ScreenShot
| Created | 2021.08.11 17:57 | Machine | s1_win7_x6402 |
| Filename | svchost.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 9d06a1ead98bff1e324534185ff02cb1 | ||
| sha256 | 02c6d31dbcb21b0dc30be090c2e215dde62c0d2352e2c7deae8c185505a63f06 | ||
| ssdeep | 3072:rqPEoHVW+7asbD5djj7vIgScsYh6gSVywo3c+:eu+7tnji7knGyHM | ||
| imphash | 4b405a935ba1896da801696a6c1a4ade | ||
| impfuzzy | 24:j4F4VV4T6WiZgPkrkRUMbMddkCIvOcDS1DbD+v8bnuJjdRiYTt5OovEGAiQFQ8Rw:KDGZgwxMk11HQjiYTt8VGAk9j6cCF7dU | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x414000 GetComputerNameA
0x414004 lstrlenA
0x414008 LocalCompact
0x41400c MoveFileExW
0x414010 InterlockedDecrement
0x414014 WritePrivateProfileSectionA
0x414018 ReadConsoleOutputAttribute
0x41401c GetProfileStringW
0x414020 GetUserDefaultLCID
0x414024 SetEvent
0x414028 IsBadReadPtr
0x41402c GetConsoleAliasesLengthA
0x414030 ReadConsoleOutputA
0x414034 InitializeCriticalSection
0x414038 GetVolumePathNameW
0x41403c GetConsoleCP
0x414040 GetSystemWindowsDirectoryA
0x414044 InterlockedPopEntrySList
0x414048 LeaveCriticalSection
0x41404c lstrcpynW
0x414050 GetConsoleAliasW
0x414054 SetConsoleCursorPosition
0x414058 GetFileAttributesW
0x41405c WriteConsoleW
0x414060 ReadFile
0x414064 CreateFileW
0x414068 CreateActCtxA
0x41406c GetACP
0x414070 VerifyVersionInfoW
0x414074 GetLastError
0x414078 GetProcAddress
0x41407c PeekConsoleInputW
0x414080 EnumDateFormatsExA
0x414084 GetConsoleDisplayMode
0x414088 GetProcessId
0x41408c LocalAlloc
0x414090 DeleteTimerQueue
0x414094 DnsHostnameToComputerNameA
0x414098 CreateTapePartition
0x41409c GlobalGetAtomNameW
0x4140a0 WaitForMultipleObjects
0x4140a4 SetSystemTime
0x4140a8 SetEnvironmentVariableA
0x4140ac SetConsoleTitleW
0x4140b0 GetModuleHandleA
0x4140b4 lstrcatW
0x4140b8 UpdateResourceW
0x4140bc CancelTimerQueueTimer
0x4140c0 GetConsoleTitleW
0x4140c4 BuildCommDCBA
0x4140c8 VirtualProtect
0x4140cc SetCalendarInfoA
0x4140d0 FindFirstVolumeA
0x4140d4 EndUpdateResourceA
0x4140d8 GetVersionExA
0x4140dc AreFileApisANSI
0x4140e0 UnhandledExceptionFilter
0x4140e4 SetUnhandledExceptionFilter
0x4140e8 GetCommandLineA
0x4140ec GetStartupInfoA
0x4140f0 RaiseException
0x4140f4 RtlUnwind
0x4140f8 GetModuleHandleW
0x4140fc Sleep
0x414100 ExitProcess
0x414104 WriteFile
0x414108 GetStdHandle
0x41410c GetModuleFileNameA
0x414110 TerminateProcess
0x414114 GetCurrentProcess
0x414118 IsDebuggerPresent
0x41411c HeapAlloc
0x414120 HeapFree
0x414124 FreeEnvironmentStringsA
0x414128 GetEnvironmentStrings
0x41412c FreeEnvironmentStringsW
0x414130 WideCharToMultiByte
0x414134 GetEnvironmentStringsW
0x414138 SetHandleCount
0x41413c GetFileType
0x414140 DeleteCriticalSection
0x414144 TlsGetValue
0x414148 TlsAlloc
0x41414c TlsSetValue
0x414150 TlsFree
0x414154 InterlockedIncrement
0x414158 SetLastError
0x41415c GetCurrentThreadId
0x414160 HeapCreate
0x414164 VirtualFree
0x414168 QueryPerformanceCounter
0x41416c GetTickCount
0x414170 GetCurrentProcessId
0x414174 GetSystemTimeAsFileTime
0x414178 EnterCriticalSection
0x41417c LoadLibraryA
0x414180 InitializeCriticalSectionAndSpinCount
0x414184 VirtualAlloc
0x414188 HeapReAlloc
0x41418c HeapSize
0x414190 GetCPInfo
0x414194 GetOEMCP
0x414198 IsValidCodePage
0x41419c GetLocaleInfoA
0x4141a0 LCMapStringA
0x4141a4 MultiByteToWideChar
0x4141a8 LCMapStringW
0x4141ac GetStringTypeA
0x4141b0 GetStringTypeW
USER32.dll
0x4141b8 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @GetOtherVice@12
KERNEL32.dll
0x414000 GetComputerNameA
0x414004 lstrlenA
0x414008 LocalCompact
0x41400c MoveFileExW
0x414010 InterlockedDecrement
0x414014 WritePrivateProfileSectionA
0x414018 ReadConsoleOutputAttribute
0x41401c GetProfileStringW
0x414020 GetUserDefaultLCID
0x414024 SetEvent
0x414028 IsBadReadPtr
0x41402c GetConsoleAliasesLengthA
0x414030 ReadConsoleOutputA
0x414034 InitializeCriticalSection
0x414038 GetVolumePathNameW
0x41403c GetConsoleCP
0x414040 GetSystemWindowsDirectoryA
0x414044 InterlockedPopEntrySList
0x414048 LeaveCriticalSection
0x41404c lstrcpynW
0x414050 GetConsoleAliasW
0x414054 SetConsoleCursorPosition
0x414058 GetFileAttributesW
0x41405c WriteConsoleW
0x414060 ReadFile
0x414064 CreateFileW
0x414068 CreateActCtxA
0x41406c GetACP
0x414070 VerifyVersionInfoW
0x414074 GetLastError
0x414078 GetProcAddress
0x41407c PeekConsoleInputW
0x414080 EnumDateFormatsExA
0x414084 GetConsoleDisplayMode
0x414088 GetProcessId
0x41408c LocalAlloc
0x414090 DeleteTimerQueue
0x414094 DnsHostnameToComputerNameA
0x414098 CreateTapePartition
0x41409c GlobalGetAtomNameW
0x4140a0 WaitForMultipleObjects
0x4140a4 SetSystemTime
0x4140a8 SetEnvironmentVariableA
0x4140ac SetConsoleTitleW
0x4140b0 GetModuleHandleA
0x4140b4 lstrcatW
0x4140b8 UpdateResourceW
0x4140bc CancelTimerQueueTimer
0x4140c0 GetConsoleTitleW
0x4140c4 BuildCommDCBA
0x4140c8 VirtualProtect
0x4140cc SetCalendarInfoA
0x4140d0 FindFirstVolumeA
0x4140d4 EndUpdateResourceA
0x4140d8 GetVersionExA
0x4140dc AreFileApisANSI
0x4140e0 UnhandledExceptionFilter
0x4140e4 SetUnhandledExceptionFilter
0x4140e8 GetCommandLineA
0x4140ec GetStartupInfoA
0x4140f0 RaiseException
0x4140f4 RtlUnwind
0x4140f8 GetModuleHandleW
0x4140fc Sleep
0x414100 ExitProcess
0x414104 WriteFile
0x414108 GetStdHandle
0x41410c GetModuleFileNameA
0x414110 TerminateProcess
0x414114 GetCurrentProcess
0x414118 IsDebuggerPresent
0x41411c HeapAlloc
0x414120 HeapFree
0x414124 FreeEnvironmentStringsA
0x414128 GetEnvironmentStrings
0x41412c FreeEnvironmentStringsW
0x414130 WideCharToMultiByte
0x414134 GetEnvironmentStringsW
0x414138 SetHandleCount
0x41413c GetFileType
0x414140 DeleteCriticalSection
0x414144 TlsGetValue
0x414148 TlsAlloc
0x41414c TlsSetValue
0x414150 TlsFree
0x414154 InterlockedIncrement
0x414158 SetLastError
0x41415c GetCurrentThreadId
0x414160 HeapCreate
0x414164 VirtualFree
0x414168 QueryPerformanceCounter
0x41416c GetTickCount
0x414170 GetCurrentProcessId
0x414174 GetSystemTimeAsFileTime
0x414178 EnterCriticalSection
0x41417c LoadLibraryA
0x414180 InitializeCriticalSectionAndSpinCount
0x414184 VirtualAlloc
0x414188 HeapReAlloc
0x41418c HeapSize
0x414190 GetCPInfo
0x414194 GetOEMCP
0x414198 IsValidCodePage
0x41419c GetLocaleInfoA
0x4141a0 LCMapStringA
0x4141a4 MultiByteToWideChar
0x4141a8 LCMapStringW
0x4141ac GetStringTypeA
0x4141b0 GetStringTypeW
USER32.dll
0x4141b8 RealGetWindowClassA
EAT(Export Address Table) Library
0x401065 @GetOtherVice@12