popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Svchost.exe

UPX Malicious Packer PE File OS Processor Check PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 25, 2024, 10:33 a.m. Sept. 25, 2024, 10:50 a.m.
Size 45.5KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d7b665428dd5924505511bd5c0f79e28
SHA256 c69792d8a8ef30f50d118949aee702a01be0cafb4e9f6c9b544a8bb193ea5994
CRC32 100375C4
ssdeep 768:ldhO/poiiUcjlJInShYH9Xqk5nWEZ5SbTDaCuI7CPW5u:7w+jjgnSSH9XqcnW85SbTXuIm
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 393216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00330000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00350000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x727a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2544
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x727a2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 262144
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00470000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00470000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003d2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00405000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0040b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00407000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003ec000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003dc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2544
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003da000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.XenoRAT.m!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Jalapeno.697
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4
Skyhigh XenoRAT!D7B665428DD5
ALYac Gen:Variant.Jalapeno.697
Cylance Unsafe
VIPRE Gen:Variant.Jalapeno.697
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_60% (D)
BitDefender Gen:Variant.Jalapeno.697
K7GW Trojan ( 005b11ae1 )
K7AntiVirus Trojan ( 005b11ae1 )
Arcabit Trojan.Jalapeno.697
VirIT Trojan.Win32.Genus.VHY
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of MSIL/Agent.WNX
APEX Malicious
Avast Win32:BackdoorX-gen [Trj]
Kaspersky HEUR:Backdoor.MSIL.Agent.gen
Alibaba Backdoor:MSIL/Dothetuk.db46b4f3
Rising Backdoor.XenoRAT!1.F6EA (CLASSIC)
Emsisoft Gen:Variant.Jalapeno.697 (B)
F-Secure Heuristic.HEUR/AGEN.1371394
DrWeb BackDoor.XenoRatNET.11
TrendMicro TROJ_GEN.R002C0DIN24
McAfeeD Real Protect-LS!D7B665428DD5
CTX exe.trojan.msil
Sophos Mal/RAT-C
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.d7b665428dd59245
Jiangmin Backdoor.MSIL.gilv
Google Detected
Avira HEUR/AGEN.1371394
Kingsoft malware.kb.c.997
Gridinsoft Malware.Win32.Gen.tr
Microsoft Trojan:MSIL/Dothetuk.AM!MTB
ZoneAlarm HEUR:Backdoor.MSIL.Agent.gen
GData MSIL.Trojan.PSE.13DA3Q2
Varist W32/MSIL_Agent.HBX.gen!Eldorado
AhnLab-V3 Trojan/Win.XenoRAT.C5586957
VBA32 TScope.Trojan.MSIL
TACHYON Trojan/W32.DN-VBKrypt.46592
DeepInstinct MALICIOUS
Malwarebytes Backdoor.XenoRAT
Ikarus Trojan.MSIL.XenoRat
Panda Trj/CI.A
TrendMicro-HouseCall TROJ_GEN.R002C0DIN24
Tencent Backdoor.MSIL.Agent.kc