popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

svchost.exe

Generic Malware Malicious Library Antivirus UPX Malicious Packer Anti_VM PE File PE64
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 20, 2024, 9:17 a.m. Oct. 20, 2024, 10:09 a.m.
Size 296.5KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 7460f67864161928611617d5c28dada8
SHA256 f3c6834b83000b99f2bbef17060d8379f7519a16a6bcef1780aa06e141e57875
CRC32 A9DF02BE
ssdeep 6144:LL6Aj2ws/+HCn2PrYwX7U4ilaTgsZigfLafwwZDJSTBxt124Bq2tI:LWAjhe+H8KIFsZiHJSTF1g
PDB Path C:\Users\谷堕\Desktop\2022远程管理gfi\cangku\WinOsClientProject\x64\Release-exe\上线模块.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE64 - (no description)
  • Antivirus - Contains references to security software
  • anti_vm_detect - Possibly employs anti-virtualization techniques
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
110.40.45.163 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\Users\谷堕\Desktop\2022远程管理gfi\cangku\WinOsClientProject\x64\Release-exe\上线模块.pdb
host 110.40.45.163
dead_host 110.40.45.163:60