ScreenShot
| Created | 2024.09.12 12:58 | Machine | s1_win7_x6403 |
| Filename | svc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (AIDetectMalware, malicious, high confidence, score, Unsafe, Save, Mikey, Hacktool, Attribute, HighConfidence, Kryptik, HXVR, PWSX, Mokes, Androm, UJFCaWcc5QR, Real Protect, high, ai score=83, Static AI, Malicious PE, Krypter, SmokeLoader, RZYXMR, R658943, HXVQ, confidence, 100%) | ||
| md5 | ae6112b72845c6a495561783ac5eeffd | ||
| sha256 | c514c22ccbdf3b66a902f2d02b4515920656ac636ce2a4fc683961c25702c59e | ||
| ssdeep | 3072:H/1jzPSnqwkPpggXpSKKpP0btl+CzgwA+uQTdzZ/p+sC7Bjtjf4f:f1jzaqwkPzKCBIV+uQTdJD6Bjq | ||
| imphash | 08c523df338764c8f5fe9f2030103e8d | ||
| impfuzzy | 24:4krk3KZTmFOovkcvjMSjkF1YBc4vKcDFous1VcV4WCVg/LbG2JEpdfmaLOOtomQJ:/JZzX6p01lN5pdfp6OtpHK9CecGrACn | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| watch | Looks for the Windows Idle Time to determine the uptime |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Admin_Tool_IN_Zero | Admin Tool Sysinternals | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a008 GetNumaNodeProcessorMask
0x41a00c GetConsoleAliasesLengthW
0x41a010 GetNumaProcessorNode
0x41a014 WriteConsoleOutputW
0x41a018 InterlockedDecrement
0x41a01c QueryDosDeviceA
0x41a020 GetUserDefaultLCID
0x41a024 CallNamedPipeW
0x41a028 FreeEnvironmentStringsA
0x41a02c GetModuleHandleW
0x41a030 GetCommandLineA
0x41a034 GetSystemTimes
0x41a038 GetPriorityClass
0x41a03c GetEnvironmentStrings
0x41a040 GlobalAlloc
0x41a044 LoadLibraryW
0x41a048 GetConsoleMode
0x41a04c CopyFileW
0x41a050 GetConsoleAliasExesLengthW
0x41a054 HeapDestroy
0x41a058 GetFileAttributesA
0x41a05c GlobalFlags
0x41a060 GetBinaryTypeA
0x41a064 SetConsoleTitleA
0x41a068 DisconnectNamedPipe
0x41a06c GetShortPathNameA
0x41a070 CreateDirectoryA
0x41a074 GetComputerNameA
0x41a078 GetStartupInfoA
0x41a07c FillConsoleOutputCharacterW
0x41a080 GetLastError
0x41a084 GetProcAddress
0x41a088 SetStdHandle
0x41a08c EnterCriticalSection
0x41a090 SearchPathA
0x41a094 OpenWaitableTimerA
0x41a098 LoadLibraryA
0x41a09c SetCalendarInfoW
0x41a0a0 WritePrivateProfileStringA
0x41a0a4 FindAtomA
0x41a0a8 FoldStringW
0x41a0ac GetModuleFileNameA
0x41a0b0 GetDefaultCommConfigA
0x41a0b4 ContinueDebugEvent
0x41a0b8 FreeEnvironmentStringsW
0x41a0bc BuildCommDCBA
0x41a0c0 GlobalReAlloc
0x41a0c4 SetFileAttributesW
0x41a0c8 CopyFileExA
0x41a0cc WriteConsoleW
0x41a0d0 CloseHandle
0x41a0d4 InterlockedExchange
0x41a0d8 DebugActiveProcess
0x41a0dc EncodePointer
0x41a0e0 DecodePointer
0x41a0e4 MultiByteToWideChar
0x41a0e8 ExitProcess
0x41a0ec GetCommandLineW
0x41a0f0 HeapSetInformation
0x41a0f4 GetStartupInfoW
0x41a0f8 TerminateProcess
0x41a0fc GetCurrentProcess
0x41a100 UnhandledExceptionFilter
0x41a104 SetUnhandledExceptionFilter
0x41a108 IsDebuggerPresent
0x41a10c HeapAlloc
0x41a110 ReadFile
0x41a114 LeaveCriticalSection
0x41a118 SetHandleCount
0x41a11c GetStdHandle
0x41a120 InitializeCriticalSectionAndSpinCount
0x41a124 GetFileType
0x41a128 DeleteCriticalSection
0x41a12c Sleep
0x41a130 HeapSize
0x41a134 GetCPInfo
0x41a138 InterlockedIncrement
0x41a13c GetACP
0x41a140 GetOEMCP
0x41a144 IsValidCodePage
0x41a148 TlsAlloc
0x41a14c TlsGetValue
0x41a150 TlsSetValue
0x41a154 TlsFree
0x41a158 SetLastError
0x41a15c GetCurrentThreadId
0x41a160 WriteFile
0x41a164 GetModuleFileNameW
0x41a168 GetEnvironmentStringsW
0x41a16c HeapCreate
0x41a170 QueryPerformanceCounter
0x41a174 GetTickCount
0x41a178 GetCurrentProcessId
0x41a17c GetSystemTimeAsFileTime
0x41a180 SetFilePointer
0x41a184 HeapFree
0x41a188 RtlUnwind
0x41a18c HeapReAlloc
0x41a190 WideCharToMultiByte
0x41a194 LCMapStringW
0x41a198 GetStringTypeW
0x41a19c IsProcessorFeaturePresent
0x41a1a0 GetConsoleCP
0x41a1a4 FlushFileBuffers
0x41a1a8 CreateFileW
USER32.dll
0x41a1b0 GetUserObjectInformationA
ADVAPI32.dll
0x41a000 RegCreateKeyA
EAT(Export Address Table) is none
KERNEL32.dll
0x41a008 GetNumaNodeProcessorMask
0x41a00c GetConsoleAliasesLengthW
0x41a010 GetNumaProcessorNode
0x41a014 WriteConsoleOutputW
0x41a018 InterlockedDecrement
0x41a01c QueryDosDeviceA
0x41a020 GetUserDefaultLCID
0x41a024 CallNamedPipeW
0x41a028 FreeEnvironmentStringsA
0x41a02c GetModuleHandleW
0x41a030 GetCommandLineA
0x41a034 GetSystemTimes
0x41a038 GetPriorityClass
0x41a03c GetEnvironmentStrings
0x41a040 GlobalAlloc
0x41a044 LoadLibraryW
0x41a048 GetConsoleMode
0x41a04c CopyFileW
0x41a050 GetConsoleAliasExesLengthW
0x41a054 HeapDestroy
0x41a058 GetFileAttributesA
0x41a05c GlobalFlags
0x41a060 GetBinaryTypeA
0x41a064 SetConsoleTitleA
0x41a068 DisconnectNamedPipe
0x41a06c GetShortPathNameA
0x41a070 CreateDirectoryA
0x41a074 GetComputerNameA
0x41a078 GetStartupInfoA
0x41a07c FillConsoleOutputCharacterW
0x41a080 GetLastError
0x41a084 GetProcAddress
0x41a088 SetStdHandle
0x41a08c EnterCriticalSection
0x41a090 SearchPathA
0x41a094 OpenWaitableTimerA
0x41a098 LoadLibraryA
0x41a09c SetCalendarInfoW
0x41a0a0 WritePrivateProfileStringA
0x41a0a4 FindAtomA
0x41a0a8 FoldStringW
0x41a0ac GetModuleFileNameA
0x41a0b0 GetDefaultCommConfigA
0x41a0b4 ContinueDebugEvent
0x41a0b8 FreeEnvironmentStringsW
0x41a0bc BuildCommDCBA
0x41a0c0 GlobalReAlloc
0x41a0c4 SetFileAttributesW
0x41a0c8 CopyFileExA
0x41a0cc WriteConsoleW
0x41a0d0 CloseHandle
0x41a0d4 InterlockedExchange
0x41a0d8 DebugActiveProcess
0x41a0dc EncodePointer
0x41a0e0 DecodePointer
0x41a0e4 MultiByteToWideChar
0x41a0e8 ExitProcess
0x41a0ec GetCommandLineW
0x41a0f0 HeapSetInformation
0x41a0f4 GetStartupInfoW
0x41a0f8 TerminateProcess
0x41a0fc GetCurrentProcess
0x41a100 UnhandledExceptionFilter
0x41a104 SetUnhandledExceptionFilter
0x41a108 IsDebuggerPresent
0x41a10c HeapAlloc
0x41a110 ReadFile
0x41a114 LeaveCriticalSection
0x41a118 SetHandleCount
0x41a11c GetStdHandle
0x41a120 InitializeCriticalSectionAndSpinCount
0x41a124 GetFileType
0x41a128 DeleteCriticalSection
0x41a12c Sleep
0x41a130 HeapSize
0x41a134 GetCPInfo
0x41a138 InterlockedIncrement
0x41a13c GetACP
0x41a140 GetOEMCP
0x41a144 IsValidCodePage
0x41a148 TlsAlloc
0x41a14c TlsGetValue
0x41a150 TlsSetValue
0x41a154 TlsFree
0x41a158 SetLastError
0x41a15c GetCurrentThreadId
0x41a160 WriteFile
0x41a164 GetModuleFileNameW
0x41a168 GetEnvironmentStringsW
0x41a16c HeapCreate
0x41a170 QueryPerformanceCounter
0x41a174 GetTickCount
0x41a178 GetCurrentProcessId
0x41a17c GetSystemTimeAsFileTime
0x41a180 SetFilePointer
0x41a184 HeapFree
0x41a188 RtlUnwind
0x41a18c HeapReAlloc
0x41a190 WideCharToMultiByte
0x41a194 LCMapStringW
0x41a198 GetStringTypeW
0x41a19c IsProcessorFeaturePresent
0x41a1a0 GetConsoleCP
0x41a1a4 FlushFileBuffers
0x41a1a8 CreateFileW
USER32.dll
0x41a1b0 GetUserObjectInformationA
ADVAPI32.dll
0x41a000 RegCreateKeyA
EAT(Export Address Table) is none