popup

Report - svchost.exe

Generic Malware Malicious Library PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.06.01 10:58 Machine s1_win7_x6401
Filename svchost.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
9
 Behavior Score
2.8
ZERO API file : malware
VT API (file) 40 detected (AIDetect, malware2, Fugrafa, Unsafe, Attribute, HighConfidence, ClipBanker, Malicious, MulDrop17, gwvzt, XPACK, Gen8, ai score=100, Bomitag, score, BScope, Tasker, GdSda, R06CH0CET21, Wrga, susgen, ZexaE, aqW@aexmQl)
md5 d850f8d4823240e54f834f85e09bd9e7
sha256 19189d845acac54398888e27a66eb3771588bbde2080d3d3aab138053aee89e0
ssdeep 96:9UdIiPwjgrgq9EDVvNwOQsk/wA/vSGsSgFQm5aUqk3PI7IMvNHhqVKPyCldaurD2:9U+C1+xeOPQIjFQ1/cAfvNHhqxAgc2
imphash d9015199fc550f4d12cfbd6fab74e595
impfuzzy 3:swBJAGvbAJS9KTXzhAXwZAORZs6BJO71MO/OywaoJJsjP0JdX0JH0AlWbW7uRAn:dBJAGvPGDfj7rABZ/O2oGQy0AMbGeA
  Network IP location

Signature (6cnts)

Level Description
danger File has been identified by 40 AntiVirus engines on VirusTotal as malicious
notice A process created a hidden window
notice Creates a suspicious process
notice Uses Windows utilities for basic Windows functionality
info Command line console output was observed
info Queries for the computername

Rules (4cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

KERNEL32.dll
 0x402000 LoadLibraryW
 0x402004 GetProcAddress
 0x402008 WaitForSingleObject
 0x40200c CloseHandle
 0x402010 ExitProcess
 0x402014 CreateProcessW
 0x402018 CopyFileW
 0x40201c Sleep
 0x402020 GlobalFree
SHELL32.dll
 0x402028 SHGetFolderPathW

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure