ScreenShot
| Created | 2023.06.21 05:36 | Machine | s1_win7_x6401 |
| Filename | svchost.exe | ||
| Type | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 38 detected (Coins, tseu, Artemis, LaplasClipper, Save, ClipBanker, malicious, confidence, GoAgent, Eldorado, Attribute, HighConfidence, high confidence, a variant of WinGo, score, BankerX, fekot, GenericKD, Static AI, Suspicious PE, Genkd, Wacatac, SM3NOU, Detected, R556996, unsafe, Chgt, R002H0DFJ23, CLASSIC, Outbreak, susgen) | ||
| md5 | d076c4b5f5c42b44d583c534f78adbe7 | ||
| sha256 | 2c63c61e0adaaf669c9c674edfc9081d415c05b834611944a682f120ab9559d8 | ||
| ssdeep | 49152:hGXwGFfpgG2Gv0l1YzzsYvbQaWfG85EIUFiqeb0/B1:MFaTGsgB4ENiqe | ||
| imphash | 9cbefe68f395e67356e2a5d8d1b285c0 | ||
| impfuzzy | 24:UbVjhNwO+VuT2oLtXOr6kwmDruMztxdEr6tP:KwO+VAXOmGx0oP | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 38 AntiVirus engines on VirusTotal as malicious |
| watch | Detects the presence of Wine emulator |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
kernel32.dll
0x7c1120 WriteFile
0x7c1128 WriteConsoleW
0x7c1130 WaitForMultipleObjects
0x7c1138 WaitForSingleObject
0x7c1140 VirtualQuery
0x7c1148 VirtualFree
0x7c1150 VirtualAlloc
0x7c1158 SwitchToThread
0x7c1160 SuspendThread
0x7c1168 SetWaitableTimer
0x7c1170 SetUnhandledExceptionFilter
0x7c1178 SetProcessPriorityBoost
0x7c1180 SetEvent
0x7c1188 SetErrorMode
0x7c1190 SetConsoleCtrlHandler
0x7c1198 ResumeThread
0x7c11a0 PostQueuedCompletionStatus
0x7c11a8 LoadLibraryA
0x7c11b0 LoadLibraryW
0x7c11b8 SetThreadContext
0x7c11c0 GetThreadContext
0x7c11c8 GetSystemInfo
0x7c11d0 GetSystemDirectoryA
0x7c11d8 GetStdHandle
0x7c11e0 GetQueuedCompletionStatusEx
0x7c11e8 GetProcessAffinityMask
0x7c11f0 GetProcAddress
0x7c11f8 GetEnvironmentStringsW
0x7c1200 GetConsoleMode
0x7c1208 FreeEnvironmentStringsW
0x7c1210 ExitProcess
0x7c1218 DuplicateHandle
0x7c1220 CreateWaitableTimerExW
0x7c1228 CreateThread
0x7c1230 CreateIoCompletionPort
0x7c1238 CreateFileA
0x7c1240 CreateEventA
0x7c1248 CloseHandle
0x7c1250 AddVectoredExceptionHandler
EAT(Export Address Table) is none
kernel32.dll
0x7c1120 WriteFile
0x7c1128 WriteConsoleW
0x7c1130 WaitForMultipleObjects
0x7c1138 WaitForSingleObject
0x7c1140 VirtualQuery
0x7c1148 VirtualFree
0x7c1150 VirtualAlloc
0x7c1158 SwitchToThread
0x7c1160 SuspendThread
0x7c1168 SetWaitableTimer
0x7c1170 SetUnhandledExceptionFilter
0x7c1178 SetProcessPriorityBoost
0x7c1180 SetEvent
0x7c1188 SetErrorMode
0x7c1190 SetConsoleCtrlHandler
0x7c1198 ResumeThread
0x7c11a0 PostQueuedCompletionStatus
0x7c11a8 LoadLibraryA
0x7c11b0 LoadLibraryW
0x7c11b8 SetThreadContext
0x7c11c0 GetThreadContext
0x7c11c8 GetSystemInfo
0x7c11d0 GetSystemDirectoryA
0x7c11d8 GetStdHandle
0x7c11e0 GetQueuedCompletionStatusEx
0x7c11e8 GetProcessAffinityMask
0x7c11f0 GetProcAddress
0x7c11f8 GetEnvironmentStringsW
0x7c1200 GetConsoleMode
0x7c1208 FreeEnvironmentStringsW
0x7c1210 ExitProcess
0x7c1218 DuplicateHandle
0x7c1220 CreateWaitableTimerExW
0x7c1228 CreateThread
0x7c1230 CreateIoCompletionPort
0x7c1238 CreateFileA
0x7c1240 CreateEventA
0x7c1248 CloseHandle
0x7c1250 AddVectoredExceptionHandler
EAT(Export Address Table) is none