popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

.svchost.exe

GuLoader Generic Malware Malicious Library UPX Malicious Packer PE File PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 14, 2021, 9:30 a.m. Aug. 14, 2021, 9:59 a.m.
Size 225.3KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 85ef4d2c4d482b353c237e1145fc52bd
SHA256 7c113db245bdcc7da302e5c36e7c340e8467dc91cb9576a3ffb479575ad21b71
CRC32 92D3378D
ssdeep 1536:zrdTtOCRO0YOWAMyCAOzcbQ9jt+TWiUb69pZBsAYDyB7jV+q3hs1+o:fxtfRYyNOzcbmSi+ZB8DyB7sZko
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • GuLoader_IN - GuLoader
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f92000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1280
region_size: 57344
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00600000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL offset 0x000360f0 size 0x000002ec
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x00370000
process_handle: 0xffffffff
1 0 0
Lionic Trojan.Win32.Vebzenpak.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.905061
FireEye Generic.mg.85ef4d2c4d482b35
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
BitDefender Gen:Variant.Razy.905061
BitDefenderTheta Gen:NN.ZevbaF.34058.om1@aqWjCSdb
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Injector.EPXY
APEX Malicious
Kaspersky Trojan.Win32.Vebzenpak.aghg
Ad-Aware Gen:Variant.Razy.905061
Sophos Mal/Generic-S
McAfee-GW-Edition Artemis!Trojan
Emsisoft Gen:Variant.Razy.905061 (B)
SentinelOne Static AI - Malicious PE
MAX malware (ai score=83)
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Arcabit Trojan.Razy.DDCF65
ZoneAlarm Trojan.Win32.Vebzenpak.aghg
GData Gen:Variant.Razy.905061
Cynet Malicious (score: 100)
McAfee Artemis!85EF4D2C4D48
Malwarebytes Trojan.MalPack.VB
Panda Trj/GdSda.A
Fortinet W32/PossibleThreat
AVG FileRepMalware
Avast FileRepMalware
Qihoo-360 Win32/Trojan.Generic.HgIASaIA