ScreenShot
| Created | 2021.04.13 16:24 | Machine | s1_win7_x6402 |
| Filename | svchost.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (AIDetect, malware1, malicious, high confidence, Save, confidence, 100%, ZexaF, uCX@aa1Nr3fG, Attribute, HighConfidence, Kryptik, HKJX, GenericML, xnet, Caynamer, score, Artemis, Unsafe, Generic@ML, RDML, o083kWm92yXdRVsLEQlJKg, Static AI, Malicious PE, GenKryptik, FDZD, QVM10) | ||
| md5 | 10a6ee4d2adc0ebf2c35aa538c391622 | ||
| sha256 | 6a3dbe59e320ddf283fdf1177f3345bba999e7b55e5c2fdb1eab9e2247b97eb3 | ||
| ssdeep | 6144:MMoLbMrySpdoKlkHK4VaAr02Uyaf2WAqa+bU2zC6CnFtnPE:MMo3rAoKyHK4VaW09y1WAqg2SFZPE | ||
| imphash | 0b6968a3728849da0a75cdaf93956fc2 | ||
| impfuzzy | 48:OUUOtwQ1zweGBtpMuDTKcacgKd1znNZvKp6xE:OUVtdlXGBtpFTKcacgG1zHcr | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0xa1f000 RemoveVectoredExceptionHandler
0xa1f004 FindResourceA
0xa1f008 GetModuleHandleExA
0xa1f00c WriteConsoleOutputCharacterA
0xa1f010 SystemTimeToTzSpecificLocalTime
0xa1f014 SetWaitableTimer
0xa1f018 GetCurrentProcess
0xa1f01c CancelWaitableTimer
0xa1f020 ConnectNamedPipe
0xa1f024 GetConsoleAliasesA
0xa1f028 GetCompressedFileSizeW
0xa1f02c FindResourceExA
0xa1f030 GlobalFindAtomA
0xa1f034 GetLocaleInfoW
0xa1f038 SizeofResource
0xa1f03c GetSystemTimeAdjustment
0xa1f040 GetFileAttributesA
0xa1f044 GetExitCodeProcess
0xa1f048 SetTimeZoneInformation
0xa1f04c TerminateProcess
0xa1f050 GetAtomNameW
0xa1f054 FileTimeToSystemTime
0xa1f058 GetEnvironmentVariableA
0xa1f05c GlobalUnlock
0xa1f060 SetLastError
0xa1f064 OpenWaitableTimerA
0xa1f068 LocalAlloc
0xa1f06c SetConsoleCtrlHandler
0xa1f070 SetConsoleOutputCP
0xa1f074 AddAtomA
0xa1f078 GetTapeParameters
0xa1f07c GlobalWire
0xa1f080 lstrcatW
0xa1f084 VirtualProtect
0xa1f088 GetFileTime
0xa1f08c LocalFree
0xa1f090 SetFileAttributesW
0xa1f094 SetEnvironmentVariableA
0xa1f098 CompareStringW
0xa1f09c GetStartupInfoW
0xa1f0a0 RaiseException
0xa1f0a4 RtlUnwind
0xa1f0a8 UnhandledExceptionFilter
0xa1f0ac SetUnhandledExceptionFilter
0xa1f0b0 IsDebuggerPresent
0xa1f0b4 HeapAlloc
0xa1f0b8 GetLastError
0xa1f0bc HeapFree
0xa1f0c0 GetModuleHandleW
0xa1f0c4 Sleep
0xa1f0c8 GetProcAddress
0xa1f0cc ExitProcess
0xa1f0d0 WriteFile
0xa1f0d4 GetStdHandle
0xa1f0d8 GetModuleFileNameA
0xa1f0dc GetModuleFileNameW
0xa1f0e0 FreeEnvironmentStringsW
0xa1f0e4 GetEnvironmentStringsW
0xa1f0e8 GetCommandLineW
0xa1f0ec SetHandleCount
0xa1f0f0 GetFileType
0xa1f0f4 GetStartupInfoA
0xa1f0f8 DeleteCriticalSection
0xa1f0fc TlsGetValue
0xa1f100 TlsAlloc
0xa1f104 TlsSetValue
0xa1f108 TlsFree
0xa1f10c InterlockedIncrement
0xa1f110 GetCurrentThreadId
0xa1f114 InterlockedDecrement
0xa1f118 GetCurrentThread
0xa1f11c HeapCreate
0xa1f120 HeapDestroy
0xa1f124 VirtualFree
0xa1f128 QueryPerformanceCounter
0xa1f12c GetTickCount
0xa1f130 GetCurrentProcessId
0xa1f134 GetSystemTimeAsFileTime
0xa1f138 SetFilePointer
0xa1f13c WideCharToMultiByte
0xa1f140 GetConsoleCP
0xa1f144 GetConsoleMode
0xa1f148 EnterCriticalSection
0xa1f14c LeaveCriticalSection
0xa1f150 GetCPInfo
0xa1f154 GetACP
0xa1f158 GetOEMCP
0xa1f15c IsValidCodePage
0xa1f160 FatalAppExitA
0xa1f164 VirtualAlloc
0xa1f168 HeapReAlloc
0xa1f16c HeapSize
0xa1f170 FreeLibrary
0xa1f174 InterlockedExchange
0xa1f178 LoadLibraryA
0xa1f17c InitializeCriticalSectionAndSpinCount
0xa1f180 SetStdHandle
0xa1f184 WriteConsoleA
0xa1f188 GetConsoleOutputCP
0xa1f18c WriteConsoleW
0xa1f190 MultiByteToWideChar
0xa1f194 LCMapStringA
0xa1f198 LCMapStringW
0xa1f19c GetStringTypeA
0xa1f1a0 GetStringTypeW
0xa1f1a4 GetTimeFormatA
0xa1f1a8 GetDateFormatA
0xa1f1ac GetUserDefaultLCID
0xa1f1b0 GetLocaleInfoA
0xa1f1b4 EnumSystemLocalesA
0xa1f1b8 IsValidLocale
0xa1f1bc CreateFileA
0xa1f1c0 CloseHandle
0xa1f1c4 FlushFileBuffers
0xa1f1c8 GetTimeZoneInformation
0xa1f1cc CompareStringA
0xa1f1d0 GetModuleHandleA
USER32.dll
0xa1f1d8 GetMonitorInfoA
EAT(Export Address Table) Library
0x43ef70 Coruso
0x43ef80 Gorgeous
KERNEL32.dll
0xa1f000 RemoveVectoredExceptionHandler
0xa1f004 FindResourceA
0xa1f008 GetModuleHandleExA
0xa1f00c WriteConsoleOutputCharacterA
0xa1f010 SystemTimeToTzSpecificLocalTime
0xa1f014 SetWaitableTimer
0xa1f018 GetCurrentProcess
0xa1f01c CancelWaitableTimer
0xa1f020 ConnectNamedPipe
0xa1f024 GetConsoleAliasesA
0xa1f028 GetCompressedFileSizeW
0xa1f02c FindResourceExA
0xa1f030 GlobalFindAtomA
0xa1f034 GetLocaleInfoW
0xa1f038 SizeofResource
0xa1f03c GetSystemTimeAdjustment
0xa1f040 GetFileAttributesA
0xa1f044 GetExitCodeProcess
0xa1f048 SetTimeZoneInformation
0xa1f04c TerminateProcess
0xa1f050 GetAtomNameW
0xa1f054 FileTimeToSystemTime
0xa1f058 GetEnvironmentVariableA
0xa1f05c GlobalUnlock
0xa1f060 SetLastError
0xa1f064 OpenWaitableTimerA
0xa1f068 LocalAlloc
0xa1f06c SetConsoleCtrlHandler
0xa1f070 SetConsoleOutputCP
0xa1f074 AddAtomA
0xa1f078 GetTapeParameters
0xa1f07c GlobalWire
0xa1f080 lstrcatW
0xa1f084 VirtualProtect
0xa1f088 GetFileTime
0xa1f08c LocalFree
0xa1f090 SetFileAttributesW
0xa1f094 SetEnvironmentVariableA
0xa1f098 CompareStringW
0xa1f09c GetStartupInfoW
0xa1f0a0 RaiseException
0xa1f0a4 RtlUnwind
0xa1f0a8 UnhandledExceptionFilter
0xa1f0ac SetUnhandledExceptionFilter
0xa1f0b0 IsDebuggerPresent
0xa1f0b4 HeapAlloc
0xa1f0b8 GetLastError
0xa1f0bc HeapFree
0xa1f0c0 GetModuleHandleW
0xa1f0c4 Sleep
0xa1f0c8 GetProcAddress
0xa1f0cc ExitProcess
0xa1f0d0 WriteFile
0xa1f0d4 GetStdHandle
0xa1f0d8 GetModuleFileNameA
0xa1f0dc GetModuleFileNameW
0xa1f0e0 FreeEnvironmentStringsW
0xa1f0e4 GetEnvironmentStringsW
0xa1f0e8 GetCommandLineW
0xa1f0ec SetHandleCount
0xa1f0f0 GetFileType
0xa1f0f4 GetStartupInfoA
0xa1f0f8 DeleteCriticalSection
0xa1f0fc TlsGetValue
0xa1f100 TlsAlloc
0xa1f104 TlsSetValue
0xa1f108 TlsFree
0xa1f10c InterlockedIncrement
0xa1f110 GetCurrentThreadId
0xa1f114 InterlockedDecrement
0xa1f118 GetCurrentThread
0xa1f11c HeapCreate
0xa1f120 HeapDestroy
0xa1f124 VirtualFree
0xa1f128 QueryPerformanceCounter
0xa1f12c GetTickCount
0xa1f130 GetCurrentProcessId
0xa1f134 GetSystemTimeAsFileTime
0xa1f138 SetFilePointer
0xa1f13c WideCharToMultiByte
0xa1f140 GetConsoleCP
0xa1f144 GetConsoleMode
0xa1f148 EnterCriticalSection
0xa1f14c LeaveCriticalSection
0xa1f150 GetCPInfo
0xa1f154 GetACP
0xa1f158 GetOEMCP
0xa1f15c IsValidCodePage
0xa1f160 FatalAppExitA
0xa1f164 VirtualAlloc
0xa1f168 HeapReAlloc
0xa1f16c HeapSize
0xa1f170 FreeLibrary
0xa1f174 InterlockedExchange
0xa1f178 LoadLibraryA
0xa1f17c InitializeCriticalSectionAndSpinCount
0xa1f180 SetStdHandle
0xa1f184 WriteConsoleA
0xa1f188 GetConsoleOutputCP
0xa1f18c WriteConsoleW
0xa1f190 MultiByteToWideChar
0xa1f194 LCMapStringA
0xa1f198 LCMapStringW
0xa1f19c GetStringTypeA
0xa1f1a0 GetStringTypeW
0xa1f1a4 GetTimeFormatA
0xa1f1a8 GetDateFormatA
0xa1f1ac GetUserDefaultLCID
0xa1f1b0 GetLocaleInfoA
0xa1f1b4 EnumSystemLocalesA
0xa1f1b8 IsValidLocale
0xa1f1bc CreateFileA
0xa1f1c0 CloseHandle
0xa1f1c4 FlushFileBuffers
0xa1f1c8 GetTimeZoneInformation
0xa1f1cc CompareStringA
0xa1f1d0 GetModuleHandleA
USER32.dll
0xa1f1d8 GetMonitorInfoA
EAT(Export Address Table) Library
0x43ef70 Coruso
0x43ef80 Gorgeous