Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 28, 2025, 10:12 a.m.	April 28, 2025, 10:20 a.m.

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`79cc14b6c431d56af69f1aa815a8e5b7`
SHA256	`e6be3d4dd97f9d653dcb0ece3ca622ccde3a2a214ca95e02f4279dc79da0925f`
CRC32	`6253086F`
ssdeep	`49152:RwW9fAeuco0R2zBqvuUV9RFs0y3g2AxFWSkIM:RwqRqcvuus7gZx+`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 28, 2025, 10:12 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	nycjzfqa
section	ezzmawpf
section	.taggant

One or more processes crashed (50 out of 117 events)

Time & API	Arguments	Status
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: random+0x3070b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3174585 exception.address: 0x13a70b9 registers.esp: 1768624 registers.edi: 0 registers.eax: 1 registers.ebp: 1768640 registers.edx: 22306816 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 e9 3a 01 00 00 56 81 34 24 exception.symbol: random+0x60352 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 394066 exception.address: 0x1100352 registers.esp: 1768588 registers.edi: 1968898280 registers.eax: 27956 registers.ebp: 4007845908 registers.edx: 17432576 registers.ebx: 17476722 registers.esi: 3 registers.ecx: 17825380	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 31 db 68 41 ff d3 69 89 2c 24 c7 04 24 c8 1c exception.symbol: random+0x6003b exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 393275 exception.address: 0x110003b registers.esp: 1768592 registers.edi: 1968898280 registers.eax: 27956 registers.ebp: 4007845908 registers.edx: 17432576 registers.ebx: 17476722 registers.esi: 3 registers.ecx: 17853336	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 51 e9 08 fc ff ff 8b 3c 24 83 c4 04 87 0c 24 exception.symbol: random+0x606ac exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 394924 exception.address: 0x11006ac registers.esp: 1768592 registers.edi: 1968898280 registers.eax: 2395747688 registers.ebp: 4007845908 registers.edx: 17432576 registers.ebx: 4294942216 registers.esi: 3 registers.ecx: 17853336	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 50 b8 cd c5 d5 57 89 c2 58 4a 50 b8 e0 93 cd exception.symbol: random+0x610e8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 397544 exception.address: 0x11010e8 registers.esp: 1768592 registers.edi: 1968898280 registers.eax: 235753 registers.ebp: 4007845908 registers.edx: 17854972 registers.ebx: 4294943308 registers.esi: 3 registers.ecx: 17853336	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 53 53 c7 04 24 5f 56 b7 73 5b f7 d3 81 c3 06 exception.symbol: random+0x1e8077 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1998967 exception.address: 0x1288077 registers.esp: 1768592 registers.edi: 4294940752 registers.eax: 19460857 registers.ebp: 4007845908 registers.edx: 2345 registers.ebx: 372736 registers.esi: 19430998 registers.ecx: 1480109672	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 50 57 e9 e4 02 00 00 89 2c 24 51 e9 19 03 00 exception.symbol: random+0x1ee8c7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2025671 exception.address: 0x128e8c7 registers.esp: 1768592 registers.edi: 0 registers.eax: 26040 registers.ebp: 4007845908 registers.edx: 5570676 registers.ebx: 19452482 registers.esi: 1936382694 registers.ecx: 19483016	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 57 c7 04 24 00 88 cd 3c 5a 57 c7 04 24 67 92 exception.symbol: random+0x1eea83 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2026115 exception.address: 0x128ea83 registers.esp: 1768592 registers.edi: 0 registers.eax: 26040 registers.ebp: 4007845908 registers.edx: 134889 registers.ebx: 4294944084 registers.esi: 1936382694 registers.ecx: 19483016	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 50 e9 0d 00 00 00 f7 dd 52 ba 31 1b 7f 77 e9 exception.symbol: random+0x1f55bd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2053565 exception.address: 0x12955bd registers.esp: 1768592 registers.edi: 0 registers.eax: 19488714 registers.ebp: 4007845908 registers.edx: 1491024485 registers.ebx: 1017432430 registers.esi: 1114345 registers.ecx: 1969148396	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 e9 e8 e7 ff ff 83 bd 95 exception.symbol: random+0x1fc598 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2082200 exception.address: 0x129c598 registers.esp: 1768584 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 4007845908 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 19492878 registers.ecx: 20	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x1f745c exception.address: 0x129745c exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 2061404 registers.esp: 1768584 registers.edi: 0 registers.eax: 1 registers.ebp: 4007845908 registers.edx: 22104 registers.ebx: 0 registers.esi: 19492878 registers.ecx: 20	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 ad 37 2d 12 01 exception.symbol: random+0x1fc658 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2082392 exception.address: 0x129c658 registers.esp: 1768584 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 4007845908 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 19492878 registers.ecx: 10	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: cd 01 eb 00 0f 8c 01 00 00 00 f9 64 8f 05 00 00 exception.symbol: random+0x1ff8de exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 2095326 exception.address: 0x129f8de registers.esp: 1768552 registers.edi: 0 registers.eax: 1768552 registers.ebp: 4007845908 registers.edx: 2130530267 registers.ebx: 19528188 registers.esi: 19527879 registers.ecx: 1413485339	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 52 54 e9 5a 07 00 00 89 e6 81 c6 04 00 00 00 exception.symbol: random+0x200244 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2097732 exception.address: 0x12a0244 registers.esp: 1768588 registers.edi: 0 registers.eax: 25744 registers.ebp: 4007845908 registers.edx: 19529552 registers.ebx: 38460749 registers.esi: 1165064274 registers.ecx: 647443418	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 56 52 ba 9c 2e fd 55 be 78 66 2d 23 01 d6 5a exception.symbol: random+0x2001b8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2097592 exception.address: 0x12a01b8 registers.esp: 1768592 registers.edi: 0 registers.eax: 25744 registers.ebp: 4007845908 registers.edx: 19555296 registers.ebx: 38460749 registers.esi: 1165064274 registers.ecx: 647443418	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 52 89 2c 24 56 c7 04 24 94 38 18 6c 89 04 24 exception.symbol: random+0x200561 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2098529 exception.address: 0x12a0561 registers.esp: 1768592 registers.edi: 0 registers.eax: 2283 registers.ebp: 4007845908 registers.edx: 19532700 registers.ebx: 0 registers.esi: 1165064274 registers.ecx: 647443418	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 56 c7 04 24 3e 7c 67 12 89 04 24 b8 02 7a fb exception.symbol: random+0x207627 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2127399 exception.address: 0x12a7627 registers.esp: 1768588 registers.edi: 19558630 registers.eax: 26262 registers.ebp: 4007845908 registers.edx: 654654 registers.ebx: 0 registers.esi: 1165064274 registers.ecx: 19528604	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 51 89 3c 24 e9 8c 00 00 00 01 e8 05 38 ff ed exception.symbol: random+0x20766c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2127468 exception.address: 0x12a766c registers.esp: 1768592 registers.edi: 19584892 registers.eax: 26262 registers.ebp: 4007845908 registers.edx: 654654 registers.ebx: 0 registers.esi: 478762832 registers.ecx: 4294943904	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb e9 a5 f7 ff ff 81 c3 00 6c db 67 29 d3 81 eb exception.symbol: random+0x2110cd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2166989 exception.address: 0x12b10cd registers.esp: 1768592 registers.edi: 322689 registers.eax: 0 registers.ebp: 4007845908 registers.edx: 19600000 registers.ebx: 38460971 registers.esi: 1968968720 registers.ecx: 6	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 50 89 3c 24 89 04 24 e9 4f 01 00 00 81 c5 04 exception.symbol: random+0x21318d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2175373 exception.address: 0x12b318d registers.esp: 1768592 registers.edi: 322689 registers.eax: 31762 registers.ebp: 4007845908 registers.edx: 19600000 registers.ebx: 1899637452 registers.esi: 19637795 registers.ecx: 6	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 51 89 e1 81 c1 04 00 00 00 50 e9 7d 02 00 00 exception.symbol: random+0x212cf3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2174195 exception.address: 0x12b2cf3 registers.esp: 1768592 registers.edi: 262633 registers.eax: 31762 registers.ebp: 4007845908 registers.edx: 19600000 registers.ebx: 1899637452 registers.esi: 19609371 registers.ecx: 0	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 50 55 51 b9 b5 a1 ea 6d 81 c9 e4 b2 bb 77 81 exception.symbol: random+0x218690 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2197136 exception.address: 0x12b8690 registers.esp: 1768580 registers.edi: 4008108541 registers.eax: 27295 registers.ebp: 4007845908 registers.edx: 19600000 registers.ebx: 19627129 registers.esi: 19872004 registers.ecx: 39222570	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 53 51 e9 c6 ff ff ff 81 04 24 32 5a 39 6e 81 exception.symbol: random+0x217f22 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2195234 exception.address: 0x12b7f22 registers.esp: 1768584 registers.edi: 4008108541 registers.eax: 27295 registers.ebp: 4007845908 registers.edx: 19600000 registers.ebx: 19654424 registers.esi: 4294943016 registers.ecx: 605325648	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 83 9d 64 7b e9 91 04 00 00 05 85 exception.symbol: random+0x226ef0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2256624 exception.address: 0x12c6ef0 registers.esp: 1768584 registers.edi: 19678313 registers.eax: 26046 registers.ebp: 4007845908 registers.edx: 604292947 registers.ebx: 0 registers.esi: 19690899 registers.ecx: 2098586880	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 53 bb b0 9d 66 3e 81 c3 5c 38 90 3d 01 d8 ff exception.symbol: random+0x23ea18 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2353688 exception.address: 0x12dea18 registers.esp: 1768548 registers.edi: 720125956 registers.eax: 19784310 registers.ebp: 4007845908 registers.edx: 2130566132 registers.ebx: 737008375 registers.esi: 4029187559 registers.ecx: 2150348523	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 68 e1 c9 29 1c 89 34 24 e9 1b 02 00 00 ff 74 exception.symbol: random+0x23e593 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2352531 exception.address: 0x12de593 registers.esp: 1768552 registers.edi: 720125956 registers.eax: 19787106 registers.ebp: 4007845908 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 1774081618 registers.ecx: 2150348523	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 81 ef 47 1c fc 6f 81 c7 e5 4d 31 7e 03 3c 24 exception.symbol: random+0x23fb54 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2358100 exception.address: 0x12dfb54 registers.esp: 1768548 registers.edi: 19787470 registers.eax: 29289 registers.ebp: 4007845908 registers.edx: 489360373 registers.ebx: 1646528196 registers.esi: 1774081618 registers.ecx: 2150348523	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb e9 79 f6 ff ff 52 c7 04 24 11 c0 23 33 89 0c exception.symbol: random+0x23f8e4 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2357476 exception.address: 0x12df8e4 registers.esp: 1768552 registers.edi: 19816759 registers.eax: 29289 registers.ebp: 4007845908 registers.edx: 489360373 registers.ebx: 1646528196 registers.esi: 1774081618 registers.ecx: 2150348523	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb ba b1 ff bf 3f 68 d9 98 b2 14 89 1c 24 e9 35 exception.symbol: random+0x23f092 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2355346 exception.address: 0x12df092 registers.esp: 1768552 registers.edi: 19791135 registers.eax: 0 registers.ebp: 4007845908 registers.edx: 489360373 registers.ebx: 1646528196 registers.esi: 1774081618 registers.ecx: 1375758944	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 05 eb 73 fb 2f 68 04 a0 88 16 89 3c 24 68 2a exception.symbol: random+0x240a47 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2361927 exception.address: 0x12e0a47 registers.esp: 1768548 registers.edi: 19791135 registers.eax: 19793046 registers.ebp: 4007845908 registers.edx: 699975147 registers.ebx: 1117708385 registers.esi: 1774081618 registers.ecx: 1375758944	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 68 ce 3a d4 6c 89 3c 24 83 ec 04 89 1c 24 c7 exception.symbol: random+0x240d42 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2362690 exception.address: 0x12e0d42 registers.esp: 1768552 registers.edi: 498403680 registers.eax: 19796078 registers.ebp: 4007845908 registers.edx: 699975147 registers.ebx: 0 registers.esi: 1774081618 registers.ecx: 1375758944	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb e9 5e fe ff ff 89 0c 24 89 e1 81 c1 04 00 00 exception.symbol: random+0x241cd1 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2366673 exception.address: 0x12e1cd1 registers.esp: 1768548 registers.edi: 19796847 registers.eax: 29817 registers.ebp: 4007845908 registers.edx: 19797623 registers.ebx: 17831101 registers.esi: 19796107 registers.ecx: 0	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb e9 8f 04 00 00 89 3c 24 bf 1a c7 83 7e 01 f8 exception.symbol: random+0x241b55 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2366293 exception.address: 0x12e1b55 registers.esp: 1768552 registers.edi: 2590381160 registers.eax: 0 registers.ebp: 4007845908 registers.edx: 19800704 registers.ebx: 17831101 registers.esi: 19796107 registers.ecx: 0	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 55 bd 2e 2d 6f 7f c1 e5 05 56 50 b8 ae c7 f3 exception.symbol: random+0x247651 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2389585 exception.address: 0x12e7651 registers.esp: 1768548 registers.edi: 19822067 registers.eax: 29560 registers.ebp: 4007845908 registers.edx: 0 registers.ebx: 65786 registers.esi: 19796107 registers.ecx: 1971716238	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb e9 94 01 00 00 29 c8 2d fa 01 fd 7f 59 81 c3 exception.symbol: random+0x247b2d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2390829 exception.address: 0x12e7b2d registers.esp: 1768552 registers.edi: 19851627 registers.eax: 29560 registers.ebp: 4007845908 registers.edx: 0 registers.ebx: 65786 registers.esi: 19796107 registers.ecx: 1971716238	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb e9 ed fa ff ff 55 e9 92 fd ff ff 31 0c 24 33 exception.symbol: random+0x247b18 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2390808 exception.address: 0x12e7b18 registers.esp: 1768552 registers.edi: 19851627 registers.eax: 29560 registers.ebp: 4007845908 registers.edx: 0 registers.ebx: 604292944 registers.esi: 19796107 registers.ecx: 4294940944	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 68 e2 12 0c 3a e9 e3 03 00 00 81 ee bf 04 47 exception.symbol: random+0x24847e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2393214 exception.address: 0x12e847e registers.esp: 1768548 registers.edi: 19851627 registers.eax: 27767 registers.ebp: 4007845908 registers.edx: 1842360946 registers.ebx: 1167319881 registers.esi: 19796107 registers.ecx: 19825639	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 57 55 bd 35 f0 5f 26 89 6c 24 04 5d ff 34 24 exception.symbol: random+0x24897f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2394495 exception.address: 0x12e897f registers.esp: 1768552 registers.edi: 19851627 registers.eax: 3783872850 registers.ebp: 4007845908 registers.edx: 1842360946 registers.ebx: 1167319881 registers.esi: 4294942400 registers.ecx: 19853406	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 04 24 e9 6c f8 ff ff 5e exception.symbol: random+0x249c57 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2399319 exception.address: 0x12e9c57 registers.esp: 1768552 registers.edi: 19858526 registers.eax: 29572 registers.ebp: 4007845908 registers.edx: 1842360946 registers.ebx: 1167319881 registers.esi: 4294942400 registers.ecx: 1367350157	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 52 89 1c 24 e9 4f 02 00 00 ff 0c 24 c1 24 24 exception.symbol: random+0x249240 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2396736 exception.address: 0x12e9240 registers.esp: 1768552 registers.edi: 19858526 registers.eax: 29572 registers.ebp: 4007845908 registers.edx: 4294940776 registers.ebx: 1167319881 registers.esi: 81129 registers.ecx: 1367350157	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb e9 e3 01 00 00 05 13 58 9e 6a e9 02 07 00 00 exception.symbol: random+0x254e07 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2444807 exception.address: 0x12f4e07 registers.esp: 1768548 registers.edi: 19856797 registers.eax: 19876542 registers.ebp: 4007845908 registers.edx: 2130566132 registers.ebx: 1971716070 registers.esi: 19837250 registers.ecx: 0	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb bb d2 35 7d 7f 50 51 b9 86 6d 93 7c 81 e1 d8 exception.symbol: random+0x2550b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2445497 exception.address: 0x12f50b9 registers.esp: 1768552 registers.edi: 19856797 registers.eax: 19902362 registers.ebp: 4007845908 registers.edx: 2130566132 registers.ebx: 1971716070 registers.esi: 19837250 registers.ecx: 0	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb b8 a8 c0 7f 51 c1 e8 04 e9 73 fe ff ff 52 89 exception.symbol: random+0x25563c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2446908 exception.address: 0x12f563c registers.esp: 1768552 registers.edi: 19856797 registers.eax: 19879494 registers.ebp: 4007845908 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 1474464082 registers.ecx: 0	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 81 c1 76 d2 66 77 81 e9 b9 d5 f7 37 81 c1 b9 exception.symbol: random+0x258694 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2459284 exception.address: 0x12f8694 registers.esp: 1768548 registers.edi: 19856797 registers.eax: 28997 registers.ebp: 4007845908 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 1474464082 registers.ecx: 19891040	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 c7 04 24 d2 56 ca exception.symbol: random+0x258960 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2460000 exception.address: 0x12f8960 registers.esp: 1768552 registers.edi: 19856797 registers.eax: 28997 registers.ebp: 4007845908 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 1474464082 registers.ecx: 19920037	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 52 89 04 24 c7 04 24 3e 2b ff 7d 81 34 24 00 exception.symbol: random+0x258e92 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2461330 exception.address: 0x12f8e92 registers.esp: 1768552 registers.edi: 19856797 registers.eax: 28997 registers.ebp: 4007845908 registers.edx: 4294941308 registers.ebx: 1356892496 registers.esi: 1474464082 registers.ecx: 19920037	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 56 68 ce 5e ce 1c 89 0c 24 b9 2d 28 ff 7f e9 exception.symbol: random+0x26b892 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2537618 exception.address: 0x130b892 registers.esp: 1768548 registers.edi: 19958104 registers.eax: 19969038 registers.ebp: 4007845908 registers.edx: 2130566132 registers.ebx: 19925523 registers.esi: 19925519 registers.ecx: 2098528256	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 68 9d 85 f9 02 e9 dc fb ff ff 68 91 f8 c7 5d exception.symbol: random+0x26bd09 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2538761 exception.address: 0x130bd09 registers.esp: 1768552 registers.edi: 4294940220 registers.eax: 19998666 registers.ebp: 4007845908 registers.edx: 2130566132 registers.ebx: 19925523 registers.esi: 388393832 registers.ecx: 2098528256	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb 51 56 89 2c 24 bd 48 d8 7f 5d 89 6c 24 04 5d exception.symbol: random+0x26c48d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2540685 exception.address: 0x130c48d registers.esp: 1768552 registers.edi: 4294940220 registers.eax: 29665 registers.ebp: 4007845908 registers.edx: 1550444865 registers.ebx: 19925523 registers.esi: 388393832 registers.ecx: 20001654	1
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: fb e9 68 fd ff ff 5c 81 ec 04 00 00 00 89 3c 24 exception.symbol: random+0x26ca43 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2542147 exception.address: 0x130ca43 registers.esp: 1768552 registers.edi: 4294940220 registers.eax: 2298801283 registers.ebp: 4007845908 registers.edx: 1550444865 registers.ebx: 0 registers.esi: 388393832 registers.ecx: 19974930	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76faf000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 180224 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010a1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00de0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00f90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 28, 2025, 10:12 a.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00fe0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x0002bc00', u'virtual_address': u'0x00001000', u'entropy': 7.985392527822575, u'name': u' \\x00 ', u'virtual_size': u'0x0005b000'}

entropy

7.98539252782

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0019dc00', u'virtual_address': u'0x00307000', u'entropy': 7.95308073155377, u'name': u'nycjzfqa', u'virtual_size': u'0x0019e000'}

entropy

7.95308073155

description

A section with a high entropy has been found

entropy

0.993755090958

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA April 28, 2025, 10:12 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA April 28, 2025, 10:12 a.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 28, 2025, 10:12 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 e9 e8 e7 ff ff 83 bd 95 exception.symbol: random+0x1fc598 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2082200 exception.address: 0x129c598 registers.esp: 1768584 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 4007845908 registers.edx: 22104 registers.ebx: 1969033397 registers.esi: 19492878 registers.ecx: 20	1	0	0

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Generic.tc
ALYac	Gen:Variant.Symmi.93663
Cylance	Unsafe
VIPRE	Gen:Variant.Symmi.93663
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
BitDefender	Gen:Variant.Symmi.93663
Arcabit	Trojan.Symmi.D16DDF
Symantec	Trojan.Sox5systemz!g2
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HVY
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	HEUR:Trojan-PSW.Win32.Stealerc.gen
MicroWorld-eScan	Gen:Variant.Symmi.93663
Rising	Trojan.Agent!1.12B48 (CLASSIC)
Emsisoft	Gen:Variant.Symmi.93663 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
McAfeeD	Real Protect-LS!79CC14B6C431
Trapmine	malicious.high.ml.score
CTX	exe.unknown.symmi
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
Google	Detected
Avira	TR/Crypt.XPACK.Gen
Kingsoft	malware.kb.b.991
Gridinsoft	Trojan.Heur!.038120A1
Microsoft	Trojan:Win32/Caynamer.A!ml
GData	Gen:Variant.Symmi.93663
Varist	W32/Themida.CT.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R692053
DeepInstinct	MALICIOUS
VBA32	BScope.TrojanPSW.Lumma
Malwarebytes	Trojan.Amadey
Ikarus	Trojan.Win32.LummaStealer
Zoner	Probably Heur.ExeHeaderL
TrendMicro-HouseCall	Trojan.Win32.VSX.PE04C9Z
Tencent	Win32.Trojan-QQPass.QQRob.Ssmw
huorong	HEUR:TrojanSpy/Stealer.ay
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Themida.HZB!tr
AVG	Win32:Evo-gen [Trj]

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All