What is VestCert.exe?
VestCert.exe is part of VestCert and developed by Yettiesoft according to the VestCert.exe version information.
VestCert.exe's description is "VestCert"
VestCert.exe is digitally signed by yettiesoft co., Ltd..
VestCert.exe is usually located in the 'C:\Program Files (x86)\VestCert\' folder.
None of the anti-virus scanners at VirusTotal reports anything malicious about VestCert.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on VestCert.exe:
| Property | Value |
|---|---|
| Product name | VestCert |
| Company name | Yettiesoft |
| File description | VestCert |
| Internal name | TokenManager.rc |
| Original filename | TokenManager.rc |
| Legal copyright | Copyright (C) 2014 |
| Product version | 2.1.8.2697 |
| File version | 2.1.8.2697 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | VestCert |
| Company name | Yettiesoft |
| File description | VestCert |
| Internal name | TokenManager.rc |
| Original filename | TokenManager.rc |
| Legal copyright | Copyright (C) 2014 |
| Product version | 2.1.8.2697 |
| File version | 2.1.8.2697 |
Digital signatures [?]
VestCert.exe has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | yettiesoft co., Ltd. |
| Certificate issuer name | COMODO RSA Code Signing CA |
| Certificate serial number | 00dfc7fbef66af49c99100bc6a92c6176c |
VirusTotal report
None of the 69 anti-virus programs at VirusTotal detected the VestCert.exe file.
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"dll_loaded": [
"NTDLL",
"SGBase.dll",
"SHELL32.dll",
"winmm.dll",
"KERNEL32.dll",
"GDI32.dll",
"Shell32.dll",
"kernel32.dll",
"COMDLG32.dll",
"ADVAPI32.dll",
"NTDLL.dll",
"USER32.dll"
],
"file_failed": [
"\\??\\NTICE",
"\\??\\SICE",
"\\??\\SIWVID"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000",
"HKEY_LOCAL_MACHINE\\Hardware\\description\\System",
"HKEY_CURRENT_USER\\Software\\Wine",
"HKEY_LOCAL_MACHINE\\HARDWARE\\ACPI\\DSDT\\VBOX__",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"
],
"file_opened": [
"C:\\Windows\\System32\\ntdll.dll",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"file_read": [
"C:\\Windows\\System32\\ntdll.dll"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\VideoBiosVersion",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDesc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US"
]
}Generic
[
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"process_name": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"pid": 2816,
"summary": {
"dll_loaded": [
"NTDLL",
"SGBase.dll",
"SHELL32.dll",
"winmm.dll",
"KERNEL32.dll",
"GDI32.dll",
"Shell32.dll",
"kernel32.dll",
"COMDLG32.dll",
"ADVAPI32.dll",
"NTDLL.dll",
"USER32.dll"
],
"file_failed": [
"\\??\\NTICE",
"\\??\\SICE",
"\\??\\SIWVID"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000",
"HKEY_LOCAL_MACHINE\\Hardware\\description\\System",
"HKEY_CURRENT_USER\\Software\\Wine",
"HKEY_LOCAL_MACHINE\\HARDWARE\\ACPI\\DSDT\\VBOX__",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"
],
"file_opened": [
"C:\\Windows\\System32\\ntdll.dll",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"file_read": [
"C:\\Windows\\System32\\ntdll.dll"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\VideoBiosVersion",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDesc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US"
]
},
"first_seen": 1573127586.84375,
"ppid": 2016
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1573127586.515625,
"ppid": 376
}
]Signatures
[
{
"markcount": 1,
"families": [],
"description": "Checks if process is being debugged by a debugger",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573127587.34375,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5366
}
],
"references": [],
"name": "checks_debugger"
},
{
"markcount": 5,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": " \\x00 ",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": ".idata ",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": " ",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": "ywidgwxm",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": "qycljjvq",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 57,
"families": [],
"description": "One or more processes crashed",
"severity": 1,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "R\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n6\n3\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\na\n1\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\nd\n2\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\nd\n2\n\n\nR\nt\nl\nI\nn\ni\nt\ni\na\nl\ni\nz\ne\nE\nx\nc\ne\np\nt\ni\no\nn\nC\nh\na\ni\nn\n+\n0\nx\n3\n6\n \nR\nt\nl\nA\nl\nl\no\nc\na\nt\ne\nA\nc\nt\ni\nv\na\nt\ni\no\nn\nC\no\nn\nt\ne\nx\nt\nS\nt\na\nc\nk\n-\n0\nx\nc\ne\n \nn\nt\nd\nl\nl\n+\n0\nx\n3\n9\ne\na\n5\n \n@\n \n0\nx\n7\n7\nb\nc\n9\ne\na\n5",
"registers": {
"esp": 4061748,
"edi": 0,
"eax": 1,
"ebp": 4061764,
"edx": 18612224,
"ebx": 2130567168,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc",
"symbol": "ShowMessage+0x334e79 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x3400b9",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 3408057,
"address": "0x10000b9"
}
},
"time": 1573127586.96875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 0
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061716,
"edi": 1975189736,
"eax": 29759,
"ebp": 4028977172,
"edx": 13369344,
"ebx": 14312376,
"esi": 3,
"ecx": 14344702
},
"exception": {
"instruction_r": "fb 68 57 5c 00 00 89 2c 24 57 89 14 24 ba 00 00",
"symbol": "ShowMessage+0xdc2df 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0xe751f",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 947487,
"address": "0xda751f"
}
},
"time": 1573127586.96875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 1
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061716,
"edi": 1975189736,
"eax": 29759,
"ebp": 4028977172,
"edx": 4294940268,
"ebx": 14312376,
"esi": 227561,
"ecx": 14344702
},
"exception": {
"instruction_r": "fb 55 53 83 ec 04 89 04 24 b8 c0 77 79 12 40 e9",
"symbol": "ShowMessage+0xdbc12 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0xe6e52",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 945746,
"address": "0xda6e52"
}
},
"time": 1573127586.96875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 2
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061712,
"edi": 1975189736,
"eax": 29368,
"ebp": 4028977172,
"edx": 4294940268,
"ebx": 14312376,
"esi": 227561,
"ecx": 14318967
},
"exception": {
"instruction_r": "fb 57 50 b8 d3 0c ac 30 bf 17 19 4f 72 31 c7 58",
"symbol": "ShowMessage+0xdcbab 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0xe7deb",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 949739,
"address": "0xda7deb"
}
},
"time": 1573127586.96875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 3
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061716,
"edi": 1975189736,
"eax": 29368,
"ebp": 4028977172,
"edx": 4294940268,
"ebx": 14312376,
"esi": 227561,
"ecx": 14348335
},
"exception": {
"instruction_r": "fb 50 68 08 25 31 18 58 e9 56 00 00 00 81 c5 0e",
"symbol": "ShowMessage+0xdcc87 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0xe7ec7",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 949959,
"address": "0xda7ec7"
}
},
"time": 1573127586.96875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 4
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061716,
"edi": 4294941284,
"eax": 1259,
"ebp": 4028977172,
"edx": 4294940268,
"ebx": 14312376,
"esi": 227561,
"ecx": 14348335
},
"exception": {
"instruction_r": "fb e9 b5 00 00 00 56 be f6 25 84 56 81 ee 42 3d",
"symbol": "ShowMessage+0xdceab 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0xe80eb",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 950507,
"address": "0xda80eb"
}
},
"time": 1573127586.96875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061712,
"edi": 14351028,
"eax": 15663334,
"ebp": 4028977172,
"edx": 14312397,
"ebx": 512000,
"esi": 15662749,
"ecx": 3354263552
},
"exception": {
"instruction_r": "fb e9 5c 02 00 00 f7 d2 e9 4e 04 00 00 51 89 e1",
"symbol": "ShowMessage+0x224ebe 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x2300fe",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2294014,
"address": "0xef00fe"
}
},
"time": 1573127586.96875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 8
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061716,
"edi": 14351028,
"eax": 15690853,
"ebp": 4028977172,
"edx": 14312397,
"ebx": 512000,
"esi": 15662749,
"ecx": 3354263552
},
"exception": {
"instruction_r": "fb 31 ff e9 00 00 00 00 ff 34 38 e9 b1 fb ff ff",
"symbol": "ShowMessage+0x2258e1 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x230b21",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2296609,
"address": "0xef0b21"
}
},
"time": 1573127586.96875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 9
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061716,
"edi": 4294942408,
"eax": 15690853,
"ebp": 4028977172,
"edx": 14312397,
"ebx": 512000,
"esi": 15662749,
"ecx": 27113
},
"exception": {
"instruction_r": "fb 68 91 05 00 00 89 14 24 ba d3 3a e9 4b b8 00",
"symbol": "ShowMessage+0x22509d 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x2302dd",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2294493,
"address": "0xef02dd"
}
},
"time": 1573127586.96875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 10
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061716,
"edi": 0,
"eax": 30955,
"ebp": 4028977172,
"edx": 15714819,
"ebx": 15680147,
"esi": 0,
"ecx": 2616276873
},
"exception": {
"instruction_r": "fb 68 f9 1b 00 00 ff 34 24 8b 34 24 68 77 20 00",
"symbol": "ShowMessage+0x22a15b 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x23539b",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2315163,
"address": "0xef539b"
}
},
"time": 1573127586.96875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061716,
"edi": 0,
"eax": 30955,
"ebp": 4028977172,
"edx": 15686175,
"ebx": 15680147,
"esi": 0,
"ecx": 134889
},
"exception": {
"instruction_r": "fb 68 30 57 00 00 e9 93 ff ff ff 5f 52 89 0c 24",
"symbol": "ShowMessage+0x22a662 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x2358a2",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2316450,
"address": "0xef58a2"
}
},
"time": 1573127586.98475,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 18
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061716,
"edi": 15737307,
"eax": 30490,
"ebp": 4028977172,
"edx": 4063612,
"ebx": 1975313201,
"esi": 1114345,
"ecx": 4294939772
},
"exception": {
"instruction_r": "fb 68 6f 25 00 00 89 34 24 68 6c 39 60 2a 8b 34",
"symbol": "ShowMessage+0x2302fe 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x23b53e",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2340158,
"address": "0xefb53e"
}
},
"time": 1573127586.98475,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 19
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061708,
"edi": 15737307,
"eax": 1447909480,
"ebp": 4028977172,
"edx": 22104,
"ebx": 1975324853,
"esi": 15713947,
"ecx": 20
},
"exception": {
"instruction_r": "ed 64 8f 05 00 00 00 00 51 e9 00 00 00 00 54 8b",
"symbol": "ShowMessage+0x235192 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x2403d2",
"instruction": "in eax, dx",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2360274,
"address": "0xf003d2"
}
},
"time": 1573127586.98475,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 24
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061708,
"edi": 15737307,
"eax": 1,
"ebp": 4028977172,
"edx": 22104,
"ebx": 0,
"esi": 15713947,
"ecx": 20
},
"exception": {
"instruction_r": "0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb",
"symbol": "ShowMessage+0x234ef6 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x240136",
"address": "0xf00136",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc000001d",
"offset": 2359606
}
},
"time": 1573127586.98475,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 25
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061708,
"edi": 15737307,
"eax": 1447909480,
"ebp": 4028977172,
"edx": 22104,
"ebx": 2256917605,
"esi": 15713947,
"ecx": 10
},
"exception": {
"instruction_r": "ed 81 fb 68 58 4d 56 75 0a c7 85 b3 29 b5 10 01",
"symbol": "ShowMessage+0x23483b 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x23fa7b",
"instruction": "in eax, dx",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2357883,
"address": "0xeffa7b"
}
},
"time": 1573127586.98475,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 26
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 0,
"eax": 4061676,
"ebp": 4028977172,
"edx": 2130569944,
"ebx": 15741109,
"esi": 141941748,
"ecx": 12079089
},
"exception": {
"instruction_r": "cd 01 eb 00 e9 09 00 00 00 16 5a d3 c0 c0 f2 c2",
"symbol": "ShowMessage+0x237d98 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x242fd8",
"instruction": "int 1",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000005",
"offset": 2371544,
"address": "0xf02fd8"
}
},
"time": 1573127587.14075,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 2538
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061716,
"edi": 4294938920,
"eax": 30964,
"ebp": 4028977172,
"edx": 15739602,
"ebx": 2283,
"esi": 15781071,
"ecx": 15772629
},
"exception": {
"instruction_r": "fb 56 89 14 24 89 e2 51 b9 04 00 00 00 57 bf 9b",
"symbol": "ShowMessage+0x238886 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x243ac6",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2374342,
"address": "0xf03ac6"
}
},
"time": 1573127587.14075,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 2539
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061712,
"edi": 15758163,
"eax": 31511,
"ebp": 4028977172,
"edx": 654654,
"ebx": 2283,
"esi": 15781071,
"ecx": 15739628
},
"exception": {
"instruction_r": "fb 52 ba 56 68 85 0a 81 f2 21 73 18 39 e9 95 00",
"symbol": "ShowMessage+0x23c6ae 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x2478ee",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2390254,
"address": "0xf078ee"
}
},
"time": 1573127587.14075,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 2540
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061716,
"edi": 15789674,
"eax": 31511,
"ebp": 4028977172,
"edx": 654654,
"ebx": 2283,
"esi": 15781071,
"ecx": 15739628
},
"exception": {
"instruction_r": "fb 68 33 1c 00 00 ff 34 24 ff 34 24 e9 00 00 00",
"symbol": "ShowMessage+0x23c6ef 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x24792f",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2390319,
"address": "0xf0792f"
}
},
"time": 1573127587.14075,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 2541
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061716,
"edi": 15760798,
"eax": 0,
"ebp": 4028977172,
"edx": 68841,
"ebx": 2283,
"esi": 15781071,
"ecx": 15739628
},
"exception": {
"instruction_r": "fb 52 51 55 bd ed 19 b5 31 81 f5 08 51 6c 0a 56",
"symbol": "ShowMessage+0x23cb26 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x247d66",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2391398,
"address": "0xf07d66"
}
},
"time": 1573127587.14075,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 2542
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061704,
"edi": 14308250,
"eax": 30471,
"ebp": 4028977172,
"edx": 6,
"ebx": 12097409,
"esi": 1975260176,
"ecx": 15800467
},
"exception": {
"instruction_r": "fb e9 02 02 00 00 56 89 e6 81 c6 04 00 00 00 e9",
"symbol": "ShowMessage+0x246cdc 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x251f1c",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2432796,
"address": "0xf11f1c"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5218
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061708,
"edi": 0,
"eax": 30471,
"ebp": 4028977172,
"edx": 6,
"ebx": 12097409,
"esi": 54761,
"ecx": 15803330
},
"exception": {
"instruction_r": "fb 57 bf 5c 6c 3c 6b e9 89 01 00 00 b9 0e 5d 3e",
"symbol": "ShowMessage+0x246d97 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x251fd7",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2432983,
"address": "0xf11fd7"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5219
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061704,
"edi": 0,
"eax": 32276,
"ebp": 4028977172,
"edx": 2130566132,
"ebx": 15829873,
"esi": 13,
"ecx": 3354263552
},
"exception": {
"instruction_r": "fb 68 c2 5d 00 00 89 34 24 52 ba 1d 05 e3 41 53",
"symbol": "ShowMessage+0x24df5c 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x25919c",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2462108,
"address": "0xf1919c"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5231
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061708,
"edi": 0,
"eax": 32276,
"ebp": 4028977172,
"edx": 2130566132,
"ebx": 15862149,
"esi": 13,
"ecx": 3354263552
},
"exception": {
"instruction_r": "fb 51 68 90 3f 77 01 ff 34 24 59 51 89 e1 81 c1",
"symbol": "ShowMessage+0x24df12 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x259152",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2462034,
"address": "0xf19152"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5232
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061708,
"edi": 1055721,
"eax": 32276,
"ebp": 4028977172,
"edx": 0,
"ebx": 15832757,
"esi": 13,
"ecx": 3354263552
},
"exception": {
"instruction_r": "fb e9 a5 02 00 00 01 d5 5a 29 dd 51 e9 36 00 00",
"symbol": "ShowMessage+0x24dfa9 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x2591e9",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2462185,
"address": "0xf191e9"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5233
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061704,
"edi": 1055721,
"eax": 28745,
"ebp": 4028977172,
"edx": 15837499,
"ebx": 1242089944,
"esi": 13,
"ecx": 0
},
"exception": {
"instruction_r": "fb 68 73 0e 00 00 89 0c 24 89 2c 24 e9 84 00 00",
"symbol": "ShowMessage+0x24fad7 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x25ad17",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2469143,
"address": "0xf1ad17"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5234
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061708,
"edi": 1055721,
"eax": 28745,
"ebp": 4028977172,
"edx": 15866244,
"ebx": 1242089944,
"esi": 13,
"ecx": 0
},
"exception": {
"instruction_r": "fb e9 a4 00 00 00 68 7e 0c 00 00 89 3c 24 bf c4",
"symbol": "ShowMessage+0x24f740 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x25a980",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2468224,
"address": "0xf1a980"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5235
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061708,
"edi": 0,
"eax": 28745,
"ebp": 4028977172,
"edx": 15840072,
"ebx": 1242089944,
"esi": 13,
"ecx": 59625
},
"exception": {
"instruction_r": "fb e9 00 00 00 00 b9 58 4f 0c 27 e9 69 f9 ff ff",
"symbol": "ShowMessage+0x24fff6 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x25b236",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2470454,
"address": "0xf1b236"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5236
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061708,
"edi": 14318203,
"eax": 30694,
"ebp": 4028977172,
"edx": 31355,
"ebx": 15876858,
"esi": 543868091,
"ecx": 15918476
},
"exception": {
"instruction_r": "fb e9 ff 05 00 00 89 eb 5d 81 c3 22 78 7c 59 43",
"symbol": "ShowMessage+0x25bbd4 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x266e14",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2518548,
"address": "0xf26e14"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5252
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061708,
"edi": 1392536160,
"eax": 0,
"ebp": 4028977172,
"edx": 31355,
"ebx": 15876858,
"esi": 543868091,
"ecx": 15890504
},
"exception": {
"instruction_r": "fb 68 b7 77 00 00 89 0c 24 89 1c 24 50 68 3c 31",
"symbol": "ShowMessage+0x25bc54 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x266e94",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2518676,
"address": "0xf26e94"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5253
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 6,
"eax": 26454,
"ebp": 4028977172,
"edx": 15988740,
"ebx": 32766,
"esi": 15958459,
"ecx": 3354263552
},
"exception": {
"instruction_r": "fb e9 51 02 00 00 54 8b 04 24 57 89 34 24 e9 26",
"symbol": "ShowMessage+0x26df99 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x2791d9",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2593241,
"address": "0xf391d9"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5271
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 6,
"eax": 43608146,
"ebp": 4028977172,
"edx": 15988740,
"ebx": 32766,
"esi": 15958459,
"ecx": 4294943992
},
"exception": {
"instruction_r": "fb e9 ea 00 00 00 ff 34 24 5b e9 07 00 00 00 01",
"symbol": "ShowMessage+0x26e791 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x2799d1",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2595281,
"address": "0xf399d1"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5272
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 6,
"eax": 4294944460,
"ebp": 4028977172,
"edx": 15991329,
"ebx": 871230757,
"esi": 1342204512,
"ecx": 1415564479
},
"exception": {
"instruction_r": "fb 68 c3 94 70 75 ff 34 24 5a e9 81 01 00 00 ff",
"symbol": "ShowMessage+0x26f0be 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x27a2fe",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2597630,
"address": "0xf3a2fe"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5273
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 16003006,
"eax": 31892,
"ebp": 4028977172,
"edx": 1970337626,
"ebx": 778866244,
"esi": 1975259640,
"ecx": 0
},
"exception": {
"instruction_r": "fb 51 89 e1 81 c1 04 00 00 00 81 e9 04 00 00 00",
"symbol": "ShowMessage+0x270ab0 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x27bcf0",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2604272,
"address": "0xf3bcf0"
}
},
"time": 1573127587.31275,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5274
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 16003006,
"eax": 4294938672,
"ebp": 4028977172,
"edx": 1970337626,
"ebx": 778866244,
"esi": 44777,
"ecx": 0
},
"exception": {
"instruction_r": "fb 52 e9 f2 fd ff ff 01 d0 5a 2d eb 55 60 5a c1",
"symbol": "ShowMessage+0x270c90 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x27bed0",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2604752,
"address": "0xf3bed0"
}
},
"time": 1573127587.32875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5275
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061672,
"edi": 16003006,
"eax": 27044,
"ebp": 4028977172,
"edx": 1971255291,
"ebx": 594491108,
"esi": 15975073,
"ecx": 0
},
"exception": {
"instruction_r": "fb 68 02 06 00 00 89 0c 24 b9 78 78 91 12 81 ee",
"symbol": "ShowMessage+0x271580 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x27c7c0",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2607040,
"address": "0xf3c7c0"
}
},
"time": 1573127587.32875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5276
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 0,
"eax": 32233,
"ebp": 4028977172,
"edx": 1971255291,
"ebx": 594491108,
"esi": 15977985,
"ecx": 0
},
"exception": {
"instruction_r": "fb e9 e2 fb ff ff 81 c7 bf 6a 46 69 e9 6f f8 ff",
"symbol": "ShowMessage+0x271961 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x27cba1",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2608033,
"address": "0xf3cba1"
}
},
"time": 1573127587.32875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5277
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 0,
"eax": 32686,
"ebp": 4028977172,
"edx": 0,
"ebx": 16020146,
"esi": 15977985,
"ecx": 1983578254
},
"exception": {
"instruction_r": "fb e9 d3 00 00 00 83 c6 04 87 34 24 5c 50 53 e9",
"symbol": "ShowMessage+0x274188 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x27f3c8",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2618312,
"address": "0xf3f3c8"
}
},
"time": 1573127587.32875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5279
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 0,
"eax": 0,
"ebp": 4028977172,
"edx": 24811,
"ebx": 15990354,
"esi": 15977985,
"ecx": 1983578254
},
"exception": {
"instruction_r": "fb 68 ae 26 00 00 89 3c 24 e9 bb 01 00 00 89 24",
"symbol": "ShowMessage+0x2743e4 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x27f624",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2618916,
"address": "0xf3f624"
}
},
"time": 1573127587.32875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5280
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061672,
"edi": 0,
"eax": 31835,
"ebp": 4028977172,
"edx": 15997109,
"ebx": 1853961867,
"esi": 15977985,
"ecx": 1620179841
},
"exception": {
"instruction_r": "fb 81 ea f2 61 9e 0e e9 14 00 00 00 55 bd f9 11",
"symbol": "ShowMessage+0x276f00 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x282140",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2629952,
"address": "0xf42140"
}
},
"time": 1573127587.32875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5281
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 0,
"eax": 31835,
"ebp": 4028977172,
"edx": 16028944,
"ebx": 1853961867,
"esi": 15977985,
"ecx": 1620179841
},
"exception": {
"instruction_r": "fb 68 5f 1c 00 00 ff 34 24 8b 34 24 e9 14 00 00",
"symbol": "ShowMessage+0x27704b 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x28228b",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2630283,
"address": "0xf4228b"
}
},
"time": 1573127587.32875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5282
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 0,
"eax": 31835,
"ebp": 4028977172,
"edx": 15999892,
"ebx": 1853961867,
"esi": 0,
"ecx": 157417
},
"exception": {
"instruction_r": "fb 57 51 b9 59 15 be 01 f7 d1 81 c1 a8 32 e7 1e",
"symbol": "ShowMessage+0x276e24 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x282064",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2629732,
"address": "0xf42064"
}
},
"time": 1573127587.32875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5283
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 0,
"eax": 32191,
"ebp": 4028977172,
"edx": 16033150,
"ebx": 717187479,
"esi": 0,
"ecx": 1370626057
},
"exception": {
"instruction_r": "fb 31 db ff 34 13 ff 34 24 8b 0c 24 81 ec 04 00",
"symbol": "ShowMessage+0x277a83 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x282cc3",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2632899,
"address": "0xf42cc3"
}
},
"time": 1573127587.32875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5284
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 0,
"eax": 32191,
"ebp": 4028977172,
"edx": 16033150,
"ebx": 4294938056,
"esi": 0,
"ecx": 4083295979
},
"exception": {
"instruction_r": "fb e9 5d ff ff ff 57 31 2c 24 33 2c 24 31 2c 24",
"symbol": "ShowMessage+0x277fce 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x28320e",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2634254,
"address": "0xf4320e"
}
},
"time": 1573127587.32875,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5285
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061672,
"edi": 16029638,
"eax": 29124,
"ebp": 4028977172,
"edx": 2286376,
"ebx": 16029606,
"esi": 16029602,
"ecx": 16045268
},
"exception": {
"instruction_r": "fb 81 c1 f5 03 61 3b 03 0c 24 51 89 14 24 53 bb",
"symbol": "ShowMessage+0x282a34 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x28dc74",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2677876,
"address": "0xf4dc74"
}
},
"time": 1573127587.34375,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5349
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 16029638,
"eax": 29124,
"ebp": 4028977172,
"edx": 2286376,
"ebx": 16029606,
"esi": 16029602,
"ecx": 16074392
},
"exception": {
"instruction_r": "fb 68 00 00 00 00 ff 34 24 ff 34 24 58 e9 66 00",
"symbol": "ShowMessage+0x28255f 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x28d79f",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2676639,
"address": "0xf4d79f"
}
},
"time": 1573127587.34375,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5350
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 5609,
"eax": 4294941528,
"ebp": 4028977172,
"edx": 2286376,
"ebx": 16029606,
"esi": 16029602,
"ecx": 16074392
},
"exception": {
"instruction_r": "fb bb dd 64 c5 1a e9 04 ff ff ff 5b f7 df 47 51",
"symbol": "ShowMessage+0x2828d2 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x28db12",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2677522,
"address": "0xf4db12"
}
},
"time": 1573127587.34375,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5351
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061672,
"edi": 5609,
"eax": 25753,
"ebp": 4028977172,
"edx": 16056349,
"ebx": 1048269100,
"esi": 16029602,
"ecx": 16074392
},
"exception": {
"instruction_r": "fb 68 55 61 00 00 89 34 24 be 98 08 a8 7c 29 f2",
"symbol": "ShowMessage+0x284ff0 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x290230",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2687536,
"address": "0xf50230"
}
},
"time": 1573127587.34375,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5352
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 5609,
"eax": 25753,
"ebp": 4028977172,
"edx": 16082102,
"ebx": 1048269100,
"esi": 16029602,
"ecx": 16074392
},
"exception": {
"instruction_r": "fb 55 51 e9 db 02 00 00 c1 e8 06 e9 48 fe ff ff",
"symbol": "ShowMessage+0x284fda 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x29021a",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2687514,
"address": "0xf5021a"
}
},
"time": 1573127587.34375,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5353
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061676,
"edi": 5609,
"eax": 25753,
"ebp": 4028977172,
"edx": 16082102,
"ebx": 92393,
"esi": 16029602,
"ecx": 4294944064
},
"exception": {
"instruction_r": "fb 68 c9 6b 00 00 89 2c 24 68 19 60 15 07 5d 68",
"symbol": "ShowMessage+0x28546d 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x2906ad",
"instruction": "sti",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2688685,
"address": "0xf506ad"
}
},
"time": 1573127587.34375,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5354
}
],
"references": [],
"name": "raises_exception"
},
{
"markcount": 2,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 8192,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x77c2f000"
},
"time": 1573127587.34375,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2816,
"type": "call",
"cid": 5374
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2816,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 8192,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x77ba0000"
},
"time": 1573127587.34375,
"tid": 2420,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2816,
"type": "call",
"cid": 5376
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 78,
"families": [],
"description": "Foreign language identified in PE resource",
"severity": 2,
"marks": [
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_ICON",
"language": "LANG_KOREAN",
"offset": "0x004fef64",
"filetype": "data",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000008a8"
},
{
"name": "RT_MENU",
"language": "LANG_KOREAN",
"offset": "0x000e0c74",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x00000024"
},
{
"name": "RT_MENU",
"language": "LANG_KOREAN",
"offset": "0x000e0c74",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x00000024"
},
{
"name": "RT_MENU",
"language": "LANG_KOREAN",
"offset": "0x000e0c74",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x00000024"
},
{
"name": "RT_MENU",
"language": "LANG_KOREAN",
"offset": "0x000e0c74",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x00000024"
},
{
"name": "RT_MENU",
"language": "LANG_KOREAN",
"offset": "0x000e0c74",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x00000024"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
},
{
"name": "RT_DIALOG",
"language": "LANG_KOREAN",
"offset": "0x000e29a4",
"filetype": "empty",
"sublanguage": "SUBLANG_KOREAN",
"type": "generic",
"size": "0x000000fc"
}
],
"references": [],
"name": "origin_langid"
},
{
"markcount": 4,
"families": [],
"description": "The binary likely contains encrypted or compressed data indicative of a packer",
"severity": 2,
"marks": [
{
"entropy": 7.9756058406482575,
"section": {
"size_of_data": "0x00035600",
"virtual_address": "0x00001000",
"entropy": 7.9756058406482575,
"name": " \\x00 ",
"virtual_size": "0x0007d000"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 7.511582900831912,
"section": {
"size_of_data": "0x00005c00",
"virtual_address": "0x0007e000",
"entropy": 7.511582900831912,
"name": ".rsrc",
"virtual_size": "0x000653e8"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 7.296977996491004,
"section": {
"size_of_data": "0x001c0000",
"virtual_address": "0x00340000",
"entropy": 7.296977996491004,
"name": "ywidgwxm",
"virtual_size": "0x001c0000"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 0.9992610837438424,
"type": "generic",
"description": "Overall entropy of this PE file is high"
}
],
"references": [
"http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html",
"http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
],
"name": "packer_entropy"
},
{
"markcount": 1,
"families": [],
"description": "Expresses interest in specific running processes",
"severity": 2,
"marks": [
{
"category": "process",
"ioc": "system",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "process_interest"
},
{
"markcount": 3,
"families": [],
"description": "Checks for the presence of known devices from debuggers and forensic tools",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "\\??\\SICE",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "\\??\\SIWVID",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "\\??\\NTICE",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antidbg_devices"
},
{
"markcount": 3,
"families": [],
"description": "Checks for the presence of known windows from debuggers and forensic tools",
"severity": 3,
"marks": [
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "OLLYDBG",
"window_name": ""
},
"time": 1573127587.34375,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5355
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "GBDYLLO",
"window_name": ""
},
"time": 1573127587.34375,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5356
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "pediy06",
"window_name": ""
},
"time": 1573127587.34375,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5357
}
],
"references": [],
"name": "antidbg_windows"
},
{
"markcount": 2,
"families": [],
"description": "Checks the version of Bios, possibly for anti-virtualization",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosVersion",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\VideoBiosVersion",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antivm_generic_bios"
},
{
"markcount": 1,
"families": [],
"description": "Detects VirtualBox through the presence of a registry key",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\HARDWARE\\ACPI\\DSDT\\VBOX__",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antivm_vbox_keys"
},
{
"markcount": 1,
"families": [],
"description": "Detects VMWare through the in instruction feature",
"severity": 3,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 4061708,
"edi": 15737307,
"eax": 1447909480,
"ebp": 4028977172,
"edx": 22104,
"ebx": 1975324853,
"esi": 15713947,
"ecx": 20
},
"exception": {
"instruction_r": "ed 64 8f 05 00 00 00 00 51 e9 00 00 00 00 54 8b",
"symbol": "ShowMessage+0x235192 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc+0x2403d2",
"instruction": "in eax, dx",
"module": "32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc.bin",
"exception_code": "0xc0000096",
"offset": 2360274,
"address": "0xf003d2"
}
},
"time": 1573127586.98475,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 24
}
],
"references": [],
"name": "antivm_vmware_in_instruction"
},
{
"markcount": 1,
"families": [],
"description": "Detects the presence of Wine emulator",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\Wine",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antiemu_wine"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 662,
"time": 6.2137131690979,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 4434,
"time": 6.149106025695801,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 4762,
"time": 4.157305955886841,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 5090,
"time": 6.156670093536377,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 5418,
"time": 4.781075954437256,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 5746,
"time": 3.0540850162506104,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 6074,
"time": 4.172834157943726,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 18910,
"time": 4.174407005310059,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 23102,
"time": 6.263195037841797,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "c449c236d562c50a16588c24352e0cceeb8a272c02eed38e74afbd2c3963a4e8",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "57b288c7be2df7c7d7ac22d578acf66bf398453258a77067a5b187977d3d958c",
"irc": [],
"https_ex": []
}Screenshots
Other files also named VestCert.exe
VestCert.exe (7 votes)
TCP/UDP Listening Ports [?]
VestCert.exe has been reported to listen on the following TCP/UDP ports.
| Port | Protocol | # Occurrences |
|---|---|---|
| 14461 | TCP v4 | 1 |
Hashes [?]
| Property | Value |
|---|---|
| MD5 | 0d11ea7b730731da7b3696b2063fb06e |
| SHA256 | 32cf8abcad0069d0bfaeb4376c88d6f6c44b636747a3200862552fce3a9489bc |
Error Messages
These are some of the error messages that can appear related to vestcert.exe:
vestcert.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
vestcert.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
VestCert has stopped working.
End Program - vestcert.exe. This program is not responding.
vestcert.exe is not a valid Win32 application.
vestcert.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with VestCert.exe?
To help other users, please let us know what you will do with VestCert.exe:
What did other users do?
The poll result listed below shows what users chose to do with VestCert.exe. 100% have voted for removal. Based on votes from 1 user.
| Votes | |||
|---|---|---|---|
| Keep | 0 % | 0 | |
| Remove | 100 % | 1 |
NOTE: Please do not use this poll as the only source of input to determine what you will do with VestCert.exe. Only 1 user has voted so far so it does not offer a high degree of confidence.
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.