popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

svchost.exe

UPX PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 8, 2024, 4:47 p.m. July 8, 2024, 4:51 p.m.
Size 5.7MB
Type PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 cb146d2042ae0df2c95f3afde7256583
SHA256 a6b3c627daa303eb2994b27b68e4c4b0d88fe2bc99511cc7ddf8eb7ac818b468
CRC32 410A5063
ssdeep 98304:n8u/aHbr1uXEP+qtCBkZc6IZjRl3k6TwRCrb6WEJZMt3pBuhKMK7BLUiFO7o:f/aHb5u0lCBkZc6kCnANpBGnKdX
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
source-update.hugratcat.top
A 172.67.133.143
A 104.21.13.250
172.67.133.143
IP Address Status Action
164.124.101.2 Active Moloch
172.67.133.143 Active Moloch
39.97.52.57 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.103:50800 -> 164.124.101.2:53 2023883 ET DNS Query to a *.top domain - Likely Hostile Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 172.67.133.143:2095 2023882 ET INFO HTTP Request to a *.top domain Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: 2024/07/08 16:47:39 Forking
console_handle: 0x000000000000000b
1 1 0
domain source-update.hugratcat.top description Generic top level domain TLD
section {u'size_of_data': u'0x005a9e00', u'virtual_address': u'0x00a7a000', u'entropy': 7.8918429643576005, u'name': u'UPX1', u'virtual_size': u'0x005aa000'} entropy 7.89184296436 description A section with a high entropy has been found
entropy 0.999913793103 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
section UPX2 description Section name indicates UPX
cmdline whoami
host 39.97.52.57
Bkav W64.AIDetectMalware
Elastic malicious (moderate confidence)
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win64.Generic.tc
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of WinGo/Kryptik.FF
APEX Malicious
Kaspersky VHO:Trojan.Win32.Eb.gen
McAfeeD ti!A6B3C627DAA3
Sophos CXrep/MalGo-B
Ikarus Trojan.WinGo.Injector
Google Detected
Antiy-AVL GrayWare/Win32.Kryptik.ffp
ZoneAlarm VHO:Trojan.Win32.Eb.gen
Varist W64/Agent.FXW.gen!Eldorado
Malwarebytes Malware.AI.2899897670
MaxSecure Trojan.Malware.300983.susgen
Time & API Arguments Status Return Repeated

LdrGetProcedureAddress

 ordinal: 0
function_address: 0x000007fefe467a50
function_name: wine_get_version
module: ntdll
module_address: 0x00000000776c0000
-1073741511 0