Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.19 02:11
Potwierdzenie.exe
11.19 02:11
cheet.exe
11.19 02:11
chelentano.exe
11.19 02:11
12.exe
11.19 02:11
caspol.exe
11.19 02:11
gambinho.exe
11.19 02:11
Getdp.exe
11.19 02:11
caspol.exe
11.19 02:11
caspol.exe
11.18 02:11
DOCTOR FIRM ORDER FORM...

Latest News
11.19 06:11
Extending Burp Suite f...
11.19 06:11
How China’s National S...
11.19 06:11
Spot the Difference: E...
11.19 06:11
The Barcode Beast Like...
11.19 06:11
China’s Chip Advances ...
11.19 06:11
이지중고가전, 나눔과 환경보호로 사회적공...
11.19 06:11
Spot the Difference: E...
11.19 05:11
[AIS 2024 영상] KISA 강동우...
11.19 05:11
WVC대학교, 테솔자격증 장학생 모집 실시
11.19 05:11
[긴급] 현재 사이버 공격에 악용중인 팔...

Summary | ZeroBOX

svchost.exe

Gen1 Malicious Packer UPX PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 24, 2023, 11:30 a.m.	March 24, 2023, 11:30 a.m.

Size	78.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`8ec922c7a58a8701ab481b7be9644536`
SHA256	`949bfb5b4c7d58d92f3f9c5f8ec7ca4ceaffd10ec5f0020f0a987c472d61c54b`
CRC32	`5D18DE61`
ssdeep	`1536:rCmo9IYGnNMilsG6DygaOJQeYo2x8h3P2zD:oGnmi96DyLPed2i3e3`
PDB Path	svchost.pdb
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

svchost.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.didat

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

MUI