popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

svchost.exe

PE32 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 31, 2021, 1:28 p.m. July 31, 2021, 1:54 p.m.
Size 632.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7a898f78eb97b42d86893276d19f0abf
SHA256 0fda3e2bcbdf27ff0319926ff92c06a742b6e09bad2c1f96fbcb16f84fd3dba7
CRC32 15A7A0FA
ssdeep 12288:qlZpFID+KqH7zak7K0IXMBR6yrD7VORbCV/hWC:QFci7zakIsR6yroRCV/hWC
Yara
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
prodigybot.x10.bz
A 198.91.81.14
198.91.81.14
IP Address Status Action
164.124.101.2 Active Moloch
198.91.81.14 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49166 -> 198.91.81.14:80 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation
TCP 192.168.56.102:49165 -> 198.91.81.14:80 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation
TCP 192.168.56.102:49164 -> 198.91.81.14:80 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

resource name DATA
resource name SQL
request GET http://prodigybot.x10.bz/www/getip.php
file C:\Users\test22\AppData\Roaming\sqlite3.dll
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Trojan.Heur.Nm0@fz1XEEM
FireEye Generic.mg.7a898f78eb97b42d
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus NetWorm ( 700000151 )
K7GW NetWorm ( 700000151 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Heur.E61EA8
Cyren W32/Hupigon.D.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/VB.OPL
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Trojan.Heur.Nm0@fz1XEEM
Avast Win32:DropperX-gen [Drp]
Ad-Aware Gen:Trojan.Heur.Nm0@fz1XEEM
Emsisoft Gen:Trojan.Heur.Nm0@fz1XEEM (B)
DrWeb Trojan.DownLoader40.39570
McAfee-GW-Edition BehavesLike.Win32.Autorun.jh
Sophos Generic ML PUA (PUA)
Ikarus Trojan.Win32.VB
Avira TR/Dropper.Gen
Microsoft Trojan:Win32/Protob.B
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Gen:Trojan.Heur.Nm0@fz1XEEM
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win.Generic.R430887
VBA32 SScope.Malware-Cryptor.VBCR.2841
ALYac Gen:Trojan.Heur.Nm0@fz1XEEM
MAX malware (ai score=85)
SentinelOne Static AI - Malicious PE
BitDefenderTheta AI:Packer.83B354961B
AVG Win32:DropperX-gen [Drp]
Cybereason malicious.8eb97b
Qihoo-360 HEUR/QVM41.1.EE2F.Malware.Gen