ScreenShot
| Created | 2024.10.26 17:37 | Machine | s1_win7_x6403 |
| Filename | svchost.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | a37f1e4e3bb3ba816cbf68c664f0f52d | ||
| sha256 | 2722d978af0d16d552397fb94203e823efd408c345a0485863990cc74cade19a | ||
| ssdeep | 98304:+30by/KSJ0pPXaG8s0i7RFCNzSV7KFW66je+aMpKV/2:u4Clmb8s7KWVzpsVO | ||
| imphash | d8cdd40c18715dc71fd767e8dd8e5f69 | ||
| impfuzzy | 24:G0DsS1jtpMdlJeDc+pl39LoQMjv2D+SOovbO9Z9:kS1jtpMic+ppJqj3B | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x40f000 Sleep
0x40f004 GetTickCount64
0x40f008 LoadLibraryA
0x40f00c GetProcAddress
0x40f010 GetModuleHandleW
0x40f014 WriteConsoleW
0x40f018 HeapReAlloc
0x40f01c QueryPerformanceCounter
0x40f020 GetCurrentProcessId
0x40f024 GetCurrentThreadId
0x40f028 GetSystemTimeAsFileTime
0x40f02c InitializeSListHead
0x40f030 IsDebuggerPresent
0x40f034 UnhandledExceptionFilter
0x40f038 SetUnhandledExceptionFilter
0x40f03c GetStartupInfoW
0x40f040 IsProcessorFeaturePresent
0x40f044 GetCurrentProcess
0x40f048 TerminateProcess
0x40f04c RtlUnwind
0x40f050 RaiseException
0x40f054 GetLastError
0x40f058 SetLastError
0x40f05c EncodePointer
0x40f060 EnterCriticalSection
0x40f064 LeaveCriticalSection
0x40f068 DeleteCriticalSection
0x40f06c InitializeCriticalSectionAndSpinCount
0x40f070 TlsAlloc
0x40f074 TlsGetValue
0x40f078 TlsSetValue
0x40f07c TlsFree
0x40f080 FreeLibrary
0x40f084 LoadLibraryExW
0x40f088 GetStdHandle
0x40f08c WriteFile
0x40f090 GetModuleFileNameW
0x40f094 ExitProcess
0x40f098 GetModuleHandleExW
0x40f09c SetFilePointerEx
0x40f0a0 GetConsoleMode
0x40f0a4 GetFileType
0x40f0a8 HeapFree
0x40f0ac CloseHandle
0x40f0b0 GetConsoleOutputCP
0x40f0b4 HeapAlloc
0x40f0b8 FindClose
0x40f0bc FindFirstFileExW
0x40f0c0 FindNextFileW
0x40f0c4 IsValidCodePage
0x40f0c8 GetACP
0x40f0cc GetOEMCP
0x40f0d0 GetCPInfo
0x40f0d4 GetCommandLineA
0x40f0d8 GetCommandLineW
0x40f0dc MultiByteToWideChar
0x40f0e0 WideCharToMultiByte
0x40f0e4 GetEnvironmentStringsW
0x40f0e8 FreeEnvironmentStringsW
0x40f0ec SetStdHandle
0x40f0f0 GetStringTypeW
0x40f0f4 LCMapStringW
0x40f0f8 GetProcessHeap
0x40f0fc CreateFileW
0x40f100 FlushFileBuffers
0x40f104 HeapSize
0x40f108 DecodePointer
EAT(Export Address Table) is none
KERNEL32.dll
0x40f000 Sleep
0x40f004 GetTickCount64
0x40f008 LoadLibraryA
0x40f00c GetProcAddress
0x40f010 GetModuleHandleW
0x40f014 WriteConsoleW
0x40f018 HeapReAlloc
0x40f01c QueryPerformanceCounter
0x40f020 GetCurrentProcessId
0x40f024 GetCurrentThreadId
0x40f028 GetSystemTimeAsFileTime
0x40f02c InitializeSListHead
0x40f030 IsDebuggerPresent
0x40f034 UnhandledExceptionFilter
0x40f038 SetUnhandledExceptionFilter
0x40f03c GetStartupInfoW
0x40f040 IsProcessorFeaturePresent
0x40f044 GetCurrentProcess
0x40f048 TerminateProcess
0x40f04c RtlUnwind
0x40f050 RaiseException
0x40f054 GetLastError
0x40f058 SetLastError
0x40f05c EncodePointer
0x40f060 EnterCriticalSection
0x40f064 LeaveCriticalSection
0x40f068 DeleteCriticalSection
0x40f06c InitializeCriticalSectionAndSpinCount
0x40f070 TlsAlloc
0x40f074 TlsGetValue
0x40f078 TlsSetValue
0x40f07c TlsFree
0x40f080 FreeLibrary
0x40f084 LoadLibraryExW
0x40f088 GetStdHandle
0x40f08c WriteFile
0x40f090 GetModuleFileNameW
0x40f094 ExitProcess
0x40f098 GetModuleHandleExW
0x40f09c SetFilePointerEx
0x40f0a0 GetConsoleMode
0x40f0a4 GetFileType
0x40f0a8 HeapFree
0x40f0ac CloseHandle
0x40f0b0 GetConsoleOutputCP
0x40f0b4 HeapAlloc
0x40f0b8 FindClose
0x40f0bc FindFirstFileExW
0x40f0c0 FindNextFileW
0x40f0c4 IsValidCodePage
0x40f0c8 GetACP
0x40f0cc GetOEMCP
0x40f0d0 GetCPInfo
0x40f0d4 GetCommandLineA
0x40f0d8 GetCommandLineW
0x40f0dc MultiByteToWideChar
0x40f0e0 WideCharToMultiByte
0x40f0e4 GetEnvironmentStringsW
0x40f0e8 FreeEnvironmentStringsW
0x40f0ec SetStdHandle
0x40f0f0 GetStringTypeW
0x40f0f4 LCMapStringW
0x40f0f8 GetProcessHeap
0x40f0fc CreateFileW
0x40f100 FlushFileBuffers
0x40f104 HeapSize
0x40f108 DecodePointer
EAT(Export Address Table) is none