ScreenShot
| Created | 2023.03.23 13:14 | Machine | s1_win7_x6403 |
| Filename | svchost.exe | ||
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 51 detected (Babar, Jaik, Coins, Vn3m, TrojanPSW, malicious, confidence, 100%, Genus, ABRisk, BJZZ, Attribute, HighConfidence, high confidence, a variant of WinGo, score, Aurora, afag, judqhg, QQPass, QQRob, Iajl, AURORASTEALER, YXDCGZ, Artemis, Redcap, owzmd, ai score=86, GoAgent, Malware@#1al9xg0hdtt50, Malgent, Detected, R557261, BScope, Nacra, CLOUD, TitanStealer, Genetic) | ||
| md5 | a8a106555b9e1f92569d623c66ee8c12 | ||
| sha256 | 84aac7290471d6aa883962c2e739b44adcea7f533cc0317e8d0d6f847def1f7a | ||
| ssdeep | 49152:3WjN903V68U3f1uXAlL/EUSiITRf+EGg7dyvUCUDaB5+Tc6k1HFm:3IrIVbUYiLs4vUCU5T0w | ||
| imphash | 9cbefe68f395e67356e2a5d8d1b285c0 | ||
| impfuzzy | 24:UbVjhNwO+VuT2oLtXOr6kwmDruMztxdEr6tP:KwO+VAXOmGx0oP | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 51 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| watch | Detects the presence of Wine emulator |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
kernel32.dll
0x6bc220 WriteFile
0x6bc224 WriteConsoleW
0x6bc228 WaitForMultipleObjects
0x6bc22c WaitForSingleObject
0x6bc230 VirtualQuery
0x6bc234 VirtualFree
0x6bc238 VirtualAlloc
0x6bc23c SwitchToThread
0x6bc240 SuspendThread
0x6bc244 SetWaitableTimer
0x6bc248 SetUnhandledExceptionFilter
0x6bc24c SetProcessPriorityBoost
0x6bc250 SetEvent
0x6bc254 SetErrorMode
0x6bc258 SetConsoleCtrlHandler
0x6bc25c ResumeThread
0x6bc260 PostQueuedCompletionStatus
0x6bc264 LoadLibraryA
0x6bc268 LoadLibraryW
0x6bc26c SetThreadContext
0x6bc270 GetThreadContext
0x6bc274 GetSystemInfo
0x6bc278 GetSystemDirectoryA
0x6bc27c GetStdHandle
0x6bc280 GetQueuedCompletionStatusEx
0x6bc284 GetProcessAffinityMask
0x6bc288 GetProcAddress
0x6bc28c GetEnvironmentStringsW
0x6bc290 GetConsoleMode
0x6bc294 FreeEnvironmentStringsW
0x6bc298 ExitProcess
0x6bc29c DuplicateHandle
0x6bc2a0 CreateWaitableTimerExW
0x6bc2a4 CreateThread
0x6bc2a8 CreateIoCompletionPort
0x6bc2ac CreateFileA
0x6bc2b0 CreateEventA
0x6bc2b4 CloseHandle
0x6bc2b8 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x6bc220 WriteFile
0x6bc224 WriteConsoleW
0x6bc228 WaitForMultipleObjects
0x6bc22c WaitForSingleObject
0x6bc230 VirtualQuery
0x6bc234 VirtualFree
0x6bc238 VirtualAlloc
0x6bc23c SwitchToThread
0x6bc240 SuspendThread
0x6bc244 SetWaitableTimer
0x6bc248 SetUnhandledExceptionFilter
0x6bc24c SetProcessPriorityBoost
0x6bc250 SetEvent
0x6bc254 SetErrorMode
0x6bc258 SetConsoleCtrlHandler
0x6bc25c ResumeThread
0x6bc260 PostQueuedCompletionStatus
0x6bc264 LoadLibraryA
0x6bc268 LoadLibraryW
0x6bc26c SetThreadContext
0x6bc270 GetThreadContext
0x6bc274 GetSystemInfo
0x6bc278 GetSystemDirectoryA
0x6bc27c GetStdHandle
0x6bc280 GetQueuedCompletionStatusEx
0x6bc284 GetProcessAffinityMask
0x6bc288 GetProcAddress
0x6bc28c GetEnvironmentStringsW
0x6bc290 GetConsoleMode
0x6bc294 FreeEnvironmentStringsW
0x6bc298 ExitProcess
0x6bc29c DuplicateHandle
0x6bc2a0 CreateWaitableTimerExW
0x6bc2a4 CreateThread
0x6bc2a8 CreateIoCompletionPort
0x6bc2ac CreateFileA
0x6bc2b0 CreateEventA
0x6bc2b4 CloseHandle
0x6bc2b8 AddVectoredExceptionHandler
EAT(Export Address Table) is none