ScreenShot
| Created | 2024.06.19 18:32 | Machine | s1_win7_x6401 |
| Filename | svrhost.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 13 detected (Unsafe, Save, GenKryptik, GETL, Kryptik, rQA1B2MPqWU, AsynRatSH, xdwes, MALICIOUS) | ||
| md5 | f5ccac795e79c40d64e7e5a73c741785 | ||
| sha256 | 1b427974d38f8f1e5ae399050bd3fc23bc7fa6561e4dfacf73dc1eb52b5ef7f5 | ||
| ssdeep | 6144:mc4qS758j2We/mvvp8oQNbmZf1fw7srC7CCo3PISSP13Y/M3TmOcr9TfLn5AS2d3:f4qS7S5pvpQmZdMZply6TsYS2dhd | ||
| imphash | 84e248f16b1760d2bc9563cc8f15f24b | ||
| impfuzzy | 24:8fjcDq+kLEfBlMblRf5XG6qKZCU6dkTomvlxXUqC9yvZEwL:8fn+k4zslJJG6qACU6dkT1vcqCymA | ||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 13 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x14004a270 DeleteCriticalSection
0x14004a278 EnterCriticalSection
0x14004a280 GetLastError
0x14004a288 GetProcAddress
0x14004a290 GetStartupInfoA
0x14004a298 InitializeCriticalSection
0x14004a2a0 IsDBCSLeadByteEx
0x14004a2a8 LeaveCriticalSection
0x14004a2b0 LoadLibraryA
0x14004a2b8 MultiByteToWideChar
0x14004a2c0 SetUnhandledExceptionFilter
0x14004a2c8 Sleep
0x14004a2d0 TlsGetValue
0x14004a2d8 VirtualAlloc
0x14004a2e0 VirtualFree
0x14004a2e8 VirtualProtect
0x14004a2f0 VirtualQuery
0x14004a2f8 WideCharToMultiByte
msvcrt.dll
0x14004a308 __C_specific_handler
0x14004a310 ___lc_codepage_func
0x14004a318 ___mb_cur_max_func
0x14004a320 __getmainargs
0x14004a328 __initenv
0x14004a330 __iob_func
0x14004a338 __set_app_type
0x14004a340 __setusermatherr
0x14004a348 _acmdln
0x14004a350 _amsg_exit
0x14004a358 _cexit
0x14004a360 _commode
0x14004a368 _errno
0x14004a370 _fileno
0x14004a378 _fmode
0x14004a380 _get_osfhandle
0x14004a388 _initterm
0x14004a390 _lock
0x14004a398 _onexit
0x14004a3a0 _setjmp
0x14004a3a8 _setmode
0x14004a3b0 _unlock
0x14004a3b8 _wfopen
0x14004a3c0 abort
0x14004a3c8 calloc
0x14004a3d0 exit
0x14004a3d8 fflush
0x14004a3e0 fprintf
0x14004a3e8 fputc
0x14004a3f0 free
0x14004a3f8 fwrite
0x14004a400 localeconv
0x14004a408 longjmp
0x14004a410 malloc
0x14004a418 memchr
0x14004a420 memcpy
0x14004a428 memmove
0x14004a430 memset
0x14004a438 setvbuf
0x14004a440 signal
0x14004a448 strerror
0x14004a450 strlen
0x14004a458 strncmp
0x14004a460 strstr
0x14004a468 vfprintf
0x14004a470 wcslen
USER32.dll
0x14004a480 MessageBoxA
EAT(Export Address Table) is none
KERNEL32.dll
0x14004a270 DeleteCriticalSection
0x14004a278 EnterCriticalSection
0x14004a280 GetLastError
0x14004a288 GetProcAddress
0x14004a290 GetStartupInfoA
0x14004a298 InitializeCriticalSection
0x14004a2a0 IsDBCSLeadByteEx
0x14004a2a8 LeaveCriticalSection
0x14004a2b0 LoadLibraryA
0x14004a2b8 MultiByteToWideChar
0x14004a2c0 SetUnhandledExceptionFilter
0x14004a2c8 Sleep
0x14004a2d0 TlsGetValue
0x14004a2d8 VirtualAlloc
0x14004a2e0 VirtualFree
0x14004a2e8 VirtualProtect
0x14004a2f0 VirtualQuery
0x14004a2f8 WideCharToMultiByte
msvcrt.dll
0x14004a308 __C_specific_handler
0x14004a310 ___lc_codepage_func
0x14004a318 ___mb_cur_max_func
0x14004a320 __getmainargs
0x14004a328 __initenv
0x14004a330 __iob_func
0x14004a338 __set_app_type
0x14004a340 __setusermatherr
0x14004a348 _acmdln
0x14004a350 _amsg_exit
0x14004a358 _cexit
0x14004a360 _commode
0x14004a368 _errno
0x14004a370 _fileno
0x14004a378 _fmode
0x14004a380 _get_osfhandle
0x14004a388 _initterm
0x14004a390 _lock
0x14004a398 _onexit
0x14004a3a0 _setjmp
0x14004a3a8 _setmode
0x14004a3b0 _unlock
0x14004a3b8 _wfopen
0x14004a3c0 abort
0x14004a3c8 calloc
0x14004a3d0 exit
0x14004a3d8 fflush
0x14004a3e0 fprintf
0x14004a3e8 fputc
0x14004a3f0 free
0x14004a3f8 fwrite
0x14004a400 localeconv
0x14004a408 longjmp
0x14004a410 malloc
0x14004a418 memchr
0x14004a420 memcpy
0x14004a428 memmove
0x14004a430 memset
0x14004a438 setvbuf
0x14004a440 signal
0x14004a448 strerror
0x14004a450 strlen
0x14004a458 strncmp
0x14004a460 strstr
0x14004a468 vfprintf
0x14004a470 wcslen
USER32.dll
0x14004a480 MessageBoxA
EAT(Export Address Table) is none