ScreenShot
| Created | 2021.06.24 23:22 | Machine | s1_win7_x6401 |
| Filename | svch.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 36 detected (AIDetect, malware1, malicious, high confidence, GenericKDZ, Unsafe, Save, Attribute, HighConfidence, Kryptik, HLLN, PWSX, Noon, A + Troj, Zenpak, ai score=81, Graftor, Wacatac, score, MalPE, R426917, BScope, Static AI, Malicious PE, susgen, ZexaF, Bu1@aKSRXIdQ, confidence, 100%) | ||
| md5 | 790d32b24be33acb84bf56a73fac43cd | ||
| sha256 | b93f24e7f456357291e285286a12ae79f9b551284757d9050adf6ccac1905ff9 | ||
| ssdeep | 12288:WdV5jT4PzwwLfy2jQ2EAUCtVF6WkqKtl:WdVF4Pzw8YYF6 | ||
| imphash | 9606f4896423e5663963caa907d7b590 | ||
| impfuzzy | 48:fLcXAovfEydlXgERyL9TcfYHOLaEafXARhV8hb38da9OGT:fnMfFlXHkTtH3EafwRhV8hb38da7 | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (9cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x44a000 GetComputerNameA
0x44a004 SearchPathW
0x44a008 FindFirstFileW
0x44a00c CopyFileExW
0x44a010 GetDriveTypeW
0x44a014 SetEndOfFile
0x44a018 GetNumberOfConsoleInputEvents
0x44a01c FindResourceExW
0x44a020 MapUserPhysicalPages
0x44a024 LoadResource
0x44a028 InterlockedIncrement
0x44a02c CreateDirectoryW
0x44a030 GlobalLock
0x44a034 WriteConsoleInputA
0x44a038 GetCommProperties
0x44a03c FreeEnvironmentStringsA
0x44a040 SetTapeParameters
0x44a044 GetModuleHandleW
0x44a048 GetConsoleAliasesLengthA
0x44a04c GetPrivateProfileStringW
0x44a050 GetWindowsDirectoryA
0x44a054 WriteFile
0x44a058 GetCommandLineA
0x44a05c GetSystemWow64DirectoryA
0x44a060 CreateDirectoryExW
0x44a064 SetProcessPriorityBoost
0x44a068 InitializeCriticalSection
0x44a06c TlsSetValue
0x44a070 GlobalAlloc
0x44a074 AddRefActCtx
0x44a078 LoadLibraryW
0x44a07c ReadFileScatter
0x44a080 SetSystemTimeAdjustment
0x44a084 GetSystemWindowsDirectoryA
0x44a088 GetVersionExW
0x44a08c GlobalFlags
0x44a090 TerminateProcess
0x44a094 IsDBCSLeadByte
0x44a098 GetBinaryTypeW
0x44a09c CompareStringW
0x44a0a0 lstrlenW
0x44a0a4 SetConsoleTitleA
0x44a0a8 GetConsoleOutputCP
0x44a0ac VerifyVersionInfoW
0x44a0b0 InterlockedExchange
0x44a0b4 GetFileSizeEx
0x44a0b8 SetThreadLocale
0x44a0bc OpenMutexW
0x44a0c0 GetCurrentDirectoryW
0x44a0c4 GetProcAddress
0x44a0c8 CreateNamedPipeA
0x44a0cc SetVolumeLabelW
0x44a0d0 WriteProfileSectionA
0x44a0d4 SetComputerNameA
0x44a0d8 BuildCommDCBW
0x44a0dc GetLocalTime
0x44a0e0 Process32FirstW
0x44a0e4 OpenMutexA
0x44a0e8 OpenWaitableTimerW
0x44a0ec SetConsoleCtrlHandler
0x44a0f0 AddAtomA
0x44a0f4 FindAtomA
0x44a0f8 GetSystemInfo
0x44a0fc EnumResourceTypesW
0x44a100 CreateIoCompletionPort
0x44a104 FreeEnvironmentStringsW
0x44a108 EnumResourceNamesA
0x44a10c FindNextFileW
0x44a110 GetConsoleTitleW
0x44a114 RequestWakeupLatency
0x44a118 GetConsoleCursorInfo
0x44a11c ScrollConsoleScreenBufferA
0x44a120 SetCalendarInfoA
0x44a124 InterlockedPushEntrySList
0x44a128 GetProfileSectionW
0x44a12c LCMapStringW
0x44a130 AreFileApisANSI
0x44a134 DeleteFileA
0x44a138 GetVolumeInformationW
0x44a13c GetModuleHandleA
0x44a140 FlushFileBuffers
0x44a144 GetStartupInfoA
0x44a148 HeapValidate
0x44a14c IsBadReadPtr
0x44a150 RaiseException
0x44a154 LeaveCriticalSection
0x44a158 EnterCriticalSection
0x44a15c SetStdHandle
0x44a160 GetLastError
0x44a164 GetFileType
0x44a168 WideCharToMultiByte
0x44a16c GetConsoleCP
0x44a170 GetConsoleMode
0x44a174 DeleteCriticalSection
0x44a178 GetModuleFileNameW
0x44a17c SetUnhandledExceptionFilter
0x44a180 QueryPerformanceCounter
0x44a184 GetTickCount
0x44a188 GetCurrentThreadId
0x44a18c GetCurrentProcessId
0x44a190 GetSystemTimeAsFileTime
0x44a194 Sleep
0x44a198 InterlockedDecrement
0x44a19c ExitProcess
0x44a1a0 GetModuleFileNameA
0x44a1a4 GetEnvironmentStrings
0x44a1a8 GetEnvironmentStringsW
0x44a1ac SetHandleCount
0x44a1b0 GetStdHandle
0x44a1b4 TlsGetValue
0x44a1b8 TlsAlloc
0x44a1bc TlsFree
0x44a1c0 SetLastError
0x44a1c4 HeapDestroy
0x44a1c8 HeapCreate
0x44a1cc HeapFree
0x44a1d0 VirtualFree
0x44a1d4 HeapAlloc
0x44a1d8 GetCurrentProcess
0x44a1dc UnhandledExceptionFilter
0x44a1e0 IsDebuggerPresent
0x44a1e4 HeapSize
0x44a1e8 HeapReAlloc
0x44a1ec VirtualAlloc
0x44a1f0 GetACP
0x44a1f4 GetOEMCP
0x44a1f8 GetCPInfo
0x44a1fc IsValidCodePage
0x44a200 InitializeCriticalSectionAndSpinCount
0x44a204 WriteConsoleA
0x44a208 WriteConsoleW
0x44a20c MultiByteToWideChar
0x44a210 SetFilePointer
0x44a214 RtlUnwind
0x44a218 DebugBreak
0x44a21c OutputDebugStringA
0x44a220 OutputDebugStringW
0x44a224 LoadLibraryA
0x44a228 LCMapStringA
0x44a22c GetStringTypeA
0x44a230 GetStringTypeW
0x44a234 GetLocaleInfoA
0x44a238 CreateFileA
0x44a23c CloseHandle
USER32.dll
0x44a244 GetMenuCheckMarkDimensions
0x44a248 GetMenuInfo
0x44a24c GetMenuBarInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x44a000 GetComputerNameA
0x44a004 SearchPathW
0x44a008 FindFirstFileW
0x44a00c CopyFileExW
0x44a010 GetDriveTypeW
0x44a014 SetEndOfFile
0x44a018 GetNumberOfConsoleInputEvents
0x44a01c FindResourceExW
0x44a020 MapUserPhysicalPages
0x44a024 LoadResource
0x44a028 InterlockedIncrement
0x44a02c CreateDirectoryW
0x44a030 GlobalLock
0x44a034 WriteConsoleInputA
0x44a038 GetCommProperties
0x44a03c FreeEnvironmentStringsA
0x44a040 SetTapeParameters
0x44a044 GetModuleHandleW
0x44a048 GetConsoleAliasesLengthA
0x44a04c GetPrivateProfileStringW
0x44a050 GetWindowsDirectoryA
0x44a054 WriteFile
0x44a058 GetCommandLineA
0x44a05c GetSystemWow64DirectoryA
0x44a060 CreateDirectoryExW
0x44a064 SetProcessPriorityBoost
0x44a068 InitializeCriticalSection
0x44a06c TlsSetValue
0x44a070 GlobalAlloc
0x44a074 AddRefActCtx
0x44a078 LoadLibraryW
0x44a07c ReadFileScatter
0x44a080 SetSystemTimeAdjustment
0x44a084 GetSystemWindowsDirectoryA
0x44a088 GetVersionExW
0x44a08c GlobalFlags
0x44a090 TerminateProcess
0x44a094 IsDBCSLeadByte
0x44a098 GetBinaryTypeW
0x44a09c CompareStringW
0x44a0a0 lstrlenW
0x44a0a4 SetConsoleTitleA
0x44a0a8 GetConsoleOutputCP
0x44a0ac VerifyVersionInfoW
0x44a0b0 InterlockedExchange
0x44a0b4 GetFileSizeEx
0x44a0b8 SetThreadLocale
0x44a0bc OpenMutexW
0x44a0c0 GetCurrentDirectoryW
0x44a0c4 GetProcAddress
0x44a0c8 CreateNamedPipeA
0x44a0cc SetVolumeLabelW
0x44a0d0 WriteProfileSectionA
0x44a0d4 SetComputerNameA
0x44a0d8 BuildCommDCBW
0x44a0dc GetLocalTime
0x44a0e0 Process32FirstW
0x44a0e4 OpenMutexA
0x44a0e8 OpenWaitableTimerW
0x44a0ec SetConsoleCtrlHandler
0x44a0f0 AddAtomA
0x44a0f4 FindAtomA
0x44a0f8 GetSystemInfo
0x44a0fc EnumResourceTypesW
0x44a100 CreateIoCompletionPort
0x44a104 FreeEnvironmentStringsW
0x44a108 EnumResourceNamesA
0x44a10c FindNextFileW
0x44a110 GetConsoleTitleW
0x44a114 RequestWakeupLatency
0x44a118 GetConsoleCursorInfo
0x44a11c ScrollConsoleScreenBufferA
0x44a120 SetCalendarInfoA
0x44a124 InterlockedPushEntrySList
0x44a128 GetProfileSectionW
0x44a12c LCMapStringW
0x44a130 AreFileApisANSI
0x44a134 DeleteFileA
0x44a138 GetVolumeInformationW
0x44a13c GetModuleHandleA
0x44a140 FlushFileBuffers
0x44a144 GetStartupInfoA
0x44a148 HeapValidate
0x44a14c IsBadReadPtr
0x44a150 RaiseException
0x44a154 LeaveCriticalSection
0x44a158 EnterCriticalSection
0x44a15c SetStdHandle
0x44a160 GetLastError
0x44a164 GetFileType
0x44a168 WideCharToMultiByte
0x44a16c GetConsoleCP
0x44a170 GetConsoleMode
0x44a174 DeleteCriticalSection
0x44a178 GetModuleFileNameW
0x44a17c SetUnhandledExceptionFilter
0x44a180 QueryPerformanceCounter
0x44a184 GetTickCount
0x44a188 GetCurrentThreadId
0x44a18c GetCurrentProcessId
0x44a190 GetSystemTimeAsFileTime
0x44a194 Sleep
0x44a198 InterlockedDecrement
0x44a19c ExitProcess
0x44a1a0 GetModuleFileNameA
0x44a1a4 GetEnvironmentStrings
0x44a1a8 GetEnvironmentStringsW
0x44a1ac SetHandleCount
0x44a1b0 GetStdHandle
0x44a1b4 TlsGetValue
0x44a1b8 TlsAlloc
0x44a1bc TlsFree
0x44a1c0 SetLastError
0x44a1c4 HeapDestroy
0x44a1c8 HeapCreate
0x44a1cc HeapFree
0x44a1d0 VirtualFree
0x44a1d4 HeapAlloc
0x44a1d8 GetCurrentProcess
0x44a1dc UnhandledExceptionFilter
0x44a1e0 IsDebuggerPresent
0x44a1e4 HeapSize
0x44a1e8 HeapReAlloc
0x44a1ec VirtualAlloc
0x44a1f0 GetACP
0x44a1f4 GetOEMCP
0x44a1f8 GetCPInfo
0x44a1fc IsValidCodePage
0x44a200 InitializeCriticalSectionAndSpinCount
0x44a204 WriteConsoleA
0x44a208 WriteConsoleW
0x44a20c MultiByteToWideChar
0x44a210 SetFilePointer
0x44a214 RtlUnwind
0x44a218 DebugBreak
0x44a21c OutputDebugStringA
0x44a220 OutputDebugStringW
0x44a224 LoadLibraryA
0x44a228 LCMapStringA
0x44a22c GetStringTypeA
0x44a230 GetStringTypeW
0x44a234 GetLocaleInfoA
0x44a238 CreateFileA
0x44a23c CloseHandle
USER32.dll
0x44a244 GetMenuCheckMarkDimensions
0x44a248 GetMenuInfo
0x44a24c GetMenuBarInfo
EAT(Export Address Table) is none