Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 24, 2025, 10:17 a.m.	April 24, 2025, 10:19 a.m.

Size	2.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`41bffdf01061c90094c7e14bc6763e11`
SHA256	`4e2158a12aaf98b6dc93d6eafe70fe05029481b9ed2cc5657787d8d7dc7b1106`
CRC32	`1D2337B9`
ssdeep	`49152:MVbYEMTI54lYXuZG4Lxjw7bQJh5bdWtoLYOsh:MVbYRX5Gqxk0RWQYOw`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
1460
dialer.exe "C:\Windows\system32\dialer.exe"
2224

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
154.81.179.131	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 24, 2025, 10:17 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	pfxdofgi
section	ttwivdrr
section	.taggant

One or more processes crashed (50 out of 112 events)

Time & API	Arguments	Status
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: random+0x32f0b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3338425 exception.address: 0x69f0b9 registers.esp: 3472316 registers.edi: 0 registers.eax: 1 registers.ebp: 3472332 registers.edx: 8675328 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 68 05 6d 03 5d 89 04 24 56 be 39 61 fb 79 c1 exception.symbol: random+0x7e737 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 517943 exception.address: 0x3ee737 registers.esp: 3472284 registers.edi: 1971192040 registers.eax: 76239952 registers.ebp: 3994140692 registers.edx: 0 registers.ebx: 4123126 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb e9 c1 06 00 00 89 ef 5d 81 c7 94 d8 a8 12 51 exception.symbol: random+0x7ecf8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 519416 exception.address: 0x3eecf8 registers.esp: 3472284 registers.edi: 4126780 registers.eax: 29962 registers.ebp: 3994140692 registers.edx: 539735879 registers.ebx: 0 registers.esi: 3 registers.ecx: 241897	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 50 b8 35 e0 b7 1b 01 c6 8b 04 24 52 e9 be 01 exception.symbol: random+0x205eac exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2121388 exception.address: 0x575eac registers.esp: 3472280 registers.edi: 4159922 registers.eax: 25997 registers.ebp: 3994140692 registers.edx: 2130566132 registers.ebx: 4063294 registers.esi: 5724471 registers.ecx: 62	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 ad 02 00 00 b9 04 00 00 00 e9 62 exception.symbol: random+0x205a58 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2120280 exception.address: 0x575a58 registers.esp: 3472284 registers.edi: 4159922 registers.eax: 25997 registers.ebp: 3994140692 registers.edx: 4294943980 registers.ebx: 275177 registers.esi: 5750468 registers.ecx: 62	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 50 89 14 24 c7 04 24 19 b3 87 0c 89 04 24 68 exception.symbol: random+0x2085a8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2131368 exception.address: 0x5785a8 registers.esp: 3472284 registers.edi: 4159922 registers.eax: 32382 registers.ebp: 3994140692 registers.edx: 5736200 registers.ebx: 1549541099 registers.esi: 0 registers.ecx: 1781709357	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 55 e9 b7 fc ff ff 54 5e 81 ec 04 00 00 00 89 exception.symbol: random+0x209634 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2135604 exception.address: 0x579634 registers.esp: 3472284 registers.edi: 0 registers.eax: 5766837 registers.ebp: 3994140692 registers.edx: 12160884 registers.ebx: 5736226 registers.esi: 1547516026 registers.ecx: 5736226	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb ba 26 70 f5 3f 81 ca f7 0a 7b 5f 81 c2 cd 7f exception.symbol: random+0x209b41 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2136897 exception.address: 0x579b41 registers.esp: 3472284 registers.edi: 0 registers.eax: 5741401 registers.ebp: 3994140692 registers.edx: 0 registers.ebx: 5736226 registers.esi: 1259 registers.ecx: 5736226	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 57 89 04 24 89 e0 56 be exception.symbol: random+0x214a91 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2181777 exception.address: 0x584a91 registers.esp: 3472276 registers.edi: 12136056 registers.eax: 1447909480 registers.ebp: 3994140692 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 5770684 registers.ecx: 20	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x212124 exception.address: 0x582124 exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 2171172 registers.esp: 3472276 registers.edi: 12136056 registers.eax: 1 registers.ebp: 3994140692 registers.edx: 22104 registers.ebx: 0 registers.esi: 5770684 registers.ecx: 20	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 65 38 2d 12 01 exception.symbol: random+0x215ba8 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2186152 exception.address: 0x585ba8 registers.esp: 3472276 registers.edi: 12136056 registers.eax: 1447909480 registers.ebp: 3994140692 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 5770684 registers.ecx: 10	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 6a 00 55 e8 03 00 00 00 20 5d c3 5d exception.symbol: random+0x21948a exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 2200714 exception.address: 0x58948a registers.esp: 3472244 registers.edi: 0 registers.eax: 3472244 registers.ebp: 3994140692 registers.edx: 845428780 registers.ebx: 5805589 registers.esi: 246219131 registers.ecx: 40915597	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb e9 50 01 00 00 29 f0 e9 aa 01 00 00 52 ba 69 exception.symbol: random+0x219ce6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2202854 exception.address: 0x589ce6 registers.esp: 3472284 registers.edi: 4294943828 registers.eax: 26673 registers.ebp: 3994140692 registers.edx: 2283 registers.ebx: 40915499 registers.esi: 5833589 registers.ecx: 934641131	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 55 89 1c 24 bb 10 cf df 4e f7 db e9 24 fe ff exception.symbol: random+0x22144a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2233418 exception.address: 0x59144a registers.esp: 3472284 registers.edi: 5865462 registers.eax: 29199 registers.ebp: 3994140692 registers.edx: 607453008 registers.ebx: 627554387 registers.esi: 5833589 registers.ecx: 4294940528	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb e9 dc 01 00 00 c1 e2 08 53 89 e3 81 c3 04 00 exception.symbol: random+0x22953a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2266426 exception.address: 0x59953a registers.esp: 3472280 registers.edi: 4114670 registers.eax: 25726 registers.ebp: 3994140692 registers.edx: 6 registers.ebx: 40915721 registers.esi: 1971262480 registers.ecx: 5869470	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 55 c7 04 24 71 eb 06 6f e9 54 fb ff ff 5b 87 exception.symbol: random+0x2295dd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2266589 exception.address: 0x5995dd registers.esp: 3472284 registers.edi: 4294944720 registers.eax: 25726 registers.ebp: 3994140692 registers.edx: 6 registers.ebx: 40915721 registers.esi: 604277073 registers.ecx: 5895196	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 55 85 fb 68 53 bb 1b 1b eb 72 09 exception.symbol: random+0x22cd3d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2280765 exception.address: 0x59cd3d registers.esp: 3472284 registers.edi: 1179202795 registers.eax: 4294944060 registers.ebp: 3994140692 registers.edx: 1088667324 registers.ebx: 1333573111 registers.esi: 604277073 registers.ecx: 5908707	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 31 ff 51 50 89 3c 24 56 53 bb f8 2f ef 2f 53 exception.symbol: random+0x2325a0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2303392 exception.address: 0x5a25a0 registers.esp: 3472276 registers.edi: 1179202795 registers.eax: 31721 registers.ebp: 3994140692 registers.edx: 1495633845 registers.ebx: 5937115 registers.esi: 1779784557 registers.ecx: 1501525676	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 52 89 0c 24 c7 04 24 7c 0c a8 04 ff 34 24 8b exception.symbol: random+0x231ee2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2301666 exception.address: 0x5a1ee2 registers.esp: 3472276 registers.edi: 4294938220 registers.eax: 31721 registers.ebp: 3994140692 registers.edx: 12577104 registers.ebx: 5937115 registers.esi: 1779784557 registers.ecx: 1501525676	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 57 50 b8 eb 2f ff 7f 89 c7 58 c1 e7 05 f7 df exception.symbol: random+0x25663e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2451006 exception.address: 0x5c663e registers.esp: 3472244 registers.edi: 0 registers.eax: 33269 registers.ebp: 3994140692 registers.edx: 6056569 registers.ebx: 1170530560 registers.esi: 2179434839 registers.ecx: 1367080960	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb e9 e6 fd ff ff 89 3c 24 52 89 0c 24 c7 04 24 exception.symbol: random+0x25711e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2453790 exception.address: 0x5c711e registers.esp: 3472244 registers.edi: 0 registers.eax: 6060101 registers.ebp: 3994140692 registers.edx: 0 registers.ebx: 1572152160 registers.esi: 2179434839 registers.ecx: 1367080960	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 81 ef a1 12 e5 3b 51 b9 40 e0 0f 7d e9 13 00 exception.symbol: random+0x258639 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2459193 exception.address: 0x5c8639 registers.esp: 3472240 registers.edi: 6061383 registers.eax: 30707 registers.ebp: 3994140692 registers.edx: 1712263354 registers.ebx: 148664017 registers.esi: 6060132 registers.ecx: 0	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb e9 37 01 00 00 83 ec 04 e9 35 04 00 00 89 14 exception.symbol: random+0x257d9d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2456989 exception.address: 0x5c7d9d registers.esp: 3472244 registers.edi: 6092090 registers.eax: 30707 registers.ebp: 3994140692 registers.edx: 1712263354 registers.ebx: 148664017 registers.esi: 6060132 registers.ecx: 0	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 51 50 68 18 61 b6 3f 58 05 70 81 a9 29 52 89 exception.symbol: random+0x257e98 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2457240 exception.address: 0x5c7e98 registers.esp: 3472244 registers.edi: 6092090 registers.eax: 17295697 registers.ebp: 3994140692 registers.edx: 1712263354 registers.ebx: 4294939584 registers.esi: 6060132 registers.ecx: 0	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 81 c3 d4 dc 7f 18 81 c3 c3 e9 fd 47 81 eb 3c exception.symbol: random+0x258b1e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2460446 exception.address: 0x5c8b1e registers.esp: 3472240 registers.edi: 6092090 registers.eax: 26671 registers.ebp: 3994140692 registers.edx: 102479473 registers.ebx: 6064751 registers.esi: 6060132 registers.ecx: 300913662	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 34 24 e9 2a 00 00 00 50 exception.symbol: random+0x259268 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2462312 exception.address: 0x5c9268 registers.esp: 3472244 registers.edi: 6092090 registers.eax: 26671 registers.ebp: 3994140692 registers.edx: 102479473 registers.ebx: 6091422 registers.esi: 6060132 registers.ecx: 300913662	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 56 e9 f7 fc ff ff 59 81 ee exception.symbol: random+0x258ecd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2461389 exception.address: 0x5c8ecd registers.esp: 3472244 registers.edi: 4294943340 registers.eax: 26671 registers.ebp: 3994140692 registers.edx: 1668210280 registers.ebx: 6091422 registers.esi: 6060132 registers.ecx: 300913662	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 50 89 34 24 be b3 c8 5f 35 05 be e1 79 7e e9 exception.symbol: random+0x260387 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2491271 exception.address: 0x5d0387 registers.esp: 3472240 registers.edi: 4294943340 registers.eax: 6095030 registers.ebp: 3994140692 registers.edx: 0 registers.ebx: 4294966013 registers.esi: 306871624 registers.ecx: 6093013	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 52 57 e9 00 00 00 00 68 e7 64 ed 6f 8b 3c 24 exception.symbol: random+0x260b90 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2493328 exception.address: 0x5d0b90 registers.esp: 3472244 registers.edi: 4294943340 registers.eax: 6121386 registers.ebp: 3994140692 registers.edx: 0 registers.ebx: 4294966013 registers.esi: 306871624 registers.ecx: 6093013	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb b8 9f 53 2f 10 56 89 e6 e9 91 f9 ff ff 5f e9 exception.symbol: random+0x260c80 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2493568 exception.address: 0x5d0c80 registers.esp: 3472244 registers.edi: 44777 registers.eax: 6098362 registers.ebp: 3994140692 registers.edx: 0 registers.ebx: 4294966013 registers.esi: 306871624 registers.ecx: 0	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 31 c9 ff 34 11 ff 34 24 ff 34 24 e9 99 03 00 exception.symbol: random+0x261627 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2496039 exception.address: 0x5d1627 registers.esp: 3472244 registers.edi: 44777 registers.eax: 28844 registers.ebp: 3994140692 registers.edx: 6127842 registers.ebx: 4294966013 registers.esi: 306871624 registers.ecx: 1514919036	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb e9 a3 05 00 00 8b 24 24 50 89 e0 05 04 00 00 exception.symbol: random+0x2613cc exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2495436 exception.address: 0x5d13cc registers.esp: 3472244 registers.edi: 44777 registers.eax: 28844 registers.ebp: 3994140692 registers.edx: 6127842 registers.ebx: 73193 registers.esi: 306871624 registers.ecx: 4294941088	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 57 bf 8a 20 fb 3f 81 cf 3f 16 bf 25 52 89 e2 exception.symbol: random+0x264085 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2506885 exception.address: 0x5d4085 registers.esp: 3472240 registers.edi: 7387 registers.eax: 31223 registers.ebp: 3994140692 registers.edx: 1594629339 registers.ebx: 1594629339 registers.esi: 6155957 registers.ecx: 6110392	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 68 43 ea 86 71 89 14 24 51 53 52 ba f5 95 77 exception.symbol: random+0x2646cd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2508493 exception.address: 0x5d46cd registers.esp: 3472244 registers.edi: 7387 registers.eax: 31223 registers.ebp: 3994140692 registers.edx: 1594629339 registers.ebx: 1594629339 registers.esi: 6155957 registers.ecx: 6141615	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 68 bb 29 d3 45 e9 73 00 00 00 81 c4 04 00 00 exception.symbol: random+0x264357 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2507607 exception.address: 0x5d4357 registers.esp: 3472244 registers.edi: 0 registers.eax: 31223 registers.ebp: 3994140692 registers.edx: 1594629339 registers.ebx: 157417 registers.esi: 6155957 registers.ecx: 6113511	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 55 e9 20 fd ff ff 52 ba 19 7f de 65 89 d0 5a exception.symbol: random+0x26567b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2512507 exception.address: 0x5d567b registers.esp: 3472240 registers.edi: 0 registers.eax: 26945 registers.ebp: 3994140692 registers.edx: 6116166 registers.ebx: 1439992580 registers.esi: 6155957 registers.ecx: 2134208481	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 29 c0 52 89 e2 81 c2 04 00 00 00 57 bf 04 00 exception.symbol: random+0x26546e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2511982 exception.address: 0x5d546e registers.esp: 3472244 registers.edi: 0 registers.eax: 26945 registers.ebp: 3994140692 registers.edx: 6143111 registers.ebx: 1439992580 registers.esi: 6155957 registers.ecx: 2134208481	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 57 50 e9 91 00 00 00 50 e9 a2 ff ff ff 83 c4 exception.symbol: random+0x2656d2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2512594 exception.address: 0x5d56d2 registers.esp: 3472244 registers.edi: 0 registers.eax: 4294943004 registers.ebp: 3994140692 registers.edx: 6143111 registers.ebx: 1439992580 registers.esi: 3018413143 registers.ecx: 2134208481	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb e9 59 f9 ff ff f7 14 24 8b 04 24 83 c4 04 31 exception.symbol: random+0x26b966 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2537830 exception.address: 0x5db966 registers.esp: 3472244 registers.edi: 0 registers.eax: 6166594 registers.ebp: 3994140692 registers.edx: 2130566132 registers.ebx: 2147483650 registers.esi: 6120555 registers.ecx: 1367080960	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb e9 31 00 00 00 89 3c 24 56 e9 c6 02 00 00 03 exception.symbol: random+0x26b521 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2536737 exception.address: 0x5db521 registers.esp: 3472244 registers.edi: 0 registers.eax: 6142530 registers.ebp: 3994140692 registers.edx: 0 registers.ebx: 2147483650 registers.esi: 930607976 registers.ecx: 1367080960	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb e9 f2 02 00 00 35 e4 cf f3 7f 81 c2 cc 10 df exception.symbol: random+0x26ef01 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2551553 exception.address: 0x5def01 registers.esp: 3472244 registers.edi: 0 registers.eax: 31690 registers.ebp: 3994140692 registers.edx: 606898512 registers.ebx: 6158584 registers.esi: 0 registers.ecx: 63482965	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 81 c7 d3 4a af 4f 81 c7 55 20 b7 6f 81 ef 1b exception.symbol: random+0x289cae exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2661550 exception.address: 0x5f9cae registers.esp: 3472240 registers.edi: 6265118 registers.eax: 25842 registers.ebp: 3994140692 registers.edx: 2130566132 registers.ebx: 5570561 registers.esi: 9194714 registers.ecx: 1367080960	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 51 b9 31 d2 ea 6d be d8 b8 15 03 31 ce 8b 0c exception.symbol: random+0x28a27c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2663036 exception.address: 0x5fa27c registers.esp: 3472244 registers.edi: 6290960 registers.eax: 25842 registers.ebp: 3994140692 registers.edx: 2130566132 registers.ebx: 5570561 registers.esi: 9194714 registers.ecx: 1367080960	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 52 e9 41 03 00 00 83 ec 04 89 3c 24 89 e7 51 exception.symbol: random+0x289ffb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2662395 exception.address: 0x5f9ffb registers.esp: 3472244 registers.edi: 6267840 registers.eax: 25842 registers.ebp: 3994140692 registers.edx: 2130566132 registers.ebx: 604292946 registers.esi: 0 registers.ecx: 1367080960	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb b8 57 a8 3f 75 25 36 f1 f7 7f 83 c0 01 f7 d8 exception.symbol: random+0x290126 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2687270 exception.address: 0x600126 registers.esp: 3472244 registers.edi: 6293174 registers.eax: 28540 registers.ebp: 3994140692 registers.edx: 0 registers.ebx: 6269281 registers.esi: 9093100 registers.ecx: 859673960	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 51 89 e1 e9 7b 02 00 00 68 56 aa 22 a4 59 01 exception.symbol: random+0x2a176a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2758506 exception.address: 0x61176a registers.esp: 3472244 registers.edi: 684740590 registers.eax: 6393484 registers.ebp: 3994140692 registers.edx: 11 registers.ebx: 6334198 registers.esi: 37677393 registers.ecx: 4294938252	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 0c 24 e9 6d 02 00 00 89 54 24 04 exception.symbol: random+0x2b2767 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2828135 exception.address: 0x622767 registers.esp: 3472244 registers.edi: 6074785 registers.eax: 26950 registers.ebp: 3994140692 registers.edx: 395049983 registers.ebx: 6459129 registers.esi: 6074783 registers.ecx: 3738837507	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 51 b9 92 5f 87 5f b8 4b 60 df 7d f7 d0 05 58 exception.symbol: random+0x2b303d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2830397 exception.address: 0x62303d registers.esp: 3472244 registers.edi: 1750552662 registers.eax: 0 registers.ebp: 3994140692 registers.edx: 395049983 registers.ebx: 6434961 registers.esi: 6074783 registers.ecx: 3738837507	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 50 89 e0 05 04 00 00 00 83 e8 04 87 04 24 8b exception.symbol: random+0x2b365c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2831964 exception.address: 0x62365c registers.esp: 3472244 registers.edi: 6467443 registers.eax: 32032 registers.ebp: 3994140692 registers.edx: 4294938188 registers.ebx: 4008283752 registers.esi: 6074783 registers.ecx: 752889748	1
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: fb 81 c7 74 7c fd 77 81 c7 55 7c ff 75 e9 59 00 exception.symbol: random+0x2b45ce exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2835918 exception.address: 0x6245ce registers.esp: 3472240 registers.edi: 6438721 registers.eax: 29570 registers.ebp: 3994140692 registers.edx: 626741924 registers.ebx: 4008283752 registers.esi: 6074783 registers.ecx: 410108169	1

Allocates read-write-execute memory (usually to unpack itself) (37 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7793f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 339968 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00371000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00920000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00af0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02430000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02440000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02490000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02500000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02510000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02620000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02630000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02680000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02690000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04aa0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4128768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ab0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 2224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 65536 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d00000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 2224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778e6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 2224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4128768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01d10000 process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00052a00', u'virtual_address': u'0x00001000', u'entropy': 7.972050363986126, u'name': u' \\x00 ', u'virtual_size': u'0x00079000'}

entropy

7.97205036399

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x001a5c00', u'virtual_address': u'0x0032f000', u'entropy': 7.953496403501497, u'name': u'pfxdofgi', u'virtual_size': u'0x001a6000'}

entropy

7.9534964035

description

A section with a high entropy has been found

entropy

0.993842364532

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Communicates with host for which no DNS query was performed (1 event)

host

154.81.179.131

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA April 24, 2025, 10:17 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA April 24, 2025, 10:17 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Manipulates memory of a non-child process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1460 manipulating memory of non-child process 2224
NtAllocateVirtualMemory April 24, 2025, 10:17 a.m.	process_identifier: 2224 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 4 (PAGE_READWRITE) base_address: 0x000a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0x00000180	1	0	0

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 24, 2025, 10:17 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 57 89 04 24 89 e0 56 be exception.symbol: random+0x214a91 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2181777 exception.address: 0x584a91 registers.esp: 3472276 registers.edi: 12136056 registers.eax: 1447909480 registers.ebp: 3994140692 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 5770684 registers.ecx: 20	1	0	0

File has been identified by 27 AntiVirus engines on VirusTotal as malicious (27 events)

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_90% (D)
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:MalwareX-gen [Pws]
Kaspersky	HEUR:Trojan.Win32.Generic
McAfeeD	Real Protect-LS!41BFFDF01061
Trapmine	malicious.high.ml.score
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
Google	Detected
Gridinsoft	Trojan.Heur!.038120A1
Microsoft	Trojan:Win32/Sabsik.RD.A!ml
Varist	W32/Themida.CT.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R697000
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.Injector.DPLG
Ikarus	Trojan.Packed.Themida
Panda	Trj/Genetic.gen
Zoner	Probably Heur.ExeHeaderL
TrendMicro-HouseCall	Trojan.Win32.VSX.PE04C9V
Tencent	Win32.Trojan.Generic.Nqil
AVG	Win32:MalwareX-gen [Pws]

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

154.81.179.131:9645

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All