ScreenShot
| Created | 2024.11.13 14:19 | Machine | s1_win7_x6401 |
| Filename | svcyr.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 61 detected (Common, Malicious, score, Unsafe, Save, confidence, 100%, Dnldr25, Windows, Threat, TrojanX, Nitol, etbkiz, 87fVyGeA1oT, DownLoader25, Real Protect, high, bjpij, Detected, AGeneric, Eldorado, R215641, GenericRXAA, BScope, TrojanDDoS, Macri, Genetic, Gencirc, GenAsa, dQdgt8kAsB4, MalBehav, susgen) | ||
| md5 | 61fe809e805e74c4d6fc33b0e5a3305e | ||
| sha256 | 466682a767a27edcb28e3d2ae0ed221836db7d7dcb73fa88879c4b5944ba829d | ||
| ssdeep | 768:fI0+FNeQT1ok/ILtq2FV5AY6t+ayph/bAUn26wriTJogrIyP85P85jaZV9VYnsxx:fI0eMCoHFVet+phX7lBF85EAa0GDit3 | ||
| imphash | 5a757cedf03930b945cf2435af0c6f5b | ||
| impfuzzy | 6:dBJAEHGDzyRlbRmVOZ/EwcWZfZtGbK146BfrxKXn:VA/DzqYOZ9Fhtm7urxMn | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 61 AntiVirus engines on VirusTotal as malicious |
| watch | Installs itself for autorun at Windows startup |
| notice | Creates a service |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| notice | The executable is compressed using UPX |
| info | The executable uses a known packer |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.DLL
0x41d8a0 LoadLibraryA
0x41d8a4 GetProcAddress
0x41d8a8 VirtualProtect
0x41d8ac VirtualAlloc
0x41d8b0 VirtualFree
0x41d8b4 ExitProcess
ADVAPI32.dll
0x41d8bc RegOpenKeyA
iphlpapi.dll
0x41d8c4 GetIfTable
USER32.dll
0x41d8cc wsprintfA
WININET.dll
0x41d8d4 InternetOpenA
WS2_32.dll
0x41d8dc WSAGetLastError
EAT(Export Address Table) is none
KERNEL32.DLL
0x41d8a0 LoadLibraryA
0x41d8a4 GetProcAddress
0x41d8a8 VirtualProtect
0x41d8ac VirtualAlloc
0x41d8b0 VirtualFree
0x41d8b4 ExitProcess
ADVAPI32.dll
0x41d8bc RegOpenKeyA
iphlpapi.dll
0x41d8c4 GetIfTable
USER32.dll
0x41d8cc wsprintfA
WININET.dll
0x41d8d4 InternetOpenA
WS2_32.dll
0x41d8dc WSAGetLastError
EAT(Export Address Table) is none