Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.06 06:07
build.exe
07.06 06:07
CoronaVirus.exe
07.06 06:07
RedLineStealer.exe
07.06 06:07
stealc_zov.exe
07.06 06:07
newbuild.exe
07.06 06:07
setup.exe
07.06 06:07
leva.exe
07.06 06:07
CryptoWall.exe
07.06 06:07
univ.exe
07.06 06:07
inte.exe

Latest News
07.07 12:07
USENIX Security ’23 – ...
07.06 10:07
Researchers Discover C...
07.06 10:07
New Mallox Ransomware ...
07.06 09:07
[한 주를 관통하는 보안 소식] 2024...
07.06 09:07
[퀴즈 이·보·소] 최근 벌어진 국내외 ...
07.06 08:07
김포시, 70만 김포시대 대비해 최첨단 ...
07.06 08:07
식약처, ‘체외진단의료기기 품질관리 및 ...
07.06 08:07
코레일, 정보보호의 날 맞아 ‘사이버 안...
07.06 08:07
소프트웨어 가치 보장, 발주자가 앞장선다
07.06 08:07
‘AI 과학기술 강군 육성’을 위한 발돋...

Summary | ZeroBOX

svrhost.exe

UPX OS Processor Check PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 19, 2024, 7:01 p.m.	June 19, 2024, 7:01 p.m.

Size	90.5MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`f5ccac795e79c40d64e7e5a73c741785`
SHA256	`1b427974d38f8f1e5ae399050bd3fc23bc7fa6561e4dfacf73dc1eb52b5ef7f5`
CRC32	`ADE4B791`
ssdeep	`6144:mc4qS758j2We/mvvp8oQNbmZf1fw7srC7CCo3PISSP13Y/M3TmOcr9TfLn5AS2d3:f4qS7S5pvpQmZdMZply6TsYS2dhd`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

svrhost.exe "C:\Users\test22\AppData\Local\Temp\svrhost.exe"
2660

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 19, 2024, 6:54 p.m.	process_identifier: 2660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 1052672 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d31000 process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 events)

Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/GenKryptik.GETL
Rising	Trojan.Kryptik!8.8 (TFE:5:rQA1B2MPqWU)
F-Secure	Trojan.TR/AD.AsynRatSH.xdwes
McAfeeD	ti!1B427974D38F
FireEye	Generic.mg.f5ccac795e79c40d
Sophos	Mal/Generic-S
Avira	TR/AD.AsynRatSH.xdwes
DeepInstinct	MALICIOUS
Fortinet	W64/GenKryptik.GETL!tr
Paloalto	generic.ml