Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 1, 2022, 5:43 p.m.	Feb. 1, 2022, 5:51 p.m.

Size	104.1KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`427869f8c8671b5ee10c6798b3ca65bf`
SHA256	`c9fc78840dc8310cfadfc2432522509dc2af91aa0a91241b34bdbe55bc703a5a`
CRC32	`D83E060F`
ssdeep	`1536:HlcfoGRYBmOTEnPisxF0oIV0dY5oHKB92GrPbKH+M4thZhZcm:HqovTEKsooIVu/Hs9dbKeRthZ8m`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

svcyr.exe "C:\Users\test22\AppData\Local\Temp\svcyr.exe"
2768

Name	Response	Post-Analysis Lookup
v8.ter.tf

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable uses a known packer (1 event)

packer

Armadillo v1.71

Creates a service (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateServiceA Feb. 1, 2022, 5:43 p.m.	service_start_name: start_type: 2 password: display_name: WinHelp32 Myss filepath: C:\Windows\rwhvcq.exe service_name: Windows Help System Myss filepath_r: C:\Windows\rwhvcq.exe desired_access: 983551 service_handle: 0x00823100 error_control: 1 service_type: 272 service_manager_handle: 0x008231a0	1	8532224	0

Installs itself for autorun at Windows startup (1 event)

service_name

Windows Help System Myss

service_path

C:\Windows\rwhvcq.exe

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoader25.10495
MicroWorld-eScan	Generic.ServStart.A.B0BD8BB2
FireEye	Generic.mg.427869f8c8671b5e
CAT-QuickHeal	PUA.MauvaiseRI.S5249243
ALYac	Generic.ServStart.A.B0BD8BB2
Malwarebytes	Backdoor.Bot
Zillya	Trojan.Agent.Win32.787015
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	DDoS:Win32/Nitol.11e52ff5
K7GW	Trojan ( 000170ae1 )
K7AntiVirus	Trojan ( 000170ae1 )
BitDefenderTheta	Gen:NN.ZexaF.34182.gq1@aqGUDjhi
VirIT	Trojan.Win32.Dnldr25.PNR
Cyren	W32/Trojan.CZR.gen!Eldorado
Symantec	SMG.Heur!gen
ESET-NOD32	a variant of Win32/Agent.RTQ
TrendMicro-HouseCall	DDoS.Win32.NITOL.SMG
Avast	Win32:TrojanX-gen [Trj]
ClamAV	Win.Malware.Nitol-6802818-0
Kaspersky	UDS:Trojan.Win32.Generic
BitDefender	Generic.ServStart.A.B0BD8BB2
NANO-Antivirus	Trojan.Win32.Ric.etbkiz
Tencent	Malware.Win32.Gencirc.10b64ea2
Emsisoft	Generic.ServStart.A.B0BD8BB2 (B)
Comodo	TrojWare.Win32.Nitol.RT@7ul2hk
VIPRE	BehavesLike.Win32.Malware.wsc (mx-v)
TrendMicro	DDoS.Win32.NITOL.SMG
McAfee-GW-Edition	DoS-FBZ!427869F8C867
Sophos	Mal/Generic-S
Paloalto	generic.ml
Jiangmin	Trojan.Generic.bjpij
Avira	BDS/Backdoor.Gen2
MAX	malware (ai score=82)
Gridinsoft	Trojan.Win32.Gen.vl!i
Microsoft	DDoS:Win32/Nitol.P!bit
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Generic.ServStart.A.B0BD8BB2
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Skeeyah.C1931365
McAfee	DoS-FBZ!427869F8C867
TACHYON	Trojan/W32.Agent.106622.C
VBA32	BScope.TrojanDDoS.Macri
APEX	Malicious
Rising	Trojan.DDOS!1.AF3C (CLOUD)
SentinelOne	Static AI - Malicious PE
Fortinet	W32/Agent.RTQ!tr

svcyr.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All