popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

.svchost.exe

Generic Malware Malicious Packer UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 28, 2021, 9:29 a.m. July 28, 2021, 9:36 a.m.
Size 265.1KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 098d627a93cd7687f54c4bd1c342e00d
SHA256 952c1bc7773c529d609f5eac3d5268274cec23eb495ca6ce78a866a73f96aa24
CRC32 1F59209D
ssdeep 1536:0PnwsR1K/131Tjf8XYzyxSykhEFTXVjV10GhTGsMes:0/w+1Y3BkXSDy17GNZ
Yara
  • IsPE32 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1584
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73fd2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1584
region_size: 57344
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x024f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1584
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x003f0000
process_handle: 0xffffffff
1 0 0
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.898086
FireEye Gen:Variant.Razy.898086
Sangfor Trojan.Win32.Save.a
ESET-NOD32 a variant of Win32/Injector.EPVB
APEX Malicious
Kaspersky UDS:Trojan.Win32.Vebzenpak
BitDefender Gen:Variant.Razy.898086
Ad-Aware Gen:Variant.Razy.898086
Sophos ML/PE-A
Emsisoft Gen:Variant.Razy.898086 (B)
GData Gen:Variant.Razy.898086
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Agent.C3559972
MAX malware (ai score=88)
VBA32 BScope.Trojan.Vebzenpak
SentinelOne Static AI - Suspicious PE
eGambit Unsafe.AI_Score_96%
BitDefenderTheta Gen:NN.ZevbaF.34050.qm1@aW3qn8pi
Panda Trj/GdSda.A