ScreenShot
| Created | 2021.08.11 17:59 | Machine | s1_win7_x6402 |
| Filename | svchost.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 49 detected (Zenpak, malicious, high confidence, GenericKD, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, HLZR, Raccoon, MalwareX, CLASSIC, Malware@#3gro97xqprhtm, MulDrop18, HPGen, Emotet, Static AI, Malicious PE, Score, kcloud, StopCrypt, 1YPK01Z, R436162, ZexaF, hq0@auYIwxgG, ai score=81, Mokes, 15oNdU70CKI, Glupteba, susgen, HLZT, GdSda, HwoCGN8A) | ||
| md5 | e4b0b8cd3c4cb6273879748e2bf1a1d8 | ||
| sha256 | ebe93cedff8510594f0967c35bf9bcbc9043381c6bc5fe494cc2508e6665515b | ||
| ssdeep | 1536:YG6Vr3qxLEvUmcN3PJwB9OMCTisOfv5MpRMxgsM0Xl16qbFY1:YGS7oLnROYNCv5Mzd/0V11x | ||
| imphash | 00a47d6be4445a02dce374ef34dd9b76 | ||
| impfuzzy | 48:nzR+ZqFZm/MF/doUwtdTY+t7B81uyMWChyqf:n1mwQ4oUwb8+t7B8zMWChL | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 49 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x410000 SetProcessAffinityMask
0x410004 WriteConsoleInputW
0x410008 lstrlenA
0x41000c GetConsoleAliasesLengthW
0x410010 EnumDateFormatsExW
0x410014 FindResourceExW
0x410018 WriteConsoleOutputCharacterA
0x41001c EndUpdateResourceW
0x410020 GetUserDefaultLCID
0x410024 SetConsoleScreenBufferSize
0x410028 GetComputerNameW
0x41002c SetEvent
0x410030 GetSystemDefaultLCID
0x410034 GetProcessHeap
0x410038 ReadConsoleW
0x41003c SetFileTime
0x410040 WriteFile
0x410044 CreateActCtxW
0x410048 InitializeCriticalSection
0x41004c GetVolumePathNameW
0x410050 ActivateActCtx
0x410054 GetConsoleCP
0x410058 GlobalFindAtomA
0x41005c TerminateThread
0x410060 ReadConsoleInputA
0x410064 GetSystemWindowsDirectoryA
0x410068 ReadConsoleOutputW
0x41006c GetVersionExW
0x410070 SetConsoleCP
0x410074 InterlockedPopEntrySList
0x410078 DnsHostnameToComputerNameW
0x41007c GetConsoleAliasW
0x410080 VerifyVersionInfoA
0x410084 GetMailslotInfo
0x410088 GetTimeZoneInformation
0x41008c CreateActCtxA
0x410090 SetConsoleTitleA
0x410094 GetConsoleOutputCP
0x410098 InterlockedExchange
0x41009c GetLastError
0x4100a0 GetLongPathNameW
0x4100a4 SetLastError
0x4100a8 GetProcAddress
0x4100ac GetConsoleDisplayMode
0x4100b0 EnterCriticalSection
0x4100b4 LoadLibraryA
0x4100b8 WriteConsoleA
0x4100bc CreateTapePartition
0x4100c0 GetProfileStringA
0x4100c4 WaitForMultipleObjects
0x4100c8 SetEnvironmentVariableA
0x4100cc GetModuleHandleA
0x4100d0 UpdateResourceW
0x4100d4 CancelTimerQueueTimer
0x4100d8 BuildCommDCBA
0x4100dc VirtualProtect
0x4100e0 GetFileAttributesExW
0x4100e4 GetCPInfoExA
0x4100e8 SetCalendarInfoA
0x4100ec FindFirstVolumeW
0x4100f0 GetCurrentProcessId
0x4100f4 GetPrivateProfileSectionW
0x4100f8 GlobalReAlloc
0x4100fc GetSystemTime
0x410100 AreFileApisANSI
0x410104 CreateThread
0x410108 CreateFileA
0x41010c UnhandledExceptionFilter
0x410110 SetUnhandledExceptionFilter
0x410114 HeapReAlloc
0x410118 HeapAlloc
0x41011c GetStartupInfoW
0x410120 GetModuleHandleW
0x410124 Sleep
0x410128 ExitProcess
0x41012c GetStdHandle
0x410130 GetModuleFileNameA
0x410134 LeaveCriticalSection
0x410138 TerminateProcess
0x41013c GetCurrentProcess
0x410140 IsDebuggerPresent
0x410144 DeleteCriticalSection
0x410148 HeapCreate
0x41014c VirtualFree
0x410150 HeapFree
0x410154 VirtualAlloc
0x410158 GetModuleFileNameW
0x41015c FreeEnvironmentStringsW
0x410160 GetEnvironmentStringsW
0x410164 GetCommandLineW
0x410168 SetHandleCount
0x41016c GetFileType
0x410170 GetStartupInfoA
0x410174 TlsGetValue
0x410178 TlsAlloc
0x41017c TlsSetValue
0x410180 TlsFree
0x410184 InterlockedIncrement
0x410188 GetCurrentThreadId
0x41018c InterlockedDecrement
0x410190 QueryPerformanceCounter
0x410194 GetTickCount
0x410198 GetSystemTimeAsFileTime
0x41019c InitializeCriticalSectionAndSpinCount
0x4101a0 GetCPInfo
0x4101a4 GetACP
0x4101a8 GetOEMCP
0x4101ac IsValidCodePage
0x4101b0 WideCharToMultiByte
0x4101b4 RtlUnwind
0x4101b8 HeapSize
0x4101bc GetLocaleInfoA
0x4101c0 GetConsoleMode
0x4101c4 FlushFileBuffers
0x4101c8 LCMapStringA
0x4101cc MultiByteToWideChar
0x4101d0 LCMapStringW
0x4101d4 GetStringTypeA
0x4101d8 GetStringTypeW
0x4101dc SetFilePointer
0x4101e0 CloseHandle
0x4101e4 WriteConsoleW
0x4101e8 SetStdHandle
USER32.dll
0x4101f0 GetAltTabInfoA
0x4101f4 RealChildWindowFromPoint
EAT(Export Address Table) is none
KERNEL32.dll
0x410000 SetProcessAffinityMask
0x410004 WriteConsoleInputW
0x410008 lstrlenA
0x41000c GetConsoleAliasesLengthW
0x410010 EnumDateFormatsExW
0x410014 FindResourceExW
0x410018 WriteConsoleOutputCharacterA
0x41001c EndUpdateResourceW
0x410020 GetUserDefaultLCID
0x410024 SetConsoleScreenBufferSize
0x410028 GetComputerNameW
0x41002c SetEvent
0x410030 GetSystemDefaultLCID
0x410034 GetProcessHeap
0x410038 ReadConsoleW
0x41003c SetFileTime
0x410040 WriteFile
0x410044 CreateActCtxW
0x410048 InitializeCriticalSection
0x41004c GetVolumePathNameW
0x410050 ActivateActCtx
0x410054 GetConsoleCP
0x410058 GlobalFindAtomA
0x41005c TerminateThread
0x410060 ReadConsoleInputA
0x410064 GetSystemWindowsDirectoryA
0x410068 ReadConsoleOutputW
0x41006c GetVersionExW
0x410070 SetConsoleCP
0x410074 InterlockedPopEntrySList
0x410078 DnsHostnameToComputerNameW
0x41007c GetConsoleAliasW
0x410080 VerifyVersionInfoA
0x410084 GetMailslotInfo
0x410088 GetTimeZoneInformation
0x41008c CreateActCtxA
0x410090 SetConsoleTitleA
0x410094 GetConsoleOutputCP
0x410098 InterlockedExchange
0x41009c GetLastError
0x4100a0 GetLongPathNameW
0x4100a4 SetLastError
0x4100a8 GetProcAddress
0x4100ac GetConsoleDisplayMode
0x4100b0 EnterCriticalSection
0x4100b4 LoadLibraryA
0x4100b8 WriteConsoleA
0x4100bc CreateTapePartition
0x4100c0 GetProfileStringA
0x4100c4 WaitForMultipleObjects
0x4100c8 SetEnvironmentVariableA
0x4100cc GetModuleHandleA
0x4100d0 UpdateResourceW
0x4100d4 CancelTimerQueueTimer
0x4100d8 BuildCommDCBA
0x4100dc VirtualProtect
0x4100e0 GetFileAttributesExW
0x4100e4 GetCPInfoExA
0x4100e8 SetCalendarInfoA
0x4100ec FindFirstVolumeW
0x4100f0 GetCurrentProcessId
0x4100f4 GetPrivateProfileSectionW
0x4100f8 GlobalReAlloc
0x4100fc GetSystemTime
0x410100 AreFileApisANSI
0x410104 CreateThread
0x410108 CreateFileA
0x41010c UnhandledExceptionFilter
0x410110 SetUnhandledExceptionFilter
0x410114 HeapReAlloc
0x410118 HeapAlloc
0x41011c GetStartupInfoW
0x410120 GetModuleHandleW
0x410124 Sleep
0x410128 ExitProcess
0x41012c GetStdHandle
0x410130 GetModuleFileNameA
0x410134 LeaveCriticalSection
0x410138 TerminateProcess
0x41013c GetCurrentProcess
0x410140 IsDebuggerPresent
0x410144 DeleteCriticalSection
0x410148 HeapCreate
0x41014c VirtualFree
0x410150 HeapFree
0x410154 VirtualAlloc
0x410158 GetModuleFileNameW
0x41015c FreeEnvironmentStringsW
0x410160 GetEnvironmentStringsW
0x410164 GetCommandLineW
0x410168 SetHandleCount
0x41016c GetFileType
0x410170 GetStartupInfoA
0x410174 TlsGetValue
0x410178 TlsAlloc
0x41017c TlsSetValue
0x410180 TlsFree
0x410184 InterlockedIncrement
0x410188 GetCurrentThreadId
0x41018c InterlockedDecrement
0x410190 QueryPerformanceCounter
0x410194 GetTickCount
0x410198 GetSystemTimeAsFileTime
0x41019c InitializeCriticalSectionAndSpinCount
0x4101a0 GetCPInfo
0x4101a4 GetACP
0x4101a8 GetOEMCP
0x4101ac IsValidCodePage
0x4101b0 WideCharToMultiByte
0x4101b4 RtlUnwind
0x4101b8 HeapSize
0x4101bc GetLocaleInfoA
0x4101c0 GetConsoleMode
0x4101c4 FlushFileBuffers
0x4101c8 LCMapStringA
0x4101cc MultiByteToWideChar
0x4101d0 LCMapStringW
0x4101d4 GetStringTypeA
0x4101d8 GetStringTypeW
0x4101dc SetFilePointer
0x4101e0 CloseHandle
0x4101e4 WriteConsoleW
0x4101e8 SetStdHandle
USER32.dll
0x4101f0 GetAltTabInfoA
0x4101f4 RealChildWindowFromPoint
EAT(Export Address Table) is none