ExeHeaderL
TrendMicro-HouseCall	Trojan.Win32.VSX.PE04C9V
huorong	HEUR:TrojanSpy/Stealer.by
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Themida.HZB!tr
AVG	Win32:Evo-gen [Trj]

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All