ScreenShot
Created | 2024.12.19 08:40 | Machine | s1_win7_x6403 |
Filename | svchost.exe | ||
Type | PE32+ executable (GUI) x86-64, for MS Windows | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | |||
md5 | 41858a9907ffd870b55a8ffef5aa1593 | ||
sha256 | fbbd5b9144a69bffecf03d1861fa8bd1fd195246b0cd8c1a211a9740aa9470ad | ||
ssdeep | 196608:gVPgvWvNm1E8giq1g9KDOywzGzHKTSgJlpZstQoS9Hf128WrQLhq:cIW1m1NqtkTTSSGt7G/xWrQY | ||
imphash | 72c4e339b7af8ab1ed2eb3821c98713a | ||
impfuzzy | 48:tVYEK/0W/KA4JGn6gF/gub6EwoQ54rzSv6xviAYd9pUJOyIx0LwitN1MEc+pIuCP:D/sTfh18gJtIx0LZtN1MEc+pIuYQ9HS |
Network IP location
Signature (7cnts)
Level | Description |
---|---|
notice | Created a process named as a common system process |
notice | Creates a suspicious process |
notice | Creates executable files on the filesystem |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | Checks amount of memory in system |
info | Checks if process is being debugged by a debugger |
info | One or more processes crashed |
Rules (17cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
warning | Generic_Malware_Zero | Generic Malware | binaries (download) |
warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
watch | ASPack_Zero | ASPack packed file | binaries (upload) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | Malicious_Packer_Zero | Malicious Packer | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (download) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsDLL | (no description) | binaries (download) |
info | IsPE64 | (no description) | binaries (download) |
info | IsPE64 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (download) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
info | zip_file_format | ZIP file format | binaries (download) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x14002b3b8 CreateWindowExW
0x14002b3c0 ShutdownBlockReasonCreate
0x14002b3c8 MsgWaitForMultipleObjects
0x14002b3d0 ShowWindow
0x14002b3d8 DestroyWindow
0x14002b3e0 RegisterClassW
0x14002b3e8 DefWindowProcW
0x14002b3f0 PeekMessageW
0x14002b3f8 DispatchMessageW
0x14002b400 TranslateMessage
0x14002b408 PostMessageW
0x14002b410 GetMessageW
0x14002b418 MessageBoxW
0x14002b420 MessageBoxA
0x14002b428 SystemParametersInfoW
0x14002b430 DestroyIcon
0x14002b438 SetWindowLongPtrW
0x14002b440 GetWindowLongPtrW
0x14002b448 GetClientRect
0x14002b450 InvalidateRect
0x14002b458 ReleaseDC
0x14002b460 GetDC
0x14002b468 DrawTextW
0x14002b470 GetDialogBaseUnits
0x14002b478 EndDialog
0x14002b480 DialogBoxIndirectParamW
0x14002b488 MoveWindow
0x14002b490 SendMessageW
COMCTL32.dll
0x14002b028 None
KERNEL32.dll
0x14002b058 GetACP
0x14002b060 IsValidCodePage
0x14002b068 GetStringTypeW
0x14002b070 GetFileAttributesExW
0x14002b078 SetEnvironmentVariableW
0x14002b080 FlushFileBuffers
0x14002b088 GetCurrentDirectoryW
0x14002b090 LCMapStringW
0x14002b098 CompareStringW
0x14002b0a0 FlsFree
0x14002b0a8 GetOEMCP
0x14002b0b0 GetCPInfo
0x14002b0b8 GetModuleHandleW
0x14002b0c0 MulDiv
0x14002b0c8 FormatMessageW
0x14002b0d0 GetLastError
0x14002b0d8 GetModuleFileNameW
0x14002b0e0 LoadLibraryExW
0x14002b0e8 SetDllDirectoryW
0x14002b0f0 CreateSymbolicLinkW
0x14002b0f8 GetProcAddress
0x14002b100 GetEnvironmentStringsW
0x14002b108 GetCommandLineW
0x14002b110 GetEnvironmentVariableW
0x14002b118 ExpandEnvironmentStringsW
0x14002b120 DeleteFileW
0x14002b128 FindClose
0x14002b130 FindFirstFileW
0x14002b138 FindNextFileW
0x14002b140 GetDriveTypeW
0x14002b148 RemoveDirectoryW
0x14002b150 GetTempPathW
0x14002b158 CloseHandle
0x14002b160 QueryPerformanceCounter
0x14002b168 QueryPerformanceFrequency
0x14002b170 WaitForSingleObject
0x14002b178 Sleep
0x14002b180 GetCurrentProcess
0x14002b188 TerminateProcess
0x14002b190 GetExitCodeProcess
0x14002b198 CreateProcessW
0x14002b1a0 GetStartupInfoW
0x14002b1a8 FreeLibrary
0x14002b1b0 LocalFree
0x14002b1b8 SetConsoleCtrlHandler
0x14002b1c0 K32EnumProcessModules
0x14002b1c8 K32GetModuleFileNameExW
0x14002b1d0 CreateFileW
0x14002b1d8 FindFirstFileExW
0x14002b1e0 GetFinalPathNameByHandleW
0x14002b1e8 MultiByteToWideChar
0x14002b1f0 WideCharToMultiByte
0x14002b1f8 FlsSetValue
0x14002b200 FreeEnvironmentStringsW
0x14002b208 GetProcessHeap
0x14002b210 GetTimeZoneInformation
0x14002b218 HeapSize
0x14002b220 HeapReAlloc
0x14002b228 WriteConsoleW
0x14002b230 SetEndOfFile
0x14002b238 CreateDirectoryW
0x14002b240 RtlCaptureContext
0x14002b248 RtlLookupFunctionEntry
0x14002b250 RtlVirtualUnwind
0x14002b258 UnhandledExceptionFilter
0x14002b260 SetUnhandledExceptionFilter
0x14002b268 IsProcessorFeaturePresent
0x14002b270 GetCurrentProcessId
0x14002b278 GetCurrentThreadId
0x14002b280 GetSystemTimeAsFileTime
0x14002b288 InitializeSListHead
0x14002b290 IsDebuggerPresent
0x14002b298 RtlUnwindEx
0x14002b2a0 SetLastError
0x14002b2a8 EnterCriticalSection
0x14002b2b0 LeaveCriticalSection
0x14002b2b8 DeleteCriticalSection
0x14002b2c0 InitializeCriticalSectionAndSpinCount
0x14002b2c8 TlsAlloc
0x14002b2d0 TlsGetValue
0x14002b2d8 TlsSetValue
0x14002b2e0 TlsFree
0x14002b2e8 EncodePointer
0x14002b2f0 RaiseException
0x14002b2f8 RtlPcToFileHeader
0x14002b300 GetCommandLineA
0x14002b308 GetFileInformationByHandle
0x14002b310 GetFileType
0x14002b318 PeekNamedPipe
0x14002b320 SystemTimeToTzSpecificLocalTime
0x14002b328 FileTimeToSystemTime
0x14002b330 ReadFile
0x14002b338 GetFullPathNameW
0x14002b340 SetStdHandle
0x14002b348 GetStdHandle
0x14002b350 WriteFile
0x14002b358 ExitProcess
0x14002b360 GetModuleHandleExW
0x14002b368 HeapFree
0x14002b370 GetConsoleMode
0x14002b378 ReadConsoleW
0x14002b380 SetFilePointerEx
0x14002b388 GetConsoleOutputCP
0x14002b390 GetFileSizeEx
0x14002b398 HeapAlloc
0x14002b3a0 FlsAlloc
0x14002b3a8 FlsGetValue
ADVAPI32.dll
0x14002b000 OpenProcessToken
0x14002b008 GetTokenInformation
0x14002b010 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14002b018 ConvertSidToStringSidW
GDI32.dll
0x14002b038 SelectObject
0x14002b040 DeleteObject
0x14002b048 CreateFontIndirectW
EAT(Export Address Table) is none
USER32.dll
0x14002b3b8 CreateWindowExW
0x14002b3c0 ShutdownBlockReasonCreate
0x14002b3c8 MsgWaitForMultipleObjects
0x14002b3d0 ShowWindow
0x14002b3d8 DestroyWindow
0x14002b3e0 RegisterClassW
0x14002b3e8 DefWindowProcW
0x14002b3f0 PeekMessageW
0x14002b3f8 DispatchMessageW
0x14002b400 TranslateMessage
0x14002b408 PostMessageW
0x14002b410 GetMessageW
0x14002b418 MessageBoxW
0x14002b420 MessageBoxA
0x14002b428 SystemParametersInfoW
0x14002b430 DestroyIcon
0x14002b438 SetWindowLongPtrW
0x14002b440 GetWindowLongPtrW
0x14002b448 GetClientRect
0x14002b450 InvalidateRect
0x14002b458 ReleaseDC
0x14002b460 GetDC
0x14002b468 DrawTextW
0x14002b470 GetDialogBaseUnits
0x14002b478 EndDialog
0x14002b480 DialogBoxIndirectParamW
0x14002b488 MoveWindow
0x14002b490 SendMessageW
COMCTL32.dll
0x14002b028 None
KERNEL32.dll
0x14002b058 GetACP
0x14002b060 IsValidCodePage
0x14002b068 GetStringTypeW
0x14002b070 GetFileAttributesExW
0x14002b078 SetEnvironmentVariableW
0x14002b080 FlushFileBuffers
0x14002b088 GetCurrentDirectoryW
0x14002b090 LCMapStringW
0x14002b098 CompareStringW
0x14002b0a0 FlsFree
0x14002b0a8 GetOEMCP
0x14002b0b0 GetCPInfo
0x14002b0b8 GetModuleHandleW
0x14002b0c0 MulDiv
0x14002b0c8 FormatMessageW
0x14002b0d0 GetLastError
0x14002b0d8 GetModuleFileNameW
0x14002b0e0 LoadLibraryExW
0x14002b0e8 SetDllDirectoryW
0x14002b0f0 CreateSymbolicLinkW
0x14002b0f8 GetProcAddress
0x14002b100 GetEnvironmentStringsW
0x14002b108 GetCommandLineW
0x14002b110 GetEnvironmentVariableW
0x14002b118 ExpandEnvironmentStringsW
0x14002b120 DeleteFileW
0x14002b128 FindClose
0x14002b130 FindFirstFileW
0x14002b138 FindNextFileW
0x14002b140 GetDriveTypeW
0x14002b148 RemoveDirectoryW
0x14002b150 GetTempPathW
0x14002b158 CloseHandle
0x14002b160 QueryPerformanceCounter
0x14002b168 QueryPerformanceFrequency
0x14002b170 WaitForSingleObject
0x14002b178 Sleep
0x14002b180 GetCurrentProcess
0x14002b188 TerminateProcess
0x14002b190 GetExitCodeProcess
0x14002b198 CreateProcessW
0x14002b1a0 GetStartupInfoW
0x14002b1a8 FreeLibrary
0x14002b1b0 LocalFree
0x14002b1b8 SetConsoleCtrlHandler
0x14002b1c0 K32EnumProcessModules
0x14002b1c8 K32GetModuleFileNameExW
0x14002b1d0 CreateFileW
0x14002b1d8 FindFirstFileExW
0x14002b1e0 GetFinalPathNameByHandleW
0x14002b1e8 MultiByteToWideChar
0x14002b1f0 WideCharToMultiByte
0x14002b1f8 FlsSetValue
0x14002b200 FreeEnvironmentStringsW
0x14002b208 GetProcessHeap
0x14002b210 GetTimeZoneInformation
0x14002b218 HeapSize
0x14002b220 HeapReAlloc
0x14002b228 WriteConsoleW
0x14002b230 SetEndOfFile
0x14002b238 CreateDirectoryW
0x14002b240 RtlCaptureContext
0x14002b248 RtlLookupFunctionEntry
0x14002b250 RtlVirtualUnwind
0x14002b258 UnhandledExceptionFilter
0x14002b260 SetUnhandledExceptionFilter
0x14002b268 IsProcessorFeaturePresent
0x14002b270 GetCurrentProcessId
0x14002b278 GetCurrentThreadId
0x14002b280 GetSystemTimeAsFileTime
0x14002b288 InitializeSListHead
0x14002b290 IsDebuggerPresent
0x14002b298 RtlUnwindEx
0x14002b2a0 SetLastError
0x14002b2a8 EnterCriticalSection
0x14002b2b0 LeaveCriticalSection
0x14002b2b8 DeleteCriticalSection
0x14002b2c0 InitializeCriticalSectionAndSpinCount
0x14002b2c8 TlsAlloc
0x14002b2d0 TlsGetValue
0x14002b2d8 TlsSetValue
0x14002b2e0 TlsFree
0x14002b2e8 EncodePointer
0x14002b2f0 RaiseException
0x14002b2f8 RtlPcToFileHeader
0x14002b300 GetCommandLineA
0x14002b308 GetFileInformationByHandle
0x14002b310 GetFileType
0x14002b318 PeekNamedPipe
0x14002b320 SystemTimeToTzSpecificLocalTime
0x14002b328 FileTimeToSystemTime
0x14002b330 ReadFile
0x14002b338 GetFullPathNameW
0x14002b340 SetStdHandle
0x14002b348 GetStdHandle
0x14002b350 WriteFile
0x14002b358 ExitProcess
0x14002b360 GetModuleHandleExW
0x14002b368 HeapFree
0x14002b370 GetConsoleMode
0x14002b378 ReadConsoleW
0x14002b380 SetFilePointerEx
0x14002b388 GetConsoleOutputCP
0x14002b390 GetFileSizeEx
0x14002b398 HeapAlloc
0x14002b3a0 FlsAlloc
0x14002b3a8 FlsGetValue
ADVAPI32.dll
0x14002b000 OpenProcessToken
0x14002b008 GetTokenInformation
0x14002b010 ConvertStringSecurityDescriptorToSecurityDescriptorW
0x14002b018 ConvertSidToStringSidW
GDI32.dll
0x14002b038 SelectObject
0x14002b040 DeleteObject
0x14002b048 CreateFontIndirectW
EAT(Export Address Table) is none