ScreenShot
| Created | 2021.09.24 17:08 | Machine | s1_win7_x6401 |
| Filename | nscvhost.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Attribute, HighConfidence, score, Azorult, Generic@ML, RDML, TA5Uahl+XE63ljPj9uZgSg, Static AI, Malicious PE, susgen, ZexaF, jz0@amu6mlkO, confidence) | ||
| md5 | 341e63d0f0934ba186bd27a5e43ede35 | ||
| sha256 | 0cbc99017336a7e835494b822f84821254a78b0ae7dea476ed98bca861b1936b | ||
| ssdeep | 24576:vDM1/AEuX8yyzgNBGLaKgiq6x1LLDdjLYetXxE:y1uXcgGLaKghG1n5jkQXxE | ||
| imphash | 658c49f2b142429657b3337ed8c9de9e | ||
| impfuzzy | 48:BX2jODfDUd70obQvFX2GAwO6IK9lts1avV8Wrv:3HEYiQvFX27wVIQltscvV8Wrv | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a000 GetThreadContext
0x41a004 SetLocalTime
0x41a008 FindResourceExW
0x41a00c InterlockedIncrement
0x41a010 GetQueuedCompletionStatus
0x41a014 InterlockedDecrement
0x41a018 UnlockFile
0x41a01c SetEvent
0x41a020 FreeEnvironmentStringsA
0x41a024 GetModuleHandleW
0x41a028 CreateNamedPipeW
0x41a02c GetConsoleAliasesLengthA
0x41a030 SetCommState
0x41a034 GetCommandLineA
0x41a038 GetPrivateProfileIntA
0x41a03c GetSystemDirectoryW
0x41a040 LoadLibraryW
0x41a044 GetConsoleAliasExesLengthW
0x41a048 HeapDestroy
0x41a04c CreateSemaphoreA
0x41a050 GetBinaryTypeA
0x41a054 TerminateProcess
0x41a058 lstrlenW
0x41a05c LCMapStringA
0x41a060 GetPrivateProfileIntW
0x41a064 InterlockedExchange
0x41a068 GetStartupInfoA
0x41a06c GetStdHandle
0x41a070 FreeLibraryAndExitThread
0x41a074 OpenMutexW
0x41a078 GetLastError
0x41a07c GetCurrentDirectoryW
0x41a080 GetThreadLocale
0x41a084 GetProcAddress
0x41a088 EnterCriticalSection
0x41a08c LoadLibraryA
0x41a090 LocalAlloc
0x41a094 WritePrivateProfileStringA
0x41a098 GetNumberFormatW
0x41a09c GetProfileStringA
0x41a0a0 SetThreadIdealProcessor
0x41a0a4 HeapWalk
0x41a0a8 FindAtomA
0x41a0ac SetSystemTime
0x41a0b0 GlobalWire
0x41a0b4 GetModuleFileNameA
0x41a0b8 FindFirstChangeNotificationA
0x41a0bc FindNextFileW
0x41a0c0 WriteProfileStringW
0x41a0c4 GetCPInfoExA
0x41a0c8 SetFileShortNameA
0x41a0cc TlsAlloc
0x41a0d0 EnumResourceLanguagesW
0x41a0d4 UnregisterWaitEx
0x41a0d8 CopyFileExA
0x41a0dc DeleteFileA
0x41a0e0 GetVolumeInformationW
0x41a0e4 LocalFileTimeToFileTime
0x41a0e8 EncodePointer
0x41a0ec DecodePointer
0x41a0f0 HeapSetInformation
0x41a0f4 GetStartupInfoW
0x41a0f8 LeaveCriticalSection
0x41a0fc SetHandleCount
0x41a100 InitializeCriticalSectionAndSpinCount
0x41a104 GetFileType
0x41a108 DeleteCriticalSection
0x41a10c GetCurrentProcess
0x41a110 UnhandledExceptionFilter
0x41a114 SetUnhandledExceptionFilter
0x41a118 IsDebuggerPresent
0x41a11c GetModuleFileNameW
0x41a120 ExitProcess
0x41a124 HeapValidate
0x41a128 IsBadReadPtr
0x41a12c QueryPerformanceCounter
0x41a130 GetTickCount
0x41a134 GetCurrentThreadId
0x41a138 GetCurrentProcessId
0x41a13c GetSystemTimeAsFileTime
0x41a140 FreeEnvironmentStringsW
0x41a144 WideCharToMultiByte
0x41a148 GetEnvironmentStringsW
0x41a14c TlsGetValue
0x41a150 TlsSetValue
0x41a154 TlsFree
0x41a158 SetLastError
0x41a15c HeapCreate
0x41a160 WriteFile
0x41a164 SetFilePointer
0x41a168 GetConsoleCP
0x41a16c GetConsoleMode
0x41a170 OutputDebugStringA
0x41a174 WriteConsoleW
0x41a178 OutputDebugStringW
0x41a17c RtlUnwind
0x41a180 GetACP
0x41a184 GetOEMCP
0x41a188 GetCPInfo
0x41a18c IsValidCodePage
0x41a190 HeapAlloc
0x41a194 HeapReAlloc
0x41a198 HeapSize
0x41a19c HeapQueryInformation
0x41a1a0 HeapFree
0x41a1a4 MultiByteToWideChar
0x41a1a8 IsProcessorFeaturePresent
0x41a1ac FlushFileBuffers
0x41a1b0 SetStdHandle
0x41a1b4 LCMapStringW
0x41a1b8 GetStringTypeW
0x41a1bc CloseHandle
0x41a1c0 CreateFileW
0x41a1c4 RaiseException
EAT(Export Address Table) is none
KERNEL32.dll
0x41a000 GetThreadContext
0x41a004 SetLocalTime
0x41a008 FindResourceExW
0x41a00c InterlockedIncrement
0x41a010 GetQueuedCompletionStatus
0x41a014 InterlockedDecrement
0x41a018 UnlockFile
0x41a01c SetEvent
0x41a020 FreeEnvironmentStringsA
0x41a024 GetModuleHandleW
0x41a028 CreateNamedPipeW
0x41a02c GetConsoleAliasesLengthA
0x41a030 SetCommState
0x41a034 GetCommandLineA
0x41a038 GetPrivateProfileIntA
0x41a03c GetSystemDirectoryW
0x41a040 LoadLibraryW
0x41a044 GetConsoleAliasExesLengthW
0x41a048 HeapDestroy
0x41a04c CreateSemaphoreA
0x41a050 GetBinaryTypeA
0x41a054 TerminateProcess
0x41a058 lstrlenW
0x41a05c LCMapStringA
0x41a060 GetPrivateProfileIntW
0x41a064 InterlockedExchange
0x41a068 GetStartupInfoA
0x41a06c GetStdHandle
0x41a070 FreeLibraryAndExitThread
0x41a074 OpenMutexW
0x41a078 GetLastError
0x41a07c GetCurrentDirectoryW
0x41a080 GetThreadLocale
0x41a084 GetProcAddress
0x41a088 EnterCriticalSection
0x41a08c LoadLibraryA
0x41a090 LocalAlloc
0x41a094 WritePrivateProfileStringA
0x41a098 GetNumberFormatW
0x41a09c GetProfileStringA
0x41a0a0 SetThreadIdealProcessor
0x41a0a4 HeapWalk
0x41a0a8 FindAtomA
0x41a0ac SetSystemTime
0x41a0b0 GlobalWire
0x41a0b4 GetModuleFileNameA
0x41a0b8 FindFirstChangeNotificationA
0x41a0bc FindNextFileW
0x41a0c0 WriteProfileStringW
0x41a0c4 GetCPInfoExA
0x41a0c8 SetFileShortNameA
0x41a0cc TlsAlloc
0x41a0d0 EnumResourceLanguagesW
0x41a0d4 UnregisterWaitEx
0x41a0d8 CopyFileExA
0x41a0dc DeleteFileA
0x41a0e0 GetVolumeInformationW
0x41a0e4 LocalFileTimeToFileTime
0x41a0e8 EncodePointer
0x41a0ec DecodePointer
0x41a0f0 HeapSetInformation
0x41a0f4 GetStartupInfoW
0x41a0f8 LeaveCriticalSection
0x41a0fc SetHandleCount
0x41a100 InitializeCriticalSectionAndSpinCount
0x41a104 GetFileType
0x41a108 DeleteCriticalSection
0x41a10c GetCurrentProcess
0x41a110 UnhandledExceptionFilter
0x41a114 SetUnhandledExceptionFilter
0x41a118 IsDebuggerPresent
0x41a11c GetModuleFileNameW
0x41a120 ExitProcess
0x41a124 HeapValidate
0x41a128 IsBadReadPtr
0x41a12c QueryPerformanceCounter
0x41a130 GetTickCount
0x41a134 GetCurrentThreadId
0x41a138 GetCurrentProcessId
0x41a13c GetSystemTimeAsFileTime
0x41a140 FreeEnvironmentStringsW
0x41a144 WideCharToMultiByte
0x41a148 GetEnvironmentStringsW
0x41a14c TlsGetValue
0x41a150 TlsSetValue
0x41a154 TlsFree
0x41a158 SetLastError
0x41a15c HeapCreate
0x41a160 WriteFile
0x41a164 SetFilePointer
0x41a168 GetConsoleCP
0x41a16c GetConsoleMode
0x41a170 OutputDebugStringA
0x41a174 WriteConsoleW
0x41a178 OutputDebugStringW
0x41a17c RtlUnwind
0x41a180 GetACP
0x41a184 GetOEMCP
0x41a188 GetCPInfo
0x41a18c IsValidCodePage
0x41a190 HeapAlloc
0x41a194 HeapReAlloc
0x41a198 HeapSize
0x41a19c HeapQueryInformation
0x41a1a0 HeapFree
0x41a1a4 MultiByteToWideChar
0x41a1a8 IsProcessorFeaturePresent
0x41a1ac FlushFileBuffers
0x41a1b0 SetStdHandle
0x41a1b4 LCMapStringW
0x41a1b8 GetStringTypeW
0x41a1bc CloseHandle
0x41a1c0 CreateFileW
0x41a1c4 RaiseException
EAT(Export Address Table) is none