ScreenShot
| Created | 2024.06.09 09:36 | Machine | s1_win7_x6401 |
| Filename | svchost.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 60 detected (AIDetectMalware, Malicious, score, Stop, VirRansom, Zusy, Unsafe, Save, Attribute, HighConfidence, high confidence, Kryptik, HWJL, Artemis, DropperX, Ransomware, Lockbit, None, Zenpak, iexzs, R002C0DEV24, Real Protect, high, Krypt, Outbreak, Detected, ai score=89, hwle, Glupteba, AMMA, Eldorado, AGEN, R635993, ZexaF, Bq0@aW5OXXpi, GdSda, Obfuscated, Static AI, Malicious PE, susgen, Conwise, AZOO3DGW) | ||
| md5 | 2de9a9ecf306c424eab7ace09227090f | ||
| sha256 | fc35c926288af736d9772f5a014d3cb703899feb7b5f7613d671381c1dfe9c50 | ||
| ssdeep | 12288:XykI2bQ1Q3sBcCdKiHDu8S1cXasqR6G503X3C/6ai:XK2bQK8BcaTju8S1casKt5WX3Q6 | ||
| imphash | 8216626f230fae173fa22074eefacb8e | ||
| impfuzzy | 24:ZLkrks2Gj9+V+krZa48JOq0LOJEruiOOtJDkMcYHRnlyv95hJRT4nVqbvjMeghhd:Z8zpQZVtVriOtiMcsK977cnMuvR6S | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 60 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x469008 LocalUnlock
0x46900c PulseEvent
0x469010 GetConsoleAliasesLengthW
0x469014 GetProcessIoCounters
0x469018 WriteConsoleOutputCharacterA
0x46901c SystemTimeToTzSpecificLocalTime
0x469020 SystemTimeToFileTime
0x469024 InterlockedDecrement
0x469028 CreateDirectoryW
0x46902c CreateNamedPipeW
0x469030 GetLocaleInfoW
0x469034 FatalAppExitW
0x469038 SetConsoleCP
0x46903c HeapCreate
0x469040 ReplaceFileA
0x469044 GetConsoleAliasesW
0x469048 GetStdHandle
0x46904c GetCurrentDirectoryW
0x469050 GetComputerNameA
0x469054 CreateTimerQueueTimer
0x469058 SetStdHandle
0x46905c PrepareTape
0x469060 LoadLibraryA
0x469064 LocalAlloc
0x469068 AddAtomA
0x46906c DebugSetProcessKillOnExit
0x469070 lstrcatW
0x469074 VirtualProtect
0x469078 EnumDateFormatsW
0x46907c GetFileTime
0x469080 SetFileAttributesW
0x469084 GetVolumeInformationW
0x469088 CreateFileW
0x46908c WriteConsoleW
0x469090 SetLastError
0x469094 GetSystemDefaultLangID
0x469098 CloseHandle
0x46909c SetFilePointer
0x4690a0 HeapAlloc
0x4690a4 EncodePointer
0x4690a8 DecodePointer
0x4690ac GetCommandLineW
0x4690b0 HeapSetInformation
0x4690b4 GetStartupInfoW
0x4690b8 TerminateProcess
0x4690bc GetCurrentProcess
0x4690c0 UnhandledExceptionFilter
0x4690c4 SetUnhandledExceptionFilter
0x4690c8 IsDebuggerPresent
0x4690cc IsProcessorFeaturePresent
0x4690d0 GetProcAddress
0x4690d4 GetModuleHandleW
0x4690d8 ExitProcess
0x4690dc WriteFile
0x4690e0 GetModuleFileNameW
0x4690e4 Sleep
0x4690e8 HeapSize
0x4690ec EnterCriticalSection
0x4690f0 LeaveCriticalSection
0x4690f4 FreeEnvironmentStringsW
0x4690f8 GetEnvironmentStringsW
0x4690fc SetHandleCount
0x469100 InitializeCriticalSectionAndSpinCount
0x469104 GetFileType
0x469108 DeleteCriticalSection
0x46910c TlsAlloc
0x469110 TlsGetValue
0x469114 TlsSetValue
0x469118 TlsFree
0x46911c InterlockedIncrement
0x469120 GetCurrentThreadId
0x469124 GetLastError
0x469128 QueryPerformanceCounter
0x46912c GetTickCount
0x469130 GetCurrentProcessId
0x469134 GetSystemTimeAsFileTime
0x469138 RaiseException
0x46913c LoadLibraryW
0x469140 HeapReAlloc
0x469144 RtlUnwind
0x469148 HeapFree
0x46914c GetCPInfo
0x469150 GetACP
0x469154 GetOEMCP
0x469158 IsValidCodePage
0x46915c WideCharToMultiByte
0x469160 GetConsoleCP
0x469164 GetConsoleMode
0x469168 FlushFileBuffers
0x46916c LCMapStringW
0x469170 MultiByteToWideChar
0x469174 GetStringTypeW
USER32.dll
0x46917c SetActiveWindow
0x469180 SetKeyboardState
0x469184 DestroyIcon
0x469188 GetClassLongA
ADVAPI32.dll
0x469000 GetAce
ole32.dll
0x469190 CoTaskMemFree
EAT(Export Address Table) is none
KERNEL32.dll
0x469008 LocalUnlock
0x46900c PulseEvent
0x469010 GetConsoleAliasesLengthW
0x469014 GetProcessIoCounters
0x469018 WriteConsoleOutputCharacterA
0x46901c SystemTimeToTzSpecificLocalTime
0x469020 SystemTimeToFileTime
0x469024 InterlockedDecrement
0x469028 CreateDirectoryW
0x46902c CreateNamedPipeW
0x469030 GetLocaleInfoW
0x469034 FatalAppExitW
0x469038 SetConsoleCP
0x46903c HeapCreate
0x469040 ReplaceFileA
0x469044 GetConsoleAliasesW
0x469048 GetStdHandle
0x46904c GetCurrentDirectoryW
0x469050 GetComputerNameA
0x469054 CreateTimerQueueTimer
0x469058 SetStdHandle
0x46905c PrepareTape
0x469060 LoadLibraryA
0x469064 LocalAlloc
0x469068 AddAtomA
0x46906c DebugSetProcessKillOnExit
0x469070 lstrcatW
0x469074 VirtualProtect
0x469078 EnumDateFormatsW
0x46907c GetFileTime
0x469080 SetFileAttributesW
0x469084 GetVolumeInformationW
0x469088 CreateFileW
0x46908c WriteConsoleW
0x469090 SetLastError
0x469094 GetSystemDefaultLangID
0x469098 CloseHandle
0x46909c SetFilePointer
0x4690a0 HeapAlloc
0x4690a4 EncodePointer
0x4690a8 DecodePointer
0x4690ac GetCommandLineW
0x4690b0 HeapSetInformation
0x4690b4 GetStartupInfoW
0x4690b8 TerminateProcess
0x4690bc GetCurrentProcess
0x4690c0 UnhandledExceptionFilter
0x4690c4 SetUnhandledExceptionFilter
0x4690c8 IsDebuggerPresent
0x4690cc IsProcessorFeaturePresent
0x4690d0 GetProcAddress
0x4690d4 GetModuleHandleW
0x4690d8 ExitProcess
0x4690dc WriteFile
0x4690e0 GetModuleFileNameW
0x4690e4 Sleep
0x4690e8 HeapSize
0x4690ec EnterCriticalSection
0x4690f0 LeaveCriticalSection
0x4690f4 FreeEnvironmentStringsW
0x4690f8 GetEnvironmentStringsW
0x4690fc SetHandleCount
0x469100 InitializeCriticalSectionAndSpinCount
0x469104 GetFileType
0x469108 DeleteCriticalSection
0x46910c TlsAlloc
0x469110 TlsGetValue
0x469114 TlsSetValue
0x469118 TlsFree
0x46911c InterlockedIncrement
0x469120 GetCurrentThreadId
0x469124 GetLastError
0x469128 QueryPerformanceCounter
0x46912c GetTickCount
0x469130 GetCurrentProcessId
0x469134 GetSystemTimeAsFileTime
0x469138 RaiseException
0x46913c LoadLibraryW
0x469140 HeapReAlloc
0x469144 RtlUnwind
0x469148 HeapFree
0x46914c GetCPInfo
0x469150 GetACP
0x469154 GetOEMCP
0x469158 IsValidCodePage
0x46915c WideCharToMultiByte
0x469160 GetConsoleCP
0x469164 GetConsoleMode
0x469168 FlushFileBuffers
0x46916c LCMapStringW
0x469170 MultiByteToWideChar
0x469174 GetStringTypeW
USER32.dll
0x46917c SetActiveWindow
0x469180 SetKeyboardState
0x469184 DestroyIcon
0x469188 GetClassLongA
ADVAPI32.dll
0x469000 GetAce
ole32.dll
0x469190 CoTaskMemFree
EAT(Export Address Table) is none