popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

HPSocket4C.dll

Generic Malware Malicious Library UPX PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 April 21, 2025, 10:09 a.m. April 21, 2025, 1:19 p.m.
Size 1.7MB
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 5785700f701c5754357a58d673de915f
SHA256 1b81d5e63f9d150c6da18934028e9c58faf93fbcc53d1b94965a725eade6f0fb
CRC32 981A1CEA
ssdeep 49152:XXV+5VMCOy9FTLRE9VAonPkNQmdGPp5l9T/SnLvae:V27TLREXP2QZPlI
PDB Path D:\MyWork\Linux\MyWork\HP-Socket\Windows\Bin\HPSocket4C\x86\HPSocket4C.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
185.39.17.70 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
pdb_path D:\MyWork\Linux\MyWork\HP-Socket\Windows\Bin\HPSocket4C\x86\HPSocket4C.pdb
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 18 01 15 00 00 00 00 00 18 01 15 00 00 00 00 00
exception.instruction: sbb byte ptr [ecx], al
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x150118
registers.esp: 2686000
registers.edi: 0
registers.eax: 1376536
registers.ebp: 2686008
registers.edx: 1376536
registers.ebx: 0
registers.esi: 1376544
registers.ecx: 1376544
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x304
registers.esp: 1048048
registers.edi: 0
registers.eax: 262144
registers.ebp: 1048056
registers.edx: 772
registers.ebx: 0
registers.esi: 1900856
registers.ecx: 1900856
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 10 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgent+0xc Create_HP_TcpServerListener-0x14 hpsocket4c+0xea0c
exception.address: 0x7333ea0c
registers.esp: 982476
registers.edi: 0
registers.eax: 0
registers.ebp: 982476
registers.edx: 4
registers.ebx: 0
registers.esi: 1376638
registers.ecx: 1376638
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 50 38 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax + 0x38]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgentListener+0xc HP_Set_FN_Agent_OnHandShake-0x14 hpsocket4c+0x108ec
exception.address: 0x733408ec
registers.esp: 1374112
registers.edi: 0
registers.eax: 170655744
registers.ebp: 1374112
registers.edx: 4
registers.ebx: 0
registers.esi: 262470
registers.ecx: 262470
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 10 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgent+0xc Create_HP_TcpServerListener-0x14 hpsocket4c+0xea0c
exception.address: 0x7333ea0c
registers.esp: 3210408
registers.edi: 0
registers.eax: 2604
registers.ebp: 3210408
registers.edx: 4
registers.ebx: 0
registers.esi: 262472
registers.ecx: 262472
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xcccccccc
registers.esp: 1702816
registers.edi: 0
registers.eax: 3014656
registers.ebp: 1702824
registers.edx: 3435973836
registers.ebx: 0
registers.esi: 262466
registers.ecx: 262466
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 10 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgent+0xc Create_HP_TcpServerListener-0x14 hpsocket4c+0xea0c
exception.address: 0x7333ea0c
registers.esp: 1637172
registers.edi: 0
registers.eax: 167510016
registers.ebp: 1637172
registers.edx: 4
registers.ebx: 0
registers.esi: 262462
registers.ecx: 262462
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 10 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgent+0xc Create_HP_TcpServerListener-0x14 hpsocket4c+0xea0c
exception.address: 0x7333ea0c
registers.esp: 1309068
registers.edi: 0
registers.eax: 166199296
registers.ebp: 1309068
registers.edx: 4
registers.ebx: 0
registers.esi: 262458
registers.ecx: 262458
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x78746341
registers.esp: 1506036
registers.edi: 0
registers.eax: 327680
registers.ebp: 1506044
registers.edx: 2020893505
registers.ebx: 0
registers.esi: 327978
registers.ecx: 327978
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 10 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgent+0xc Create_HP_TcpServerListener-0x14 hpsocket4c+0xea0c
exception.address: 0x7333ea0c
registers.esp: 3210260
registers.edi: 0
registers.eax: 939524096
registers.ebp: 3210260
registers.edx: 4
registers.ebx: 0
registers.esi: 131450
registers.ecx: 131450
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 10 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgent+0xc Create_HP_TcpServerListener-0x14 hpsocket4c+0xea0c
exception.address: 0x7333ea0c
registers.esp: 1898192
registers.edi: 0
registers.eax: 0
registers.ebp: 1898192
registers.edx: 4
registers.ebx: 0
registers.esi: 65924
registers.ecx: 65924
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x0
registers.esp: 1506488
registers.edi: 0
registers.eax: 65536
registers.ebp: 1506496
registers.edx: 0
registers.ebx: 0
registers.esi: 65928
registers.ecx: 65928
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 10 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgent+0xc Create_HP_TcpServerListener-0x14 hpsocket4c+0xea0c
exception.address: 0x7333ea0c
registers.esp: 1177360
registers.edi: 0
registers.eax: 0
registers.ebp: 1177360
registers.edx: 4
registers.ebx: 0
registers.esi: 65932
registers.ecx: 65932
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 10 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgent+0xc Create_HP_TcpServerListener-0x14 hpsocket4c+0xea0c
exception.address: 0x7333ea0c
registers.esp: 2685124
registers.edi: 0
registers.eax: 8192
registers.ebp: 2685124
registers.edx: 4
registers.ebx: 0
registers.esi: 65936
registers.ecx: 65936
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 10 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgent+0xc Create_HP_TcpServerListener-0x14 hpsocket4c+0xea0c
exception.address: 0x7333ea0c
registers.esp: 784968
registers.edi: 0
registers.eax: 0
registers.ebp: 784968
registers.edx: 4
registers.ebx: 0
registers.esi: 65940
registers.ecx: 65940
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 10 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgent+0xc Create_HP_TcpServerListener-0x14 hpsocket4c+0xea0c
exception.address: 0x7333ea0c
registers.esp: 1047904
registers.edi: 0
registers.eax: 0
registers.ebp: 1047904
registers.edx: 4
registers.ebx: 0
registers.esi: 65944
registers.ecx: 65944
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x0
registers.esp: 1046400
registers.edi: 0
registers.eax: 65536
registers.ebp: 1046408
registers.edx: 0
registers.ebx: 0
registers.esi: 65958
registers.ecx: 65958
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x0
registers.esp: 1833208
registers.edi: 0
registers.eax: 65536
registers.ebp: 1833216
registers.edx: 0
registers.ebx: 0
registers.esi: 65966
registers.ecx: 65966
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x20
registers.esp: 2815604
registers.edi: 0
registers.eax: 786432
registers.ebp: 2815612
registers.edx: 32
registers.ebx: 0
registers.esi: 65974
registers.ecx: 65974
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 10 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgent+0xc Create_HP_TcpServerListener-0x14 hpsocket4c+0xea0c
exception.address: 0x7333ea0c
registers.esp: 1243940
registers.edi: 0
registers.eax: 0
registers.ebp: 1243940
registers.edx: 4
registers.ebx: 0
registers.esi: 65984
registers.ecx: 65984
1 0 0

__exception__

 stacktrace: 
RtlpNtEnumerateSubKey+0x2a2b isupper-0x4e2b ntdll+0xcf559 @ 0x76fdf559
RtlpNtEnumerateSubKey+0x2b0b isupper-0x4d4b ntdll+0xcf639 @ 0x76fdf639
RtlUlonglongByteSwap+0xba5 RtlFreeOemString-0x20d35 ntdll+0x7df95 @ 0x76f8df95
HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd
HP_SSL_RemoveThreadLocalState+0xdf524 hpsocket4c+0x112444 @ 0x73442444
Destroy_HP_SocketTaskObj+0x27 HP_ThreadPool_Start-0x9 hpsocket4c+0x11937 @ 0x73341937
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: eb 12 8b 45 ec 8b 08 8b 09 50 51 e8 6f ff ff ff
exception.symbol: RtlpNtEnumerateSubKey+0x1b25 isupper-0x5d31 ntdll+0xce653
exception.instruction: jmp 0x76fde667
exception.module: ntdll.dll
exception.exception_code: 0xc0000374
exception.offset: 845395
exception.address: 0x76fde653
registers.esp: 2291280
registers.edi: 66022
registers.eax: 2291296
registers.ebp: 2291400
registers.edx: 0
registers.ebx: 0
registers.esi: 32636928
registers.ecx: 2147483647
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 10 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_HttpAgent+0xc Create_HP_TcpServerListener-0x14 hpsocket4c+0xea0c
exception.address: 0x7333ea0c
registers.esp: 718388
registers.edi: 0
registers.eax: 0
registers.ebp: 718388
registers.edx: 4
registers.ebx: 0
registers.esi: 66034
registers.ecx: 66034
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 50 14 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax + 0x14]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_TcpAgentListener+0xc HP_Set_FN_Agent_OnPrepareConnect-0x14 hpsocket4c+0xec2c
exception.address: 0x7333ec2c
registers.esp: 3144992
registers.edi: 0
registers.eax: 1042
registers.ebp: 3144992
registers.edx: 4
registers.ebx: 0
registers.esi: 131584
registers.ecx: 131584
1 0 0

__exception__

 stacktrace: 
rundll32+0x137d @ 0x1d137d
rundll32+0x1326 @ 0x1d1326
rundll32+0x1901 @ 0x1d1901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 50 14 6a 01 ff d2 5d c2 04 00 cc cc cc cc cc
exception.instruction: mov edx, dword ptr [eax + 0x14]
exception.exception_code: 0xc0000005
exception.symbol: Destroy_HP_TcpAgentListener+0xc HP_Set_FN_Agent_OnPrepareConnect-0x14 hpsocket4c+0xec2c
exception.address: 0x7333ec2c
registers.esp: 980944
registers.edi: 0
registers.eax: 0
registers.ebp: 980944
registers.edx: 4
registers.ebx: 0
registers.esi: 66598
registers.ecx: 66598
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7345f000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bf1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75bf1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x764b1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73660000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x735e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73551000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732f4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x735e2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bd1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7345f000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bf1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75bf1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x764b1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73660000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x735e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73551000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732f4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x735e2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2728
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bd1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2644
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7345f000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2644
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bf1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2644
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75bf1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2644
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x764b1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2644
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73660000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2644
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x735e1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2644
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73551000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2644
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732f4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2644
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x735e2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2644
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bb1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7345f000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bf1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75bf1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x764b1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73660000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73571000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72e04000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73572000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bd1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7345f000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bf1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x75bf1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x764b1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73660000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73571000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x732a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72e04000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73572000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2920
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73bd1000
process_handle: 0xffffffff
1 0 0
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x001ac0a0 size 0x000002dc
host 185.39.17.70
Bkav W32.AIDetectMalware
Skyhigh BehavesLike.Win32.Infected.th
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win32/Packed.FlyStudio_AGen.AG potentially unwanted
Avast Win32:Malware-gen
Alibaba Trojan:Win32/Generic.cfee0137
Rising Trojan.Agent!8.B1E (TFE:5:quIQS5beG2O)
McAfeeD ti!1B81D5E63F9D
Sophos Mal/Generic-S
Webroot W32.Adware.Gen
Google Detected
Antiy-AVL Trojan/Win32.Agent
AhnLab-V3 Malware/Win32.RL_Generic.R299471
McAfee Artemis!5785700F701C
DeepInstinct MALICIOUS
Malwarebytes Ramnit.Virus.FileInfector.DDS
Ikarus Trojan.Win32.Agent
Yandex Trojan.GenAsa!SKQl05IfCYg
MaxSecure Trojan.Malware.219210455.susgen
Fortinet W32/Agent.TGJ!tr
AVG Win32:Malware-gen