SmartHawk

4.8

中危

24 个模型检测该样本为恶意！

重新分析

下载样本

a0b37905f726930358304e1f984cb4df6afd0b28dbd7dc1c6f147a5c26772563

7e8c05fc21aa70438468adf09bd40585.exe

分析耗时

131s

最近分析

文件大小

1.9MB

静态报毒动态报毒 ARTEMIS ATTRIBUTE BADFILE BN POTENTIALLY UNSAFE CLOUD GENERIC PUA PD HACKTOOL HIGHCONFIDENCE IGENERIC PATCHER PUWL R060C0PA719 SUSGEN TOOL UNDEFINED UNSAFE VIGRAM 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	Artemis!7E8C05FC21AA	20190602	6.0.6.653
Alibaba	HackTool:Win32/Patcher.ed5dca82	20190527	0.3.0.5
Baidu		20190318	1.0.0.2
Avast		20190602	18.4.3895.0
Tencent		20190603	1.0.0.1
Kingsoft		20190603	2013.8.14.323
CrowdStrike		20190212	1.0

Checks if process is being debugged by a debugger (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620952982.77425 IsDebuggerPresent		failed	0	0
1620952991.81975 IsDebuggerPresent		failed	0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620952983.18025 GlobalMemoryStatusEx		success	1	0

The executable uses a known packer (1 个事件)

packer

Armadillo v1.71

One or more processes crashed (50 out of 1489 个事件)

Time & API	Arguments	Status
1620952997.31975 __exception__	stacktrace: SetAppCompatData+0x45be ddraw+0x46764 @ 0x746e6764 SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x103a51 @ 0x503a51 registers.esp: 1635560 registers.edi: 0 registers.eax: 1636036 registers.ebp: 1635852 registers.edx: 1635848 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.31975 __exception__	stacktrace: SetAppCompatData+0x45be ddraw+0x46764 @ 0x746e6764 SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x103a51 @ 0x503a51 registers.esp: 1635336 registers.edi: 0 registers.eax: 1635812 registers.ebp: 1635628 registers.edx: 1635624 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.31975 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1635480 registers.edi: 0 registers.eax: 1635956 registers.ebp: 1635772 registers.edx: 1635768 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.50775 __exception__	stacktrace: SetAppCompatData+0x45be ddraw+0x46764 @ 0x746e6764 SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x103a51 @ 0x503a51 registers.esp: 1636340 registers.edi: 0 registers.eax: 1636816 registers.ebp: 1636632 registers.edx: 1636628 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.50775 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.52375 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.53875 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.53875 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.55475 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.56975 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.58575 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.61675 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.63275 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.63275 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.66375 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.67975 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.67975 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.71075 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.72675 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.74175 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.75775 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.78875 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.78875 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.80475 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.81975 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.83575 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.85175 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.88275 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.88275 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.94475 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.96075 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.96075 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952997.99175 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.00775 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.02375 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.03875 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.03875 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.08575 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.10175 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.11675 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.11675 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.14875 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.17975 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.17975 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.19475 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.22675 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.24175 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.25775 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.27375 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success
1620952998.28875 __exception__	stacktrace: SetAppCompatData+0x48a5 ddraw+0x46a4b @ 0x746e6a4b SetAppCompatData+0x4d93 ddraw+0x46f39 @ 0x746e6f39 SetAppCompatData+0xbb42 ddraw+0x4dce8 @ 0x746edce8 gens32+0x10f656 @ 0x50f656 registers.esp: 1636484 registers.edi: 0 registers.eax: 1636960 registers.ebp: 1636776 registers.edx: 1636772 registers.ebx: 0 registers.esi: 0 registers.ecx: 0 exception.instruction_r: 8b 0e 8b 01 68 9c f2 1d 74 56 ff d0 85 c0 0f 88 exception.instruction: mov ecx, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: OpenAdapter+0x3aef RTMemAllocZTag-0x163f1 vboxdispd3d-x86+0x4d0f exception.address: 0x74194d0f	success

Checks whether any human activity is being performed by constantly checking whether the foreground window changed

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (2 个事件)

Time & API	Arguments	Status	Return	Repeated
1620952983.46125 GetDiskFreeSpaceExW	root_path: C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy free_bytes_available: 19608850432 total_number_of_free_bytes: 0 total_number_of_bytes: 0	success	1	0
1620952990.63275 GetDiskFreeSpaceW	root_path: C:\ sectors_per_cluster: 8 number_of_free_clusters: 4770001 total_number_of_clusters: 8362495 bytes_per_sector: 512	success	1	0

Creates executable files on the filesystem (10 个事件)

file	C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy\Tools\BrmTools\Brm Tools.exe
file	C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy\Tools\Mouse Drivers\T2 the Arcade Game\Src\Mouse DriverBuilder.exe
file	C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy\Tools\Media Player\Kiyo\Kiyo.exe
file	C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy\kailleraclient.dll
file	C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy\Tools\Mouse Drivers\General Chaos\Mouse DriverBuilder.exe
file	C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy\Tools\Mp3 Play List\Mp3 Play List.exe
file	C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy\Gens32.exe
file	C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy\Tools\GenSuite\GenSuite.exe
file	C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy\Tools\MDD Editor\MDD Editor.exe
file	C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy\jugar.cmd

A process created a hidden window (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620952988.13325 ShellExecuteExW	parameters: filepath: C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy\jugar.cmd filepath_r: C:\Users\Administrator.Oskar-PC\Documents\ClasicosBasicos\Partidas Guardadas\Dick Tracy\jugar.cmd show_type: 0	success	1	0

The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)

entropy

7.059146667930016

section

{'size_of_data': '0x00010000', 'virtual_address': '0x0001a000', 'entropy': 7.059146667930016, 'name': '.rsrc', 'virtual_size': '0x0000ffe4'}

description

A section with a high entropy has been found

entropy

0.43389830508474575

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (1 个事件)

host

172.217.24.14

Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 368 resumed a thread in remote process 2064
1620952997.164125 NtResumeThread	thread_handle: 0x00000084 suspend_count: 0 process_identifier: 2064	success	0	0

File has been identified by 24 AntiVirus engines on VirusTotal as malicious (24 个事件)

K7AntiVirus	Hacktool ( 004b4ed71 )
CAT-QuickHeal	Trojan.IGENERIC
McAfee	Artemis!7E8C05FC21AA
Cylance	Unsafe
SUPERAntiSpyware	Trojan.Agent/Gen-Patcher
Alibaba	HackTool:Win32/Patcher.ed5dca82
K7GW	Hacktool ( 004b4ed71 )
F-Prot	W32/HackTool.DPB
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/HackTool.Patcher.BN potentially unsafe
Paloalto	generic.ml
AegisLab	Trojan.Win32.Generic.4!c
DrWeb	Tool.Patcher.116
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	BehavesLike.Win32.BadFile.tc
Sophos	Generic PUA PD (PUA)
Ikarus	Trojan.Win32.Spy
Cyren	W32/Tool.PUWL-7862
Microsoft	Program:Win32/Vigram.A
TrendMicro-HouseCall	TROJ_GEN.R060C0PA719
Rising	Malware.Undefined!8.C (CLOUD)
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	W32/Generic.BN!tr
Cybereason	malicious.7ada22

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2010-06-27 15:06:38

Imports

Library COMCTL32.dll:

• 0x413000

Library KERNEL32.dll:

• 0x413038 GetFileAttributesW

• 0x41303c CreateDirectoryW

• 0x413040 WriteFile

• 0x413044 GetStdHandle

• 0x413048 VirtualFree

• 0x41304c GetModuleHandleW

• 0x413050 GetProcAddress

• 0x413054 LoadLibraryA

• 0x413058 LockResource

• 0x41305c LoadResource

• 0x413060 SizeofResource

• 0x413064 FindResourceExA

• 0x413068 MulDiv

• 0x41306c GlobalFree

• 0x413070 GlobalAlloc

• 0x413074 lstrcmpiA

• 0x413078 GetSystemDefaultLCID

• 0x41307c GetSystemDefaultUILanguage

• 0x413080 GetUserDefaultUILanguage

• 0x413084 MultiByteToWideChar

• 0x413088 GetLocaleInfoW

• 0x41308c lstrlenA

• 0x413090 lstrcmpiW

• 0x413094 GetEnvironmentVariableW

• 0x413098 lstrcmpW

• 0x41309c GlobalMemoryStatusEx

• 0x4130a0 VirtualAlloc

• 0x4130a4 WideCharToMultiByte

• 0x4130a8 ExpandEnvironmentStringsW

• 0x4130ac RemoveDirectoryW

• 0x4130b0 FindClose

• 0x4130b4 FindNextFileW

• 0x4130b8 DeleteFileW

• 0x4130bc FindFirstFileW

• 0x4130c0 SetThreadLocale

• 0x4130c4 GetLocalTime

• 0x4130c8 GetSystemTimeAsFileTime

• 0x4130cc lstrlenW

• 0x4130d0 GetTempPathW

• 0x4130d4 SetEnvironmentVariableW

• 0x4130d8 CloseHandle

• 0x4130dc CreateFileW

• 0x4130e0 GetDriveTypeW

• 0x4130e4 SetCurrentDirectoryW

• 0x4130e8 GetModuleFileNameW

• 0x4130ec GetCommandLineW

• 0x4130f0 GetVersionExW

• 0x4130f4 CreateEventW

• 0x4130f8 SetEvent

• 0x4130fc ResetEvent

• 0x413100 InitializeCriticalSection

• 0x413104 TerminateThread

• 0x413108 ResumeThread

• 0x41310c SuspendThread

• 0x413110 IsBadReadPtr

• 0x413114 LocalFree

• 0x413118 lstrcpyW

• 0x41311c FormatMessageW

• 0x413120 GetSystemDirectoryW

• 0x413124 DeleteCriticalSection

• 0x413128 GetFileSize

• 0x41312c SetFilePointer

• 0x413130 ReadFile

• 0x413134 SetFileTime

• 0x413138 SetEndOfFile

• 0x41313c EnterCriticalSection

• 0x413140 LeaveCriticalSection

• 0x413144 WaitForMultipleObjects

• 0x413148 GetModuleHandleA

• 0x41314c SystemTimeToFileTime

• 0x413150 GetLastError

• 0x413154 CreateThread

• 0x413158 WaitForSingleObject

• 0x41315c GetExitCodeThread

• 0x413160 Sleep

• 0x413164 SetLastError

• 0x413168 SetFileAttributesW

• 0x41316c GetDiskFreeSpaceExW

• 0x413170 lstrcatW

• 0x413174 ExitProcess

• 0x413178 CompareFileTime

• 0x41317c GetStartupInfoA

Library USER32.dll:

• 0x413234 CharUpperW

• 0x413238 EndDialog

• 0x41323c DestroyWindow

• 0x413240 KillTimer

• 0x413244 ReleaseDC

• 0x413248 DispatchMessageW

• 0x41324c GetMessageW

• 0x413250 SetTimer

• 0x413254 CreateWindowExW

• 0x413258 ScreenToClient

• 0x41325c GetWindowRect

• 0x413260 wsprintfW

• 0x413264 GetParent

• 0x413268 GetSystemMenu

• 0x41326c EnableMenuItem

• 0x413270 EnableWindow

• 0x413274 MessageBeep

• 0x413278 LoadIconW

• 0x41327c LoadImageW

• 0x413280 wvsprintfW

• 0x413284 IsWindow

• 0x413288 DefWindowProcW

• 0x41328c CallWindowProcW

• 0x413290 DrawIconEx

• 0x413294 DialogBoxIndirectParamW

• 0x413298 GetWindow

• 0x41329c ClientToScreen

• 0x4132a0 GetDC

• 0x4132a4 DrawTextW

• 0x4132a8 ShowWindow

• 0x4132ac SystemParametersInfoW

• 0x4132b0 SetFocus

• 0x4132b4 SetWindowLongW

• 0x4132b8 GetSystemMetrics

• 0x4132bc GetClientRect

• 0x4132c0 GetDlgItem

• 0x4132c4 GetKeyState

• 0x4132c8 MessageBoxA

• 0x4132cc wsprintfA

• 0x4132d0 SetWindowTextW

• 0x4132d4 GetSysColor

• 0x4132d8 GetWindowTextLengthW

• 0x4132dc GetWindowTextW

• 0x4132e0 GetClassNameA

• 0x4132e4 GetWindowLongW

• 0x4132e8 GetMenu

• 0x4132ec SetWindowPos

• 0x4132f0 CopyImage

• 0x4132f4 SendMessageW

• 0x4132f8 GetWindowDC

Library GDI32.dll:

• 0x413008 GetCurrentObject

• 0x41300c StretchBlt

• 0x413010 SetStretchBltMode

• 0x413014 CreateCompatibleBitmap

• 0x413018 SelectObject

• 0x41301c CreateCompatibleDC

• 0x413020 GetObjectW

• 0x413024 GetDeviceCaps

• 0x413028 DeleteObject

• 0x41302c CreateFontIndirectW

• 0x413030 DeleteDC

Library SHELL32.dll:

• 0x413214 SHGetFileInfoW

• 0x413218 SHBrowseForFolderW

• 0x41321c SHGetPathFromIDListW

• 0x413220 SHGetMalloc

• 0x413224 ShellExecuteExW

• 0x413228 SHGetSpecialFolderPathW

• 0x41322c ShellExecuteW

Library ole32.dll:

• 0x413300 CoInitialize

• 0x413304 CreateStreamOnHGlobal

• 0x413308 CoCreateInstance

Library OLEAUT32.dll:

• 0x413204 VariantClear

• 0x413208 OleLoadPicture

• 0x41320c SysAllocString

Library MSVCRT.dll:

• 0x413184 __set_app_type

• 0x413188 __p__fmode

• 0x41318c __p__commode

• 0x413190 _adjust_fdiv

• 0x413194 __setusermatherr

• 0x413198 _initterm

• 0x41319c __getmainargs

• 0x4131a0 _acmdln

• 0x4131a4 exit

• 0x4131a8 _XcptFilter

• 0x4131ac _exit

• 0x4131b0 ??1type_info@@UAE@XZ

• 0x4131b4 _onexit

• 0x4131b8 __dllonexit

• 0x4131bc _CxxThrowException

• 0x4131c0 _beginthreadex

• 0x4131c4 _EH_prolog

• 0x4131c8 memset

• 0x4131cc _wcsnicmp

• 0x4131d0 strncmp

• 0x4131d4 malloc

• 0x4131d8 memmove

• 0x4131dc _wtol

• 0x4131e0 memcpy

• 0x4131e4 free

• 0x4131e8 memcmp

• 0x4131ec _purecall

• 0x4131f0 ??2@YAPAXI@Z

• 0x4131f4 ??3@YAXPAX@Z

• 0x4131f8 _except_handler3

• 0x4131fc _controlfp

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	49235	114.114.114.114	53
192.168.56.101	50534	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	58367	114.114.114.114	53
192.168.56.101	65004	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	55368	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	49236	239.255.255.250	3702
192.168.56.101	56807	239.255.255.250	1900
192.168.56.101	58368	239.255.255.250	3702
192.168.56.101	58707	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.