ScreenShot
| Created | 2022.02.01 17:51 | Machine | s1_win7_x6401 |
| Filename | svcyr.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 53 detected (AIDetect, malware1, malicious, high confidence, DownLoader25, MauvaiseRI, S5249243, Save, confidence, Nitol, ZexaF, gq1@aqGUDjhi, Dnldr25, Eldorado, TrojanX, etbkiz, Gencirc, RT@7ul2hk, bjpij, Gen2, ai score=82, score, Skeeyah, BScope, TrojanDDoS, Macri, CLOUD, Static AI, Malicious PE, Genetic) | ||
| md5 | 427869f8c8671b5ee10c6798b3ca65bf | ||
| sha256 | c9fc78840dc8310cfadfc2432522509dc2af91aa0a91241b34bdbe55bc703a5a | ||
| ssdeep | 1536:HlcfoGRYBmOTEnPisxF0oIV0dY5oHKB92GrPbKH+M4thZhZcm:HqovTEKsooIVu/Hs9dbKeRthZ8m | ||
| imphash | 189b0e4751fb61bd6cafbfdc0138fd3e | ||
| impfuzzy | 24:rj/gp4Tep4tlpi19WDc0TPebZuKHzZ8xamY5wOovMRvgukuQ/eBRXJYBLBmunEpN:f1ep2mEebmxamYdr6/eHXJYtjbyVd60 | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| notice | Creates a service |
| info | The executable uses a known packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x412044 GetSystemInfo
0x412048 WaitForSingleObject
0x41204c lstrlenA
0x412050 GetLastError
0x412054 GetComputerNameA
0x412058 GlobalMemoryStatus
0x41205c GetModuleHandleA
0x412060 CompareStringW
0x412064 CompareStringA
0x412068 GetSystemDefaultUILanguage
0x41206c WinExec
0x412070 CreateThread
0x412074 CloseHandle
0x412078 GetModuleFileNameA
0x41207c GetTempPathA
0x412080 MoveFileA
0x412084 MoveFileExA
0x412088 GetCurrentProcessId
0x41208c lstrcpyA
0x412090 GetCurrentProcess
0x412094 ExitThread
0x412098 Sleep
0x41209c GetTickCount
0x4120a0 LoadLibraryA
0x4120a4 CopyFileA
0x4120a8 GetProcAddress
0x4120ac LCMapStringW
0x4120b0 LCMapStringA
0x4120b4 GetStringTypeW
0x4120b8 GetStringTypeA
0x4120bc MultiByteToWideChar
0x4120c0 SetConsoleCtrlHandler
0x4120c4 SetStdHandle
0x4120c8 GetOEMCP
0x4120cc GetACP
0x4120d0 GetCPInfo
0x4120d4 CreateProcessA
0x4120d8 GetExitCodeProcess
0x4120dc IsBadCodePtr
0x4120e0 IsBadReadPtr
0x4120e4 SetUnhandledExceptionFilter
0x4120e8 FlushFileBuffers
0x4120ec SetEnvironmentVariableA
0x4120f0 SetFilePointer
0x4120f4 WriteFile
0x4120f8 GetEnvironmentStringsW
0x4120fc GetEnvironmentStrings
0x412100 WideCharToMultiByte
0x412104 FreeEnvironmentStringsW
0x412108 FreeEnvironmentStringsA
0x41210c UnhandledExceptionFilter
0x412110 IsBadWritePtr
0x412114 RtlUnwind
0x412118 GetTimeZoneInformation
0x41211c GetSystemTime
0x412120 GetLocalTime
0x412124 ExitProcess
0x412128 TerminateProcess
0x41212c HeapFree
0x412130 HeapAlloc
0x412134 GetStartupInfoA
0x412138 GetCommandLineA
0x41213c GetVersion
0x412140 SetHandleCount
0x412144 GetStdHandle
0x412148 GetFileType
0x41214c HeapReAlloc
0x412150 HeapSize
0x412154 GetFileAttributesA
0x412158 GetEnvironmentVariableA
0x41215c GetVersionExA
0x412160 HeapDestroy
0x412164 HeapCreate
0x412168 VirtualFree
0x41216c VirtualAlloc
USER32.dll
0x412174 wsprintfA
ADVAPI32.dll
0x412000 CreateServiceA
0x412004 LockServiceDatabase
0x412008 ChangeServiceConfig2A
0x41200c UnlockServiceDatabase
0x412010 OpenServiceA
0x412014 StartServiceA
0x412018 RegSetValueExA
0x41201c CloseServiceHandle
0x412020 StartServiceCtrlDispatcherA
0x412024 RegisterServiceCtrlHandlerA
0x412028 SetServiceStatus
0x41202c RegOpenKeyExA
0x412030 RegOpenKeyA
0x412034 RegQueryValueExA
0x412038 RegCloseKey
0x41203c OpenSCManagerA
WS2_32.dll
0x412190 select
0x412194 recv
0x412198 send
0x41219c WSAIoctl
0x4121a0 WSAStartup
0x4121a4 WSASocketA
0x4121a8 __WSAFDIsSet
0x4121ac setsockopt
0x4121b0 htonl
0x4121b4 sendto
0x4121b8 WSACleanup
0x4121bc socket
0x4121c0 htons
0x4121c4 connect
0x4121c8 closesocket
0x4121cc inet_addr
0x4121d0 gethostbyname
0x4121d4 WSAGetLastError
WININET.dll
0x41217c InternetCloseHandle
0x412180 InternetOpenA
0x412184 InternetOpenUrlA
0x412188 InternetReadFile
iphlpapi.dll
0x4121dc GetIfTable
EAT(Export Address Table) is none
KERNEL32.dll
0x412044 GetSystemInfo
0x412048 WaitForSingleObject
0x41204c lstrlenA
0x412050 GetLastError
0x412054 GetComputerNameA
0x412058 GlobalMemoryStatus
0x41205c GetModuleHandleA
0x412060 CompareStringW
0x412064 CompareStringA
0x412068 GetSystemDefaultUILanguage
0x41206c WinExec
0x412070 CreateThread
0x412074 CloseHandle
0x412078 GetModuleFileNameA
0x41207c GetTempPathA
0x412080 MoveFileA
0x412084 MoveFileExA
0x412088 GetCurrentProcessId
0x41208c lstrcpyA
0x412090 GetCurrentProcess
0x412094 ExitThread
0x412098 Sleep
0x41209c GetTickCount
0x4120a0 LoadLibraryA
0x4120a4 CopyFileA
0x4120a8 GetProcAddress
0x4120ac LCMapStringW
0x4120b0 LCMapStringA
0x4120b4 GetStringTypeW
0x4120b8 GetStringTypeA
0x4120bc MultiByteToWideChar
0x4120c0 SetConsoleCtrlHandler
0x4120c4 SetStdHandle
0x4120c8 GetOEMCP
0x4120cc GetACP
0x4120d0 GetCPInfo
0x4120d4 CreateProcessA
0x4120d8 GetExitCodeProcess
0x4120dc IsBadCodePtr
0x4120e0 IsBadReadPtr
0x4120e4 SetUnhandledExceptionFilter
0x4120e8 FlushFileBuffers
0x4120ec SetEnvironmentVariableA
0x4120f0 SetFilePointer
0x4120f4 WriteFile
0x4120f8 GetEnvironmentStringsW
0x4120fc GetEnvironmentStrings
0x412100 WideCharToMultiByte
0x412104 FreeEnvironmentStringsW
0x412108 FreeEnvironmentStringsA
0x41210c UnhandledExceptionFilter
0x412110 IsBadWritePtr
0x412114 RtlUnwind
0x412118 GetTimeZoneInformation
0x41211c GetSystemTime
0x412120 GetLocalTime
0x412124 ExitProcess
0x412128 TerminateProcess
0x41212c HeapFree
0x412130 HeapAlloc
0x412134 GetStartupInfoA
0x412138 GetCommandLineA
0x41213c GetVersion
0x412140 SetHandleCount
0x412144 GetStdHandle
0x412148 GetFileType
0x41214c HeapReAlloc
0x412150 HeapSize
0x412154 GetFileAttributesA
0x412158 GetEnvironmentVariableA
0x41215c GetVersionExA
0x412160 HeapDestroy
0x412164 HeapCreate
0x412168 VirtualFree
0x41216c VirtualAlloc
USER32.dll
0x412174 wsprintfA
ADVAPI32.dll
0x412000 CreateServiceA
0x412004 LockServiceDatabase
0x412008 ChangeServiceConfig2A
0x41200c UnlockServiceDatabase
0x412010 OpenServiceA
0x412014 StartServiceA
0x412018 RegSetValueExA
0x41201c CloseServiceHandle
0x412020 StartServiceCtrlDispatcherA
0x412024 RegisterServiceCtrlHandlerA
0x412028 SetServiceStatus
0x41202c RegOpenKeyExA
0x412030 RegOpenKeyA
0x412034 RegQueryValueExA
0x412038 RegCloseKey
0x41203c OpenSCManagerA
WS2_32.dll
0x412190 select
0x412194 recv
0x412198 send
0x41219c WSAIoctl
0x4121a0 WSAStartup
0x4121a4 WSASocketA
0x4121a8 __WSAFDIsSet
0x4121ac setsockopt
0x4121b0 htonl
0x4121b4 sendto
0x4121b8 WSACleanup
0x4121bc socket
0x4121c0 htons
0x4121c4 connect
0x4121c8 closesocket
0x4121cc inet_addr
0x4121d0 gethostbyname
0x4121d4 WSAGetLastError
WININET.dll
0x41217c InternetCloseHandle
0x412180 InternetOpenA
0x412184 InternetOpenUrlA
0x412188 InternetReadFile
iphlpapi.dll
0x4121dc GetIfTable
EAT(Export Address Table) is none