ScreenShot
| Created | 2021.06.09 22:34 | Machine | s1_win7_x6402 |
| Filename | svchost.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 30 detected (AIDetect, malware2, malicious, high confidence, Jaik, FCZE, Unsafe, confidence, EPML, FileRepMalware, Static AI, Suspicious PE, Wacatac, ai score=100, R002H0CF921, Score, ZevbaF, jm0@ayt38Hci, GdSda, susgen) | ||
| md5 | 99bbf83abe9d6e4ecc91493e32230833 | ||
| sha256 | 2b2a00650dc91d1a7ccfa4a62e3462762c62d8a092bddb75943f87074f1d56a5 | ||
| ssdeep | 1536:Fttu3FssKUmvr9DJ1FJS1bQNZ6bp/+Dtr5m3XSt4lYS0eXJWUTFboob:ztu3alxx3fSQmbs55r4l6eXJWUB0ob | ||
| imphash | 9b8686288ab82fdbf8ede30bc55c83b7 | ||
| impfuzzy | 48:nv2wzQwgQweTRsYz31xn3ueG3OG+bKxr1Sxg3x+bGUATRgFNfp9Ldw+sEHgkSSWM:nv2GQfQZTRsYz31xn+zeG+bKxrwxgB+P | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 30 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
Rules (2cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
MSVBVM60.DLL
0x401000 None
0x401004 _CIcos
0x401008 _adj_fptan
0x40100c None
0x401010 __vbaVarMove
0x401014 None
0x401018 __vbaFreeVar
0x40101c __vbaStrVarMove
0x401020 __vbaFreeVarList
0x401024 _adj_fdiv_m64
0x401028 None
0x40102c None
0x401030 __vbaFreeObjList
0x401034 _adj_fprem1
0x401038 __vbaRecAnsiToUni
0x40103c __vbaStrCat
0x401040 None
0x401044 None
0x401048 __vbaSetSystemError
0x40104c None
0x401050 __vbaRecDestruct
0x401054 __vbaHresultCheckObj
0x401058 None
0x40105c __vbaLenBstrB
0x401060 None
0x401064 _adj_fdiv_m32
0x401068 None
0x40106c __vbaAryDestruct
0x401070 None
0x401074 None
0x401078 None
0x40107c __vbaObjSet
0x401080 __vbaOnError
0x401084 None
0x401088 _adj_fdiv_m16i
0x40108c None
0x401090 __vbaObjSetAddref
0x401094 _adj_fdivr_m16i
0x401098 None
0x40109c __vbaCyStr
0x4010a0 None
0x4010a4 __vbaFpR8
0x4010a8 __vbaVarTstLt
0x4010ac _CIsin
0x4010b0 None
0x4010b4 __vbaChkstk
0x4010b8 EVENT_SINK_AddRef
0x4010bc __vbaGenerateBoundsError
0x4010c0 __vbaStrCmp
0x4010c4 __vbaAryConstruct2
0x4010c8 __vbaObjVar
0x4010cc __vbaI2I4
0x4010d0 DllFunctionCall
0x4010d4 _adj_fpatan
0x4010d8 None
0x4010dc __vbaLateIdCallLd
0x4010e0 None
0x4010e4 __vbaRecUniToAnsi
0x4010e8 EVENT_SINK_Release
0x4010ec __vbaUI1I2
0x4010f0 _CIsqrt
0x4010f4 EVENT_SINK_QueryInterface
0x4010f8 __vbaFpCmpCy
0x4010fc __vbaExceptHandler
0x401100 None
0x401104 _adj_fprem
0x401108 _adj_fdivr_m64
0x40110c None
0x401110 None
0x401114 __vbaFPException
0x401118 None
0x40111c None
0x401120 None
0x401124 None
0x401128 None
0x40112c _CIlog
0x401130 __vbaFileOpen
0x401134 __vbaNew2
0x401138 None
0x40113c __vbaInStr
0x401140 _adj_fdiv_m32i
0x401144 _adj_fdivr_m32i
0x401148 __vbaStrCopy
0x40114c None
0x401150 __vbaFreeStrList
0x401154 _adj_fdivr_m32
0x401158 _adj_fdiv_r
0x40115c None
0x401160 __vbaVarTstNe
0x401164 __vbaI4Var
0x401168 None
0x40116c None
0x401170 __vbaVarAdd
0x401174 __vbaLateMemCall
0x401178 __vbaVarDup
0x40117c __vbaStrToAnsi
0x401180 None
0x401184 None
0x401188 __vbaFpI4
0x40118c __vbaLateMemCallLd
0x401190 __vbaRecDestructAnsi
0x401194 _CIatan
0x401198 __vbaStrMove
0x40119c __vbaCastObj
0x4011a0 None
0x4011a4 _allmul
0x4011a8 __vbaLateIdSt
0x4011ac _CItan
0x4011b0 _CIexp
0x4011b4 __vbaFreeObj
0x4011b8 __vbaFreeStr
0x4011bc None
EAT(Export Address Table) is none
MSVBVM60.DLL
0x401000 None
0x401004 _CIcos
0x401008 _adj_fptan
0x40100c None
0x401010 __vbaVarMove
0x401014 None
0x401018 __vbaFreeVar
0x40101c __vbaStrVarMove
0x401020 __vbaFreeVarList
0x401024 _adj_fdiv_m64
0x401028 None
0x40102c None
0x401030 __vbaFreeObjList
0x401034 _adj_fprem1
0x401038 __vbaRecAnsiToUni
0x40103c __vbaStrCat
0x401040 None
0x401044 None
0x401048 __vbaSetSystemError
0x40104c None
0x401050 __vbaRecDestruct
0x401054 __vbaHresultCheckObj
0x401058 None
0x40105c __vbaLenBstrB
0x401060 None
0x401064 _adj_fdiv_m32
0x401068 None
0x40106c __vbaAryDestruct
0x401070 None
0x401074 None
0x401078 None
0x40107c __vbaObjSet
0x401080 __vbaOnError
0x401084 None
0x401088 _adj_fdiv_m16i
0x40108c None
0x401090 __vbaObjSetAddref
0x401094 _adj_fdivr_m16i
0x401098 None
0x40109c __vbaCyStr
0x4010a0 None
0x4010a4 __vbaFpR8
0x4010a8 __vbaVarTstLt
0x4010ac _CIsin
0x4010b0 None
0x4010b4 __vbaChkstk
0x4010b8 EVENT_SINK_AddRef
0x4010bc __vbaGenerateBoundsError
0x4010c0 __vbaStrCmp
0x4010c4 __vbaAryConstruct2
0x4010c8 __vbaObjVar
0x4010cc __vbaI2I4
0x4010d0 DllFunctionCall
0x4010d4 _adj_fpatan
0x4010d8 None
0x4010dc __vbaLateIdCallLd
0x4010e0 None
0x4010e4 __vbaRecUniToAnsi
0x4010e8 EVENT_SINK_Release
0x4010ec __vbaUI1I2
0x4010f0 _CIsqrt
0x4010f4 EVENT_SINK_QueryInterface
0x4010f8 __vbaFpCmpCy
0x4010fc __vbaExceptHandler
0x401100 None
0x401104 _adj_fprem
0x401108 _adj_fdivr_m64
0x40110c None
0x401110 None
0x401114 __vbaFPException
0x401118 None
0x40111c None
0x401120 None
0x401124 None
0x401128 None
0x40112c _CIlog
0x401130 __vbaFileOpen
0x401134 __vbaNew2
0x401138 None
0x40113c __vbaInStr
0x401140 _adj_fdiv_m32i
0x401144 _adj_fdivr_m32i
0x401148 __vbaStrCopy
0x40114c None
0x401150 __vbaFreeStrList
0x401154 _adj_fdivr_m32
0x401158 _adj_fdiv_r
0x40115c None
0x401160 __vbaVarTstNe
0x401164 __vbaI4Var
0x401168 None
0x40116c None
0x401170 __vbaVarAdd
0x401174 __vbaLateMemCall
0x401178 __vbaVarDup
0x40117c __vbaStrToAnsi
0x401180 None
0x401184 None
0x401188 __vbaFpI4
0x40118c __vbaLateMemCallLd
0x401190 __vbaRecDestructAnsi
0x401194 _CIatan
0x401198 __vbaStrMove
0x40119c __vbaCastObj
0x4011a0 None
0x4011a4 _allmul
0x4011a8 __vbaLateIdSt
0x4011ac _CItan
0x4011b0 _CIexp
0x4011b4 __vbaFreeObj
0x4011b8 __vbaFreeStr
0x4011bc None
EAT(Export Address Table) is none