ScreenShot
| Created | 2021.04.19 17:25 | Machine | s1_win7_x6401 |
| Filename | msvhost.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetect, malware1, malicious, high confidence, GenericKD, Generic PWS, Unsafe, Kryptik, Save, Eldorado, Attribute, HighConfidence, HKLN, PWSX, SpyEyes, UnclassifiedMalware@0, Siggen13, xecmz, kcloud, Predator, score, MalPE, R416466, ZexaF, nyW@ayyy4tJ, Graftor, ai score=100, CLOUD, Static AI, Suspicious PE, GdSda, confidence, TrojanPSW, SpyEye, HwoCqx8A) | ||
| md5 | 9487de43f88f7e89bb5d3999f58bff15 | ||
| sha256 | d01b6d2461b4616969a7e688acf91fdc20ae37b51c0b67fed700e0a42365ccda | ||
| ssdeep | 3072:T67T9FlcrMV035JiSkWagZC4jPHXPBGXD00OQ2pPnz5E:T6757cr/8WPZ1jPY00OQ | ||
| imphash | b0eb8cb1ecf999d74c83af780efdac4b | ||
| impfuzzy | 48:xaUG1y7dCep1utqch39k4cTxgKd1pnNZIxmj:xco7H8tqchNk4cTxgG1pHn | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | Library_Malware_Zero | Library Malware | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x3d8e010 InterlockedIncrement
0x3d8e014 SetConsoleTextAttribute
0x3d8e018 GetCurrentProcess
0x3d8e01c GetModuleHandleExW
0x3d8e020 CancelWaitableTimer
0x3d8e024 GetModuleHandleW
0x3d8e028 SetFileTime
0x3d8e02c TzSpecificLocalTimeToSystemTime
0x3d8e030 GlobalAlloc
0x3d8e034 GlobalFindAtomA
0x3d8e038 GetLocaleInfoW
0x3d8e03c SetSystemTimeAdjustment
0x3d8e040 GetFileAttributesA
0x3d8e044 GetConsoleAliasW
0x3d8e048 TerminateProcess
0x3d8e04c FileTimeToSystemTime
0x3d8e050 GetCompressedFileSizeA
0x3d8e054 GetTimeZoneInformation
0x3d8e058 LoadResource
0x3d8e05c DisconnectNamedPipe
0x3d8e060 GetConsoleOutputCP
0x3d8e064 GetLastError
0x3d8e068 GetProcAddress
0x3d8e06c SetFileAttributesA
0x3d8e070 OpenWaitableTimerA
0x3d8e074 GetAtomNameA
0x3d8e078 AddVectoredExceptionHandler
0x3d8e07c GetTapeParameters
0x3d8e080 SetConsoleCursorInfo
0x3d8e084 GlobalUnWire
0x3d8e088 lstrcatW
0x3d8e08c VirtualProtect
0x3d8e090 FindAtomW
0x3d8e094 LocalFree
0x3d8e098 lstrcpyW
0x3d8e09c CompareStringW
0x3d8e0a0 CompareStringA
0x3d8e0a4 FindResourceW
0x3d8e0a8 FindResourceExW
0x3d8e0ac GlobalUnlock
0x3d8e0b0 WriteConsoleOutputCharacterW
0x3d8e0b4 GetCommandLineA
0x3d8e0b8 GetStartupInfoA
0x3d8e0bc UnhandledExceptionFilter
0x3d8e0c0 SetUnhandledExceptionFilter
0x3d8e0c4 IsDebuggerPresent
0x3d8e0c8 HeapAlloc
0x3d8e0cc EnterCriticalSection
0x3d8e0d0 LeaveCriticalSection
0x3d8e0d4 Sleep
0x3d8e0d8 ExitProcess
0x3d8e0dc WriteFile
0x3d8e0e0 GetStdHandle
0x3d8e0e4 GetModuleFileNameA
0x3d8e0e8 FreeEnvironmentStringsA
0x3d8e0ec GetEnvironmentStrings
0x3d8e0f0 FreeEnvironmentStringsW
0x3d8e0f4 WideCharToMultiByte
0x3d8e0f8 GetEnvironmentStringsW
0x3d8e0fc SetHandleCount
0x3d8e100 GetFileType
0x3d8e104 DeleteCriticalSection
0x3d8e108 TlsGetValue
0x3d8e10c TlsAlloc
0x3d8e110 TlsSetValue
0x3d8e114 TlsFree
0x3d8e118 SetLastError
0x3d8e11c GetCurrentThreadId
0x3d8e120 InterlockedDecrement
0x3d8e124 GetCurrentThread
0x3d8e128 HeapCreate
0x3d8e12c HeapDestroy
0x3d8e130 VirtualFree
0x3d8e134 HeapFree
0x3d8e138 QueryPerformanceCounter
0x3d8e13c GetTickCount
0x3d8e140 GetCurrentProcessId
0x3d8e144 GetSystemTimeAsFileTime
0x3d8e148 SetFilePointer
0x3d8e14c GetConsoleCP
0x3d8e150 GetConsoleMode
0x3d8e154 GetCPInfo
0x3d8e158 GetACP
0x3d8e15c GetOEMCP
0x3d8e160 IsValidCodePage
0x3d8e164 FatalAppExitA
0x3d8e168 VirtualAlloc
0x3d8e16c HeapReAlloc
0x3d8e170 RtlUnwind
0x3d8e174 MultiByteToWideChar
0x3d8e178 RaiseException
0x3d8e17c SetConsoleCtrlHandler
0x3d8e180 FreeLibrary
0x3d8e184 InterlockedExchange
0x3d8e188 LoadLibraryA
0x3d8e18c InitializeCriticalSectionAndSpinCount
0x3d8e190 SetStdHandle
0x3d8e194 WriteConsoleA
0x3d8e198 WriteConsoleW
0x3d8e19c LCMapStringA
0x3d8e1a0 LCMapStringW
0x3d8e1a4 GetStringTypeA
0x3d8e1a8 GetStringTypeW
0x3d8e1ac GetTimeFormatA
0x3d8e1b0 GetDateFormatA
0x3d8e1b4 GetUserDefaultLCID
0x3d8e1b8 GetLocaleInfoA
0x3d8e1bc EnumSystemLocalesA
0x3d8e1c0 IsValidLocale
0x3d8e1c4 FlushFileBuffers
0x3d8e1c8 ReadFile
0x3d8e1cc GetModuleHandleA
0x3d8e1d0 HeapSize
0x3d8e1d4 CreateFileA
0x3d8e1d8 CloseHandle
0x3d8e1dc SetEnvironmentVariableA
USER32.dll
0x3d8e1e4 GetMonitorInfoA
ADVAPI32.dll
0x3d8e000 ObjectPrivilegeAuditAlarmA
0x3d8e004 EnumDependentServicesW
0x3d8e008 RegReplaceKeyW
EAT(Export Address Table) Library
0x425df0 Fury
0x425de0 Probka
KERNEL32.dll
0x3d8e010 InterlockedIncrement
0x3d8e014 SetConsoleTextAttribute
0x3d8e018 GetCurrentProcess
0x3d8e01c GetModuleHandleExW
0x3d8e020 CancelWaitableTimer
0x3d8e024 GetModuleHandleW
0x3d8e028 SetFileTime
0x3d8e02c TzSpecificLocalTimeToSystemTime
0x3d8e030 GlobalAlloc
0x3d8e034 GlobalFindAtomA
0x3d8e038 GetLocaleInfoW
0x3d8e03c SetSystemTimeAdjustment
0x3d8e040 GetFileAttributesA
0x3d8e044 GetConsoleAliasW
0x3d8e048 TerminateProcess
0x3d8e04c FileTimeToSystemTime
0x3d8e050 GetCompressedFileSizeA
0x3d8e054 GetTimeZoneInformation
0x3d8e058 LoadResource
0x3d8e05c DisconnectNamedPipe
0x3d8e060 GetConsoleOutputCP
0x3d8e064 GetLastError
0x3d8e068 GetProcAddress
0x3d8e06c SetFileAttributesA
0x3d8e070 OpenWaitableTimerA
0x3d8e074 GetAtomNameA
0x3d8e078 AddVectoredExceptionHandler
0x3d8e07c GetTapeParameters
0x3d8e080 SetConsoleCursorInfo
0x3d8e084 GlobalUnWire
0x3d8e088 lstrcatW
0x3d8e08c VirtualProtect
0x3d8e090 FindAtomW
0x3d8e094 LocalFree
0x3d8e098 lstrcpyW
0x3d8e09c CompareStringW
0x3d8e0a0 CompareStringA
0x3d8e0a4 FindResourceW
0x3d8e0a8 FindResourceExW
0x3d8e0ac GlobalUnlock
0x3d8e0b0 WriteConsoleOutputCharacterW
0x3d8e0b4 GetCommandLineA
0x3d8e0b8 GetStartupInfoA
0x3d8e0bc UnhandledExceptionFilter
0x3d8e0c0 SetUnhandledExceptionFilter
0x3d8e0c4 IsDebuggerPresent
0x3d8e0c8 HeapAlloc
0x3d8e0cc EnterCriticalSection
0x3d8e0d0 LeaveCriticalSection
0x3d8e0d4 Sleep
0x3d8e0d8 ExitProcess
0x3d8e0dc WriteFile
0x3d8e0e0 GetStdHandle
0x3d8e0e4 GetModuleFileNameA
0x3d8e0e8 FreeEnvironmentStringsA
0x3d8e0ec GetEnvironmentStrings
0x3d8e0f0 FreeEnvironmentStringsW
0x3d8e0f4 WideCharToMultiByte
0x3d8e0f8 GetEnvironmentStringsW
0x3d8e0fc SetHandleCount
0x3d8e100 GetFileType
0x3d8e104 DeleteCriticalSection
0x3d8e108 TlsGetValue
0x3d8e10c TlsAlloc
0x3d8e110 TlsSetValue
0x3d8e114 TlsFree
0x3d8e118 SetLastError
0x3d8e11c GetCurrentThreadId
0x3d8e120 InterlockedDecrement
0x3d8e124 GetCurrentThread
0x3d8e128 HeapCreate
0x3d8e12c HeapDestroy
0x3d8e130 VirtualFree
0x3d8e134 HeapFree
0x3d8e138 QueryPerformanceCounter
0x3d8e13c GetTickCount
0x3d8e140 GetCurrentProcessId
0x3d8e144 GetSystemTimeAsFileTime
0x3d8e148 SetFilePointer
0x3d8e14c GetConsoleCP
0x3d8e150 GetConsoleMode
0x3d8e154 GetCPInfo
0x3d8e158 GetACP
0x3d8e15c GetOEMCP
0x3d8e160 IsValidCodePage
0x3d8e164 FatalAppExitA
0x3d8e168 VirtualAlloc
0x3d8e16c HeapReAlloc
0x3d8e170 RtlUnwind
0x3d8e174 MultiByteToWideChar
0x3d8e178 RaiseException
0x3d8e17c SetConsoleCtrlHandler
0x3d8e180 FreeLibrary
0x3d8e184 InterlockedExchange
0x3d8e188 LoadLibraryA
0x3d8e18c InitializeCriticalSectionAndSpinCount
0x3d8e190 SetStdHandle
0x3d8e194 WriteConsoleA
0x3d8e198 WriteConsoleW
0x3d8e19c LCMapStringA
0x3d8e1a0 LCMapStringW
0x3d8e1a4 GetStringTypeA
0x3d8e1a8 GetStringTypeW
0x3d8e1ac GetTimeFormatA
0x3d8e1b0 GetDateFormatA
0x3d8e1b4 GetUserDefaultLCID
0x3d8e1b8 GetLocaleInfoA
0x3d8e1bc EnumSystemLocalesA
0x3d8e1c0 IsValidLocale
0x3d8e1c4 FlushFileBuffers
0x3d8e1c8 ReadFile
0x3d8e1cc GetModuleHandleA
0x3d8e1d0 HeapSize
0x3d8e1d4 CreateFileA
0x3d8e1d8 CloseHandle
0x3d8e1dc SetEnvironmentVariableA
USER32.dll
0x3d8e1e4 GetMonitorInfoA
ADVAPI32.dll
0x3d8e000 ObjectPrivilegeAuditAlarmA
0x3d8e004 EnumDependentServicesW
0x3d8e008 RegReplaceKeyW
EAT(Export Address Table) Library
0x425df0 Fury
0x425de0 Probka