ScreenShot
Created | 2024.07.26 10:55 | Machine | s1_win7_x6401 |
Filename | svhosts.exe | ||
Type | PE32 executable (console) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | 39 detected (AIDetectMalware, Stelpak, malicious, high confidence, score, Unsafe, Save, Midie, Attribute, HighConfidence, Kryptik, HXDB, Artemis, FileRepMalware, Lazy, RedLine, e0zH2KOXcPE, moderate, Krypt, Detected, ai score=82, Wacatac, ZexaF, RuW@a4LKO0k, Rgil, susgen, confidence, 100%, HD#J) | ||
md5 | fcd623c9b95c16f581efb05c9a87affb | ||
sha256 | 3eb7b830379458b4788162b6444f8b8c5b37a3190d86d8e00a6e762093e1f2b9 | ||
ssdeep | 12288:wV2oMpiojk1ruHufjr5tIaZ7+Prk8HbEFQRsfNjaxxmmU1E4NyKVQ:wpsioQ1murr5WaZ7SQ8HbTspoxS1NcKG | ||
imphash | 6addd02d82538c2ca23958c8c292883b | ||
impfuzzy | 24:WjliEkBKAWLkbJcpVJ+jQDTt8GbJBl39r9OovbOIHFZMv5GMACEZHu95:1v/W+cpVJIIt8G7pZo3gFZG7 |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | One or more processes crashed |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x426000 WaitForSingleObject
0x426004 CreateThread
0x426008 VirtualAllocEx
0x42600c FreeConsole
0x426010 RaiseException
0x426014 InitOnceBeginInitialize
0x426018 InitOnceComplete
0x42601c CloseHandle
0x426020 GetCurrentThreadId
0x426024 ReleaseSRWLockExclusive
0x426028 AcquireSRWLockExclusive
0x42602c TryAcquireSRWLockExclusive
0x426030 WakeAllConditionVariable
0x426034 SleepConditionVariableSRW
0x426038 GetLastError
0x42603c FreeLibraryWhenCallbackReturns
0x426040 CreateThreadpoolWork
0x426044 SubmitThreadpoolWork
0x426048 CloseThreadpoolWork
0x42604c GetModuleHandleExW
0x426050 IsProcessorFeaturePresent
0x426054 EnterCriticalSection
0x426058 LeaveCriticalSection
0x42605c InitializeCriticalSectionEx
0x426060 DeleteCriticalSection
0x426064 QueryPerformanceCounter
0x426068 EncodePointer
0x42606c DecodePointer
0x426070 MultiByteToWideChar
0x426074 WideCharToMultiByte
0x426078 LCMapStringEx
0x42607c GetSystemTimeAsFileTime
0x426080 GetModuleHandleW
0x426084 GetProcAddress
0x426088 GetStringTypeW
0x42608c GetCPInfo
0x426090 IsDebuggerPresent
0x426094 UnhandledExceptionFilter
0x426098 SetUnhandledExceptionFilter
0x42609c GetStartupInfoW
0x4260a0 GetCurrentProcess
0x4260a4 TerminateProcess
0x4260a8 GetCurrentProcessId
0x4260ac InitializeSListHead
0x4260b0 CreateFileW
0x4260b4 RtlUnwind
0x4260b8 SetLastError
0x4260bc InitializeCriticalSectionAndSpinCount
0x4260c0 TlsAlloc
0x4260c4 TlsGetValue
0x4260c8 TlsSetValue
0x4260cc TlsFree
0x4260d0 FreeLibrary
0x4260d4 LoadLibraryExW
0x4260d8 ExitProcess
0x4260dc GetModuleFileNameW
0x4260e0 GetStdHandle
0x4260e4 WriteFile
0x4260e8 GetCommandLineA
0x4260ec GetCommandLineW
0x4260f0 HeapFree
0x4260f4 HeapAlloc
0x4260f8 CompareStringW
0x4260fc LCMapStringW
0x426100 GetLocaleInfoW
0x426104 IsValidLocale
0x426108 GetUserDefaultLCID
0x42610c EnumSystemLocalesW
0x426110 GetFileType
0x426114 GetFileSizeEx
0x426118 SetFilePointerEx
0x42611c FlushFileBuffers
0x426120 GetConsoleOutputCP
0x426124 GetConsoleMode
0x426128 ReadFile
0x42612c ReadConsoleW
0x426130 HeapReAlloc
0x426134 FindClose
0x426138 FindFirstFileExW
0x42613c FindNextFileW
0x426140 IsValidCodePage
0x426144 GetACP
0x426148 GetOEMCP
0x42614c GetEnvironmentStringsW
0x426150 FreeEnvironmentStringsW
0x426154 SetEnvironmentVariableW
0x426158 GetProcessHeap
0x42615c SetStdHandle
0x426160 HeapSize
0x426164 WriteConsoleW
EAT(Export Address Table) Library
0x42570f QuitMessageStr
0x42570f _QuitMessageStr
0x42570f _QuitMessageStr2
0x42570f _QuitMessageStr3
0x42570f _QuitMessageStr4
KERNEL32.dll
0x426000 WaitForSingleObject
0x426004 CreateThread
0x426008 VirtualAllocEx
0x42600c FreeConsole
0x426010 RaiseException
0x426014 InitOnceBeginInitialize
0x426018 InitOnceComplete
0x42601c CloseHandle
0x426020 GetCurrentThreadId
0x426024 ReleaseSRWLockExclusive
0x426028 AcquireSRWLockExclusive
0x42602c TryAcquireSRWLockExclusive
0x426030 WakeAllConditionVariable
0x426034 SleepConditionVariableSRW
0x426038 GetLastError
0x42603c FreeLibraryWhenCallbackReturns
0x426040 CreateThreadpoolWork
0x426044 SubmitThreadpoolWork
0x426048 CloseThreadpoolWork
0x42604c GetModuleHandleExW
0x426050 IsProcessorFeaturePresent
0x426054 EnterCriticalSection
0x426058 LeaveCriticalSection
0x42605c InitializeCriticalSectionEx
0x426060 DeleteCriticalSection
0x426064 QueryPerformanceCounter
0x426068 EncodePointer
0x42606c DecodePointer
0x426070 MultiByteToWideChar
0x426074 WideCharToMultiByte
0x426078 LCMapStringEx
0x42607c GetSystemTimeAsFileTime
0x426080 GetModuleHandleW
0x426084 GetProcAddress
0x426088 GetStringTypeW
0x42608c GetCPInfo
0x426090 IsDebuggerPresent
0x426094 UnhandledExceptionFilter
0x426098 SetUnhandledExceptionFilter
0x42609c GetStartupInfoW
0x4260a0 GetCurrentProcess
0x4260a4 TerminateProcess
0x4260a8 GetCurrentProcessId
0x4260ac InitializeSListHead
0x4260b0 CreateFileW
0x4260b4 RtlUnwind
0x4260b8 SetLastError
0x4260bc InitializeCriticalSectionAndSpinCount
0x4260c0 TlsAlloc
0x4260c4 TlsGetValue
0x4260c8 TlsSetValue
0x4260cc TlsFree
0x4260d0 FreeLibrary
0x4260d4 LoadLibraryExW
0x4260d8 ExitProcess
0x4260dc GetModuleFileNameW
0x4260e0 GetStdHandle
0x4260e4 WriteFile
0x4260e8 GetCommandLineA
0x4260ec GetCommandLineW
0x4260f0 HeapFree
0x4260f4 HeapAlloc
0x4260f8 CompareStringW
0x4260fc LCMapStringW
0x426100 GetLocaleInfoW
0x426104 IsValidLocale
0x426108 GetUserDefaultLCID
0x42610c EnumSystemLocalesW
0x426110 GetFileType
0x426114 GetFileSizeEx
0x426118 SetFilePointerEx
0x42611c FlushFileBuffers
0x426120 GetConsoleOutputCP
0x426124 GetConsoleMode
0x426128 ReadFile
0x42612c ReadConsoleW
0x426130 HeapReAlloc
0x426134 FindClose
0x426138 FindFirstFileExW
0x42613c FindNextFileW
0x426140 IsValidCodePage
0x426144 GetACP
0x426148 GetOEMCP
0x42614c GetEnvironmentStringsW
0x426150 FreeEnvironmentStringsW
0x426154 SetEnvironmentVariableW
0x426158 GetProcessHeap
0x42615c SetStdHandle
0x426160 HeapSize
0x426164 WriteConsoleW
EAT(Export Address Table) Library
0x42570f QuitMessageStr
0x42570f _QuitMessageStr
0x42570f _QuitMessageStr2
0x42570f _QuitMessageStr3
0x42570f _QuitMessageStr4