Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.19 02:09
66ea645129e6a_jacobs.exe
09.19 11:09
clip64.dll
09.19 11:09
cred64.dll
09.19 10:09
vsfdajg16.exe
09.19 10:09
QuickBooks_Setup.msi
09.19 10:09
QuickBooks_Desktop_Set...
09.19 10:09
game.exe
09.19 10:09
vlsadg.exe
09.19 10:09
lnfsda.exe
09.19 10:09
66eaadab755d2_installs...

Latest News
09.20 03:09
Bridge Detection Gaps ...
09.20 03:09
02 - Performing Basic ...
09.20 03:09
Exploiting Exchange Po...
09.20 03:09
KI in Hollywood: Wie L...
09.20 03:09
Google: PIN-Schutz für...
09.20 03:09
Chrome-Update für Work...
09.20 03:09
Attacker or IT admin? ...
09.20 03:09
EU’s Von der Leyen Ple...
09.20 02:09
Threat Intelligence Sn...
09.20 02:09
Compliance webinar ser...

Summary | ZeroBOX

svhost2.exe

Malicious Packer UPX Malicious Library PE64 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 13, 2024, 9:35 a.m.	Sept. 13, 2024, 9:42 a.m.

Size	5.9MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`5e670353e13a6c5de6c3acec90eef25e`
SHA256	`e717677c2827928972ab2674573e9fa3b1b5e31b6cfa42e52be5bb31a41b16fd`
CRC32	`148E5363`
ssdeep	`98304:iL18b10q9QgCbSDHLWyCB1YumLYXptirUK1wOCRMuQ1CcFxSLEv5UzN9w8fuGmw1:S1e1/9QgCbSDHLWyCB1YumLYXptirUKg`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file

svhost2.exe "C:\Users\test22\AppData\Local\Temp\svhost2.exe"
2096

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.symtab

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 13, 2024, 9:28 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 8389248 registers.r15: 0 registers.rcx: -1 registers.rsi: 2292481 registers.r10: 0 registers.rbx: -10000 registers.rsp: 2292760 registers.r11: 582 registers.r8: 2292800 registers.r9: 2292528 registers.rdx: 0 registers.r12: 2293320 registers.rbp: 2292816 registers.rdi: 4436160 registers.rax: 0 registers.r13: 0	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (6 events)

section

{u'size_of_data': u'0x00056a00', u'virtual_address': u'0x0046f000', u'entropy': 7.995834983192667, u'name': u'/19', u'virtual_size': u'0x0005695a'}

entropy

7.99583498319

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00012000', u'virtual_address': u'0x004c6000', u'entropy': 7.941606766398631, u'name': u'/32', u'virtual_size': u'0x00011e97'}

entropy

7.9416067664

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00096e00', u'virtual_address': u'0x004d9000', u'entropy': 7.996823354211258, u'name': u'/65', u'virtual_size': u'0x00096d03'}

entropy

7.99682335421

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00076000', u'virtual_address': u'0x00570000', u'entropy': 7.99548453500949, u'name': u'/78', u'virtual_size': u'0x00075fdd'}

entropy

7.99548453501

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00020000', u'virtual_address': u'0x005e6000', u'entropy': 7.801225297762759, u'name': u'/90', u'virtual_size': u'0x0001ffeb'}

entropy

7.80122529776

description

A section with a high entropy has been found

entropy

0.268365320979

description

Overall entropy of this PE file is high

File has been identified by 20 AntiVirus engines on VirusTotal as malicious (20 events)

Bkav	W64.AIDetectMalware
Cynet	Malicious (score: 99)
Sangfor	Trojan.Win32.Reverseshell.Vunf
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of WinGo/ReverseShell.DX
Avast	Win64:Malware-gen
F-Secure	Trojan.TR/AVI.Agent.pdhde
McAfeeD	ti!E717677C2827
CTX	exe.trojan.reverseshell
Sophos	Mal/Generic-S
Google	Detected
Avira	TR/AVI.Agent.pdhde
Microsoft	Trojan:Win32/Wacatac.B!ml
McAfee	Artemis!5E670353E13A
DeepInstinct	MALICIOUS
Ikarus	Trojan.WinGo.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/ReverseShell.DX!tr
AVG	Win64:Malware-gen
alibabacloud	Trojan:Multi/ReverseShell.DD