popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

servoces64.exe

Anti_VM PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 17, 2024, 1:31 p.m. June 17, 2024, 1:34 p.m.
Size 16.8MB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 540c3c9ae1b97353b49de9a216532d72
SHA256 0d2c84253c9a3ab2339605c4c54b1e52e8ffbb192d0b1a050b27096cdaf2f4d6
CRC32 3CD4E040
ssdeep 393216:OKe0h1uQjMppTvR6USajrgzKHc9bqNJy:TUQjopzR6Unjrrce
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • anti_vm_detect - Possibly employs anti-virtualization techniques

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .00cfg
section .Ue[
section .>P-
section ./ub
section {u'size_of_data': u'0x010cda00', u'virtual_address': u'0x00cb2000', u'entropy': 7.9060753680304945, u'name': u'./ub', u'virtual_size': u'0x010cd8c8'} entropy 7.90607536803 description A section with a high entropy has been found
entropy 0.999825677678 description Overall entropy of this PE file is high
Bkav W64.AIDetectMalware
Cynet Malicious (score: 100)
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win64/Packed.VMProtect.QF
Avast Win64:Evo-gen [Trj]
Rising Trojan.Miner!8.EA1 (TFE:5:9RmvBkWOb3U)
McAfeeD Real Protect-LS!540C3C9AE1B9
Trapmine suspicious.low.ml.score
FireEye Generic.mg.540c3c9ae1b97353
Antiy-AVL Trojan[Packed]/Win64.VMProtect
Kingsoft malware.kb.b.1000
Gridinsoft Trojan.Heur!.022120A3
Microsoft Program:Win32/Wacapew.C!ml
DeepInstinct MALICIOUS
Malwarebytes Trojan.Packed
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
AVG Win64:Evo-gen [Trj]