popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

svchost.exe

Malicious Packer Malicious Library UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 21, 2023, 5:33 a.m. June 21, 2023, 5:35 a.m.
Size 4.0MB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 d076c4b5f5c42b44d583c534f78adbe7
SHA256 2c63c61e0adaaf669c9c674edfc9081d415c05b834611944a682f120ab9559d8
CRC32 FBDD753E
ssdeep 49152:hGXwGFfpgG2Gv0l1YzzsYvbQaWfG85EIUFiqeb0/B1:MFaTGsgB4ENiqe
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .symtab
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefd6b7a50
function_name: wine_get_version
module: ntdll
module_address: 0x0000000076d30000
-1073741511 0
Lionic Trojan.Win64.Coins.tseu
McAfee Artemis!D076C4B5F5C4
Malwarebytes Trojan.LaplasClipper
Sangfor Trojan.Win32.Save.a
Alibaba Trojan:Win64/ClipBanker.49892689
CrowdStrike win/malicious_confidence_60% (D)
VirIT Trojan.Win64.Agent.EN
Cyren W64/GoAgent.A.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of WinGo/ClipBanker.AJ
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky Trojan-Banker.Win32.ClipBanker.ypu
Avast Win64:BankerX-gen [Trj]
Sophos Mal/Generic-S
F-Secure Trojan.TR/ClipBanker.fekot
McAfee-GW-Edition BehavesLike.Win64.Trojan.rh
Emsisoft Trojan.GenericKD.67635980 (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.PSW.Agent.dct
Webroot W32.Trojan.Genkd
Avira TR/ClipBanker.fekot
Microsoft Trojan:Win32/Wacatac.B!ml
ViRobot Trojan.Win.Z.Clipbanker.4212224
ZoneAlarm Trojan-Banker.Win32.ClipBanker.ypu
GData Win64.Trojan.Agent.SM3NOU
Google Detected
AhnLab-V3 Trojan/Win.Generic.R556996
Cylance unsafe
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H0DFJ23
Rising Spyware.ClipBanker!1.E526 (CLASSIC)
Ikarus Win32.Outbreak
MaxSecure Trojan.Malware.197613969.susgen
Fortinet W64/ClipBanker.AJ!tr
AVG Win64:BankerX-gen [Trj]
DeepInstinct MALICIOUS