Analysis

Category Package Started Completed Duration Log
STATIC 2020-09-15 08:54:06 2020-09-15 08:54:06 0 seconds Show Log

    

File Details

File Name messageboxa.exe
File Size 28672 bytes
File Type PE32 executable (console) Intel 80386, for MS Windows
PE timestamp 2020-09-10 11:18:58
MD5 44510fbdfe2053fbf87058348ad28bf9
SHA1 735015c085a449cd007008dbf8829a10ec4bb3c2
SHA256 b2af64201b2d646010d51bd11bf525b09af87f48c1205640fae4dad0afcffee7
SHA512 62eb82119c7a57ae48abd8c276ff21cab0b514caeb091c385a0e87a5fc335d3634745345794e98b9908e63e2f6a33486b6caa58f8c81eecc6bc3c8a9a998ac6b
CRC32 84A5AA66
Ssdeep 384:a2x9bPOroGYPT688R8kOERZJXPIwUb3SXw1d3VDBRzQo:a2TbAZc8KmX7U2Xw1dFDBV
Download Download ZIP Resubmit sample

Signatures

No signatures


Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

BinGraph Download graph

2020-09-15T08:54:10.549883 image/svg+xml Matplotlib v3.3.0, https://matplotlib.org/ Nothing to display.
!This program cannot be run in DOS mode.
-N$`[
-x$p[
$k#A$g[
-y$j[
-H$c[
-O$c[
$Richb[
.textbss
.text
`.rdata
@.data
.idata
.rsrc
@.reloc
PRSVW
_^[ZX
QSVW3
3_[^]
QhduA
RWhx\A
Ph \A
Qh|^A
$Rhp^A
~ Wh`^A
QVVVR
RhtaA
R VVV
t4h0bA
this is 2
1.txt
this is 1
title
Unknown Runtime Check Error
Stack memory around _alloca was corrupted
A local variable was used before it was initialized
Stack memory was corrupted
A cast to a smaller data type has caused a loss of data. If this was intentional, you should mask the source of the cast with the appropriate bitmask. For example:
char c = (i & 0xFF);
Changing the code in this way will not affect the quality of the resulting optimized code.
The value of ESP was not properly saved across a function call. This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
Stack around the variable '
' was corrupted.
The variable '
' is being used without being initialized.
Run-Time Check Failure #%d - %s
Unknown Module Name
Unknown Filename
Stack corrupted near unknown variable
Stack area around _alloca memory reserved by this function is corrupted
%s%s%s%s
%s%s%p%s%ld%s%d%s
Stack area around _alloca memory reserved by this function is corrupted
Address: 0x
Size:
Allocation number within this function:
Data: <
wsprintfA
%.2X
A variable is being used without being initialized.
Stack around _alloca corrupted
Local variable used before initialization
Stack memory corruption
Cast to smaller type causing loss of data
Stack pointer corruption
PDBOpenValidate5
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RSDSmr
C:\Pindemonium\messageboxa\Debug\messageboxa.pdb
DeleteFileA
KERNEL32.dll
MessageBoxA
USER32.dll
_CRT_RTC_INITW
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
__initenv
_CrtSetCheckCount
_CrtDbgReportW
_initterm
_initterm_e
MSVCR100D.dll
_controlfp_s
_invoke_watson
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
EncodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
HeapSetInformation
WideCharToMultiByte
IsDebuggerPresent
MultiByteToWideChar
RaiseException
lstrlenA
GetProcAddress
LoadLibraryW
SetUnhandledExceptionFilter
DecodePointer
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
FreeLibrary
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
344:4B6U6
7V7c7h7m7s7y7~7
8(8S8Y8~8
9'9=9C9I9Q9i9q9z9
<;=[=
>H?M?_?
0'0r0
0\1h1
2%232b2
3l3w3
3 4%4
5)5/555Q5a5h5
7(7-7?7S7Z7m7
7v8|8
9]9h9
;(;H<N<T<v<{<
<@=I=V=`=h=m=t=
0'0A0F0L0\0z0
3#3+333?3H3M3S3]3g3s3
4 4&4,42484>4D4J4P4V4\4b4h4n4t4z4
5d;h;l;p;t;x;
6(9D;H;d;h;
f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c
__native_startup_state == __initialized
Run-Time Check Failure #%d - %s
Runtime Check Error.
Unable to display RTC Message.
user32.dll
_controlfp_s(((void *)0), 0x00010000, 0x00030000)
_setdefaultprecision
f:\dd\vctools\crt_bld\self_x86\crt\src\intel\fp8.c
MSPDB100.DLL
EnvironmentDirectory
SOFTWARE\Microsoft\VisualStudio\10.0\Setup\VS
ADVAPI32.DLL
No antivirus signatures available.
Sorry! No behavior.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Processing ( 0.757 seconds )

  • 0.595 CAPE
  • 0.144 AnalysisInfo
  • 0.009 TargetInfo
  • 0.006 Debug
  • 0.002 Strings
  • 0.001 BehaviorAnalysis

Signatures ( 0.05800000000000001 seconds )

  • 0.011 ransomware_files
  • 0.008 ransomware_extensions
  • 0.006 antiav_detectreg
  • 0.004 antiav_detectfile
  • 0.003 persistence_autorun
  • 0.003 antianalysis_detectfile
  • 0.003 infostealer_ftp
  • 0.003 territorial_disputes_sigs
  • 0.002 geodo_banking_trojan
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 bot_drive
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 azorult_mutexes
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name
  • 0.001 revil_mutexes

Reporting ( 1.533 seconds )

  • 1.533 BinGraph