popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

svchost.exe

Generic Malware Malicious Packer PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 1, 2021, 11:19 a.m. June 1, 2021, 11:20 a.m.
Size 204.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 10d1dc044b4f546c7e1c29f40d364a77
SHA256 7a84aa92f81ee3e9e694a8105b94a825147abf2504572a8fb3fb333d574bd33f
CRC32 77D4F447
ssdeep 3072:5+tl5Nwfu2O2xdqJqSlWbLPz374eQBDplqLkgtLDebI5aj/pdmi:sBojbjjEeWDplqQgtubI54dm
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d72000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 732
region_size: 57344
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00510000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 876544
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x773b0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2696
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 876544
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x773b0000
process_handle: 0xffffffff
1 0 0
cmdline "C:\Users\test22\AppData\Local\Temp\svchost.exe"
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 732
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x003a0000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

EnumServicesStatusA

 service_handle: 0x00576b20
service_type: 48
service_status: 3
0 0
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
DrWeb Trojan.Nanocore.493
MicroWorld-eScan Trojan.GenericKD.46387517
FireEye Generic.mg.10d1dc044b4f546c
ALYac Trojan.GenericKD.46387517
Cylance Unsafe
Sangfor Backdoor.MSIL.NanoBot.beng
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Backdoor:MSIL/NanoBot.f4dc8698
K7GW Riskware ( 0040eff71 )
Arcabit Trojan.Generic.D2C3D13D
BitDefenderTheta Gen:NN.ZevbaF.34692.mm0@aS86Zhhi
Symantec Trojan Horse
ESET-NOD32 Win32/TrojanDownloader.Injector.AM
APEX Malicious
Avast FileRepMalware
Kaspersky Backdoor.MSIL.NanoBot.beng
BitDefender Trojan.GenericKD.46387517
Paloalto generic.ml
Ad-Aware Trojan.GenericKD.46387517
Emsisoft Trojan.GenericKD.46387517 (B)
Comodo Malware@#1jja5qb7ovvpj
TrendMicro TROJ_FRS.0NA103EV21
McAfee-GW-Edition BehavesLike.Win32.Trojan.dm
Sophos Mal/Generic-S
Ikarus Trojan.VB.Crypt
Avira BDS/NanoBot.vqxpd
Kingsoft Win32.Hack.MSIL.be.(kcloud)
Gridinsoft Trojan.Win32.Agent.oa
Microsoft Trojan:Win32/Fareit!ml
GData Trojan.GenericKD.46387517
Cynet Malicious (score: 99)
McAfee Artemis!10D1DC044B4F
MAX malware (ai score=100)
VBA32 BScope.Trojan.Agent
Malwarebytes Trojan.GuLoader
TrendMicro-HouseCall TROJ_FRS.0NA103EV21
eGambit Unsafe.AI_Score_98%
Fortinet W32/Malicious_Behavior.SBX
AVG FileRepMalware
Panda Trj/GdSda.A
CrowdStrike win/malicious_confidence_90% (W)