popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

svchost.exe

  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 April 13, 2021, 4:12 p.m. April 13, 2021, 4:24 p.m.
Size 330.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 10a6ee4d2adc0ebf2c35aa538c391622
SHA256 6a3dbe59e320ddf283fdf1177f3345bba999e7b55e5c2fdb1eab9e2247b97eb3
CRC32 3131AEF5
ssdeep 6144:MMoLbMrySpdoKlkHK4VaAr02Uyaf2WAqa+bU2zC6CnFtnPE:MMo3rAoKyHK4VaW09y1WAqg2SFZPE
Yara
  • PE_Header_Zero - PE File Signature Zero
  • OS_Processor_Check_Zero - OS Processor Check Signature Zero
  • win_files_operation - Affect private profile
  • IsPE32 - (no description)
  • IsWindowsGUI - (no description)
  • IsPacked - Entropy Check
  • HasOverlay - Overlay Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .xuzo
section .ziw
section .new
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 4656
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 131072
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x002dc000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 4656
region_size: 167936
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02200000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00045000', u'virtual_address': u'0x00001000', u'entropy': 7.536900763754327, u'name': u'.text', u'virtual_size': u'0x00044e7f'} entropy 7.53690076375 description A section with a high entropy has been found
entropy 0.838905775076 description Overall entropy of this PE file is high
host 172.217.25.14
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
FireEye Generic.mg.10a6ee4d2adc0ebf
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0056f9be1 )
K7GW Trojan ( 0056f9be1 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta Gen:NN.ZexaF.34670.uCX@aa1Nr3fG
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HKJX
APEX Malicious
Kaspersky UDS:Trojan.Multi.GenericML.xnet
Sophos ML/PE-A
McAfee-GW-Edition BehavesLike.Win32.Trojan.fc
Emsisoft Trojan.Agent (A)
Microsoft Trojan:Win32/Caynamer.A!ml
Cynet Malicious (score: 100)
Acronis suspicious
McAfee Artemis!10A6EE4D2ADC
Cylance Unsafe
Rising Trojan.Generic@ML.80 (RDML:o083kWm92yXdRVsLEQlJKg)
SentinelOne Static AI - Malicious PE
Fortinet W32/GenKryptik.FDZD!tr
Cybereason malicious.077e6b
Qihoo-360 HEUR/QVM10.1.8D09.Malware.Gen