ScreenShot
| Created | 2024.10.20 10:09 | Machine | s1_win7_x6403 |
| Filename | svchost.exe | ||
| Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 7460f67864161928611617d5c28dada8 | ||
| sha256 | f3c6834b83000b99f2bbef17060d8379f7519a16a6bcef1780aa06e141e57875 | ||
| ssdeep | 6144:LL6Aj2ws/+HCn2PrYwX7U4ilaTgsZigfLafwwZDJSTBxt124Bq2tI:LWAjhe+H8KIFsZiHJSTF1g | ||
| imphash | 6676d6dfd2063d93860eb7a1ce2bd577 | ||
| impfuzzy | 96:1c3yaqBzMt6notBb4f+BGkyTiUTsWYYKBUGem2Vp:23yahBtmPTKzBup | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Antivirus | Contains references to security software | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| notice | anti_vm_detect | Possibly employs anti-virtualization techniques | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140031098 Process32FirstW
0x1400310a0 Process32NextW
0x1400310a8 CloseHandle
0x1400310b0 LoadLibraryW
0x1400310b8 GetProcAddress
0x1400310c0 CreateFileW
0x1400310c8 GetCurrentProcess
0x1400310d0 lstrcpyW
0x1400310d8 GetLastError
0x1400310e0 HeapAlloc
0x1400310e8 GetProcessHeap
0x1400310f0 HeapFree
0x1400310f8 OpenProcess
0x140031100 GetDriveTypeW
0x140031108 GetDiskFreeSpaceExW
0x140031110 GlobalMemoryStatusEx
0x140031118 GetSystemInfo
0x140031120 FreeLibrary
0x140031128 GetModuleFileNameW
0x140031130 GetCommandLineW
0x140031138 GetStartupInfoW
0x140031140 CreateProcessW
0x140031148 ExitProcess
0x140031150 WideCharToMultiByte
0x140031158 CreateFileA
0x140031160 DeviceIoControl
0x140031168 QueryPerformanceFrequency
0x140031170 CreateEventW
0x140031178 SetEvent
0x140031180 ResetEvent
0x140031188 QueryPerformanceCounter
0x140031190 WaitForSingleObject
0x140031198 WriteFile
0x1400311a0 ExpandEnvironmentStringsW
0x1400311a8 CopyFileW
0x1400311b0 GetFileAttributesW
0x1400311b8 CreateEventA
0x1400311c0 FormatMessageW
0x1400311c8 SetLastError
0x1400311d0 VirtualProtect
0x1400311d8 IsBadReadPtr
0x1400311e0 LoadLibraryA
0x1400311e8 GetNativeSystemInfo
0x1400311f0 SetErrorMode
0x1400311f8 SetUnhandledExceptionFilter
0x140031200 GetCurrentThreadId
0x140031208 CreateThread
0x140031210 CreateMutexW
0x140031218 GetFileSize
0x140031220 DeleteFileW
0x140031228 ReleaseMutex
0x140031230 SetFilePointer
0x140031238 CreateWaitableTimerW
0x140031240 HeapDestroy
0x140031248 HeapCreate
0x140031250 LocalFree
0x140031258 ReadFile
0x140031260 CreateToolhelp32Snapshot
0x140031268 FlushFileBuffers
0x140031270 SetStdHandle
0x140031278 WriteConsoleW
0x140031280 GetConsoleWindow
0x140031288 GetModuleHandleW
0x140031290 lstrcmpW
0x140031298 InitializeCriticalSection
0x1400312a0 GetTickCount
0x1400312a8 Sleep
0x1400312b0 lstrcatW
0x1400312b8 GetSystemDirectoryW
0x1400312c0 GetLocaleInfoW
0x1400312c8 GetLocalTime
0x1400312d0 GetCurrentProcessId
0x1400312d8 MultiByteToWideChar
0x1400312e0 lstrlenW
0x1400312e8 VirtualAlloc
0x1400312f0 LeaveCriticalSection
0x1400312f8 EnterCriticalSection
0x140031300 DeleteCriticalSection
0x140031308 GetSystemTimeAsFileTime
0x140031310 GetFileType
0x140031318 SetHandleCount
0x140031320 GetEnvironmentStringsW
0x140031328 FreeEnvironmentStringsW
0x140031330 IsValidCodePage
0x140031338 InitializeCriticalSectionAndSpinCount
0x140031340 RaiseException
0x140031348 GetOEMCP
0x140031350 GetACP
0x140031358 GetCPInfo
0x140031360 GetStringTypeW
0x140031368 FlsAlloc
0x140031370 FlsFree
0x140031378 FlsSetValue
0x140031380 FlsGetValue
0x140031388 HeapSize
0x140031390 GetStdHandle
0x140031398 GetConsoleMode
0x1400313a0 GetConsoleCP
0x1400313a8 GetVersion
0x1400313b0 HeapSetInformation
0x1400313b8 RtlCaptureContext
0x1400313c0 RtlVirtualUnwind
0x1400313c8 IsDebuggerPresent
0x1400313d0 UnhandledExceptionFilter
0x1400313d8 TerminateProcess
0x1400313e0 RtlUnwindEx
0x1400313e8 RtlLookupFunctionEntry
0x1400313f0 RtlPcToFileHeader
0x1400313f8 HeapReAlloc
0x140031400 ExitThread
0x140031408 EncodePointer
0x140031410 DecodePointer
0x140031418 TryEnterCriticalSection
0x140031420 CancelWaitableTimer
0x140031428 SetWaitableTimer
0x140031430 lstrlenA
0x140031438 UnmapViewOfFile
0x140031440 MapViewOfFileEx
0x140031448 CreateFileMappingW
0x140031450 VirtualFree
0x140031458 LCMapStringW
0x140031460 SwitchToThread
USER32.dll
0x1400314c8 GetMonitorInfoW
0x1400314d0 GetWindowTextW
0x1400314d8 GetForegroundWindow
0x1400314e0 MsgWaitForMultipleObjects
0x1400314e8 PeekMessageW
0x1400314f0 TranslateMessage
0x1400314f8 DispatchMessageW
0x140031500 GetLastInputInfo
0x140031508 SendMessageW
0x140031510 FindWindowA
0x140031518 GetWindowTextA
0x140031520 GetWindow
0x140031528 GetClassNameA
0x140031530 OpenWindowStationW
0x140031538 SetProcessWindowStation
0x140031540 IsWindow
0x140031548 PostThreadMessageA
0x140031550 GetInputState
0x140031558 EnumDisplayMonitors
0x140031560 wsprintfW
ADVAPI32.dll
0x140031000 RegEnumKeyExA
0x140031008 RegOpenKeyExA
0x140031010 RegSetValueExW
0x140031018 RegCreateKeyW
0x140031020 RegDeleteValueW
0x140031028 RegQueryValueExW
0x140031030 RegOpenKeyExW
0x140031038 LookupAccountSidW
0x140031040 GetTokenInformation
0x140031048 OpenProcessToken
0x140031050 FreeSid
0x140031058 CheckTokenMembership
0x140031060 AllocateAndInitializeSid
0x140031068 RegCloseKey
0x140031070 RegQueryInfoKeyW
0x140031078 GetCurrentHwProfileW
SHELL32.dll
0x1400314a0 SHGetFolderPathW
ole32.dll
0x140031690 CoUninitialize
0x140031698 CoCreateInstance
0x1400316a0 CoInitialize
OLEAUT32.dll
0x140031480 SysFreeString
0x140031488 SysStringLen
0x140031490 SysAllocString
WS2_32.dll
0x140031598 WSASetLastError
0x1400315a0 WSAStringToAddressW
0x1400315a8 shutdown
0x1400315b0 closesocket
0x1400315b8 send
0x1400315c0 getpeername
0x1400315c8 setsockopt
0x1400315d0 WSAIoctl
0x1400315d8 InetNtopW
0x1400315e0 htons
0x1400315e8 ntohs
0x1400315f0 WSAGetLastError
0x1400315f8 inet_ntoa
0x140031600 gethostbyname
0x140031608 gethostname
0x140031610 getsockname
0x140031618 freeaddrinfo
0x140031620 getaddrinfo
0x140031628 WSAStartup
0x140031630 WSAResetEvent
0x140031638 WSAEventSelect
0x140031640 WSACleanup
0x140031648 ind
0x140031650 connect
0x140031658 recv
0x140031660 WSACloseEvent
0x140031668 WSACreateEvent
0x140031670 socket
0x140031678 WSAEnumNetworkEvents
0x140031680 WSAWaitForMultipleEvents
SHLWAPI.dll
0x1400314b0 StrChrW
0x1400314b8 PathIsDirectoryA
NETAPI32.dll
0x140031470 NetWkstaGetInfo
DINPUT8.dll
0x140031088 DirectInput8Create
WINMM.dll
0x140031570 timeGetDevCaps
0x140031578 timeEndPeriod
0x140031580 timeBeginPeriod
0x140031588 timeGetTime
EAT(Export Address Table) is none
KERNEL32.dll
0x140031098 Process32FirstW
0x1400310a0 Process32NextW
0x1400310a8 CloseHandle
0x1400310b0 LoadLibraryW
0x1400310b8 GetProcAddress
0x1400310c0 CreateFileW
0x1400310c8 GetCurrentProcess
0x1400310d0 lstrcpyW
0x1400310d8 GetLastError
0x1400310e0 HeapAlloc
0x1400310e8 GetProcessHeap
0x1400310f0 HeapFree
0x1400310f8 OpenProcess
0x140031100 GetDriveTypeW
0x140031108 GetDiskFreeSpaceExW
0x140031110 GlobalMemoryStatusEx
0x140031118 GetSystemInfo
0x140031120 FreeLibrary
0x140031128 GetModuleFileNameW
0x140031130 GetCommandLineW
0x140031138 GetStartupInfoW
0x140031140 CreateProcessW
0x140031148 ExitProcess
0x140031150 WideCharToMultiByte
0x140031158 CreateFileA
0x140031160 DeviceIoControl
0x140031168 QueryPerformanceFrequency
0x140031170 CreateEventW
0x140031178 SetEvent
0x140031180 ResetEvent
0x140031188 QueryPerformanceCounter
0x140031190 WaitForSingleObject
0x140031198 WriteFile
0x1400311a0 ExpandEnvironmentStringsW
0x1400311a8 CopyFileW
0x1400311b0 GetFileAttributesW
0x1400311b8 CreateEventA
0x1400311c0 FormatMessageW
0x1400311c8 SetLastError
0x1400311d0 VirtualProtect
0x1400311d8 IsBadReadPtr
0x1400311e0 LoadLibraryA
0x1400311e8 GetNativeSystemInfo
0x1400311f0 SetErrorMode
0x1400311f8 SetUnhandledExceptionFilter
0x140031200 GetCurrentThreadId
0x140031208 CreateThread
0x140031210 CreateMutexW
0x140031218 GetFileSize
0x140031220 DeleteFileW
0x140031228 ReleaseMutex
0x140031230 SetFilePointer
0x140031238 CreateWaitableTimerW
0x140031240 HeapDestroy
0x140031248 HeapCreate
0x140031250 LocalFree
0x140031258 ReadFile
0x140031260 CreateToolhelp32Snapshot
0x140031268 FlushFileBuffers
0x140031270 SetStdHandle
0x140031278 WriteConsoleW
0x140031280 GetConsoleWindow
0x140031288 GetModuleHandleW
0x140031290 lstrcmpW
0x140031298 InitializeCriticalSection
0x1400312a0 GetTickCount
0x1400312a8 Sleep
0x1400312b0 lstrcatW
0x1400312b8 GetSystemDirectoryW
0x1400312c0 GetLocaleInfoW
0x1400312c8 GetLocalTime
0x1400312d0 GetCurrentProcessId
0x1400312d8 MultiByteToWideChar
0x1400312e0 lstrlenW
0x1400312e8 VirtualAlloc
0x1400312f0 LeaveCriticalSection
0x1400312f8 EnterCriticalSection
0x140031300 DeleteCriticalSection
0x140031308 GetSystemTimeAsFileTime
0x140031310 GetFileType
0x140031318 SetHandleCount
0x140031320 GetEnvironmentStringsW
0x140031328 FreeEnvironmentStringsW
0x140031330 IsValidCodePage
0x140031338 InitializeCriticalSectionAndSpinCount
0x140031340 RaiseException
0x140031348 GetOEMCP
0x140031350 GetACP
0x140031358 GetCPInfo
0x140031360 GetStringTypeW
0x140031368 FlsAlloc
0x140031370 FlsFree
0x140031378 FlsSetValue
0x140031380 FlsGetValue
0x140031388 HeapSize
0x140031390 GetStdHandle
0x140031398 GetConsoleMode
0x1400313a0 GetConsoleCP
0x1400313a8 GetVersion
0x1400313b0 HeapSetInformation
0x1400313b8 RtlCaptureContext
0x1400313c0 RtlVirtualUnwind
0x1400313c8 IsDebuggerPresent
0x1400313d0 UnhandledExceptionFilter
0x1400313d8 TerminateProcess
0x1400313e0 RtlUnwindEx
0x1400313e8 RtlLookupFunctionEntry
0x1400313f0 RtlPcToFileHeader
0x1400313f8 HeapReAlloc
0x140031400 ExitThread
0x140031408 EncodePointer
0x140031410 DecodePointer
0x140031418 TryEnterCriticalSection
0x140031420 CancelWaitableTimer
0x140031428 SetWaitableTimer
0x140031430 lstrlenA
0x140031438 UnmapViewOfFile
0x140031440 MapViewOfFileEx
0x140031448 CreateFileMappingW
0x140031450 VirtualFree
0x140031458 LCMapStringW
0x140031460 SwitchToThread
USER32.dll
0x1400314c8 GetMonitorInfoW
0x1400314d0 GetWindowTextW
0x1400314d8 GetForegroundWindow
0x1400314e0 MsgWaitForMultipleObjects
0x1400314e8 PeekMessageW
0x1400314f0 TranslateMessage
0x1400314f8 DispatchMessageW
0x140031500 GetLastInputInfo
0x140031508 SendMessageW
0x140031510 FindWindowA
0x140031518 GetWindowTextA
0x140031520 GetWindow
0x140031528 GetClassNameA
0x140031530 OpenWindowStationW
0x140031538 SetProcessWindowStation
0x140031540 IsWindow
0x140031548 PostThreadMessageA
0x140031550 GetInputState
0x140031558 EnumDisplayMonitors
0x140031560 wsprintfW
ADVAPI32.dll
0x140031000 RegEnumKeyExA
0x140031008 RegOpenKeyExA
0x140031010 RegSetValueExW
0x140031018 RegCreateKeyW
0x140031020 RegDeleteValueW
0x140031028 RegQueryValueExW
0x140031030 RegOpenKeyExW
0x140031038 LookupAccountSidW
0x140031040 GetTokenInformation
0x140031048 OpenProcessToken
0x140031050 FreeSid
0x140031058 CheckTokenMembership
0x140031060 AllocateAndInitializeSid
0x140031068 RegCloseKey
0x140031070 RegQueryInfoKeyW
0x140031078 GetCurrentHwProfileW
SHELL32.dll
0x1400314a0 SHGetFolderPathW
ole32.dll
0x140031690 CoUninitialize
0x140031698 CoCreateInstance
0x1400316a0 CoInitialize
OLEAUT32.dll
0x140031480 SysFreeString
0x140031488 SysStringLen
0x140031490 SysAllocString
WS2_32.dll
0x140031598 WSASetLastError
0x1400315a0 WSAStringToAddressW
0x1400315a8 shutdown
0x1400315b0 closesocket
0x1400315b8 send
0x1400315c0 getpeername
0x1400315c8 setsockopt
0x1400315d0 WSAIoctl
0x1400315d8 InetNtopW
0x1400315e0 htons
0x1400315e8 ntohs
0x1400315f0 WSAGetLastError
0x1400315f8 inet_ntoa
0x140031600 gethostbyname
0x140031608 gethostname
0x140031610 getsockname
0x140031618 freeaddrinfo
0x140031620 getaddrinfo
0x140031628 WSAStartup
0x140031630 WSAResetEvent
0x140031638 WSAEventSelect
0x140031640 WSACleanup
0x140031648 ind
0x140031650 connect
0x140031658 recv
0x140031660 WSACloseEvent
0x140031668 WSACreateEvent
0x140031670 socket
0x140031678 WSAEnumNetworkEvents
0x140031680 WSAWaitForMultipleEvents
SHLWAPI.dll
0x1400314b0 StrChrW
0x1400314b8 PathIsDirectoryA
NETAPI32.dll
0x140031470 NetWkstaGetInfo
DINPUT8.dll
0x140031088 DirectInput8Create
WINMM.dll
0x140031570 timeGetDevCaps
0x140031578 timeEndPeriod
0x140031580 timeBeginPeriod
0x140031588 timeGetTime
EAT(Export Address Table) is none