ScreenShot
| Created | 2023.12.14 18:56 | Machine | s1_win7_x6401 |
| Filename | svchost1.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 9 detected (AIDetectMalware, malicious, high confidence, FileRepMalware, Wacatac, SigCompromised, MEDIATEKINC, confidence, 100%) | ||
| md5 | 70087277fa67c53783f5cbe4022bd2d1 | ||
| sha256 | 24c323f9be2d7476c9233e35a10dcf35d58e25b956dfdfa15e492edbb02153b8 | ||
| ssdeep | 3072:+rEv9lomY7Z5dcKXefLNjLt2eo8j6ERhnGxMBoGlY5TQEIj4pkv7gEyR76t1t:lv8p5dDef9tlPjHRR8MDlwpkvl476t | ||
| imphash | 254bf9fcc84ded02825aa4beb3f4a02f | ||
| impfuzzy | 24:2qkMUXcpVWcZtlS17MdlJBl3eDoLoBgvuZEpOovbOPZ0P:mcpV5ZtlS17MDpXnuZP3+P | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| notice | File has been identified by 9 AntiVirus engines on VirusTotal as malicious |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x421000 VirtualFree
0x421004 VirtualAlloc
0x421008 Sleep
0x42100c CreateThread
0x421010 CreateFileW
0x421014 CloseHandle
0x421018 GetConsoleMode
0x42101c GetConsoleOutputCP
0x421020 WideCharToMultiByte
0x421024 EnterCriticalSection
0x421028 LeaveCriticalSection
0x42102c InitializeCriticalSectionEx
0x421030 DeleteCriticalSection
0x421034 EncodePointer
0x421038 DecodePointer
0x42103c MultiByteToWideChar
0x421040 LCMapStringEx
0x421044 GetStringTypeW
0x421048 GetCPInfo
0x42104c IsProcessorFeaturePresent
0x421050 UnhandledExceptionFilter
0x421054 SetUnhandledExceptionFilter
0x421058 GetCurrentProcess
0x42105c TerminateProcess
0x421060 QueryPerformanceCounter
0x421064 GetCurrentProcessId
0x421068 GetCurrentThreadId
0x42106c GetSystemTimeAsFileTime
0x421070 InitializeSListHead
0x421074 IsDebuggerPresent
0x421078 GetStartupInfoW
0x42107c GetModuleHandleW
0x421080 RtlUnwind
0x421084 RaiseException
0x421088 GetLastError
0x42108c SetLastError
0x421090 InitializeCriticalSectionAndSpinCount
0x421094 TlsAlloc
0x421098 TlsGetValue
0x42109c TlsSetValue
0x4210a0 TlsFree
0x4210a4 FreeLibrary
0x4210a8 GetProcAddress
0x4210ac LoadLibraryExW
0x4210b0 GetStdHandle
0x4210b4 WriteFile
0x4210b8 GetModuleFileNameW
0x4210bc ExitProcess
0x4210c0 GetModuleHandleExW
0x4210c4 HeapAlloc
0x4210c8 HeapFree
0x4210cc GetFileType
0x4210d0 LCMapStringW
0x4210d4 GetLocaleInfoW
0x4210d8 IsValidLocale
0x4210dc GetUserDefaultLCID
0x4210e0 EnumSystemLocalesW
0x4210e4 HeapReAlloc
0x4210e8 FindClose
0x4210ec FindFirstFileExW
0x4210f0 FindNextFileW
0x4210f4 IsValidCodePage
0x4210f8 GetACP
0x4210fc GetOEMCP
0x421100 GetCommandLineA
0x421104 GetCommandLineW
0x421108 GetEnvironmentStringsW
0x42110c FreeEnvironmentStringsW
0x421110 SetStdHandle
0x421114 GetProcessHeap
0x421118 SetFilePointerEx
0x42111c HeapSize
0x421120 FlushFileBuffers
0x421124 WriteConsoleW
WININET.dll
0x42112c InternetOpenW
0x421130 InternetOpenUrlA
0x421134 InternetCloseHandle
0x421138 InternetReadFile
EAT(Export Address Table) is none
KERNEL32.dll
0x421000 VirtualFree
0x421004 VirtualAlloc
0x421008 Sleep
0x42100c CreateThread
0x421010 CreateFileW
0x421014 CloseHandle
0x421018 GetConsoleMode
0x42101c GetConsoleOutputCP
0x421020 WideCharToMultiByte
0x421024 EnterCriticalSection
0x421028 LeaveCriticalSection
0x42102c InitializeCriticalSectionEx
0x421030 DeleteCriticalSection
0x421034 EncodePointer
0x421038 DecodePointer
0x42103c MultiByteToWideChar
0x421040 LCMapStringEx
0x421044 GetStringTypeW
0x421048 GetCPInfo
0x42104c IsProcessorFeaturePresent
0x421050 UnhandledExceptionFilter
0x421054 SetUnhandledExceptionFilter
0x421058 GetCurrentProcess
0x42105c TerminateProcess
0x421060 QueryPerformanceCounter
0x421064 GetCurrentProcessId
0x421068 GetCurrentThreadId
0x42106c GetSystemTimeAsFileTime
0x421070 InitializeSListHead
0x421074 IsDebuggerPresent
0x421078 GetStartupInfoW
0x42107c GetModuleHandleW
0x421080 RtlUnwind
0x421084 RaiseException
0x421088 GetLastError
0x42108c SetLastError
0x421090 InitializeCriticalSectionAndSpinCount
0x421094 TlsAlloc
0x421098 TlsGetValue
0x42109c TlsSetValue
0x4210a0 TlsFree
0x4210a4 FreeLibrary
0x4210a8 GetProcAddress
0x4210ac LoadLibraryExW
0x4210b0 GetStdHandle
0x4210b4 WriteFile
0x4210b8 GetModuleFileNameW
0x4210bc ExitProcess
0x4210c0 GetModuleHandleExW
0x4210c4 HeapAlloc
0x4210c8 HeapFree
0x4210cc GetFileType
0x4210d0 LCMapStringW
0x4210d4 GetLocaleInfoW
0x4210d8 IsValidLocale
0x4210dc GetUserDefaultLCID
0x4210e0 EnumSystemLocalesW
0x4210e4 HeapReAlloc
0x4210e8 FindClose
0x4210ec FindFirstFileExW
0x4210f0 FindNextFileW
0x4210f4 IsValidCodePage
0x4210f8 GetACP
0x4210fc GetOEMCP
0x421100 GetCommandLineA
0x421104 GetCommandLineW
0x421108 GetEnvironmentStringsW
0x42110c FreeEnvironmentStringsW
0x421110 SetStdHandle
0x421114 GetProcessHeap
0x421118 SetFilePointerEx
0x42111c HeapSize
0x421120 FlushFileBuffers
0x421124 WriteConsoleW
WININET.dll
0x42112c InternetOpenW
0x421130 InternetOpenUrlA
0x421134 InternetCloseHandle
0x421138 InternetReadFile
EAT(Export Address Table) is none