ScreenShot
| Created | 2025.02.03 10:17 | Machine | s1_win7_x6403 |
| Filename | svc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | |||
| VT API (file) | 53 detected (AIDetectMalware, Malicious, score, Lockbit, GenericKDZ, Unsafe, Save, confidence, 100%, Attribute, HighConfidence, high confidence, Kryptik, HYSG, CrypterX, LummaC, Kryptik@AI, RDML, cGEpP, rxSfIWW0QaCG83QQ, SmokeLoader, hwidc, Real Protect, high, Static AI, Malicious PE, DiskWriter, Lumma, Detected, AzorUlt, EAIV, Eldorado, R658943, FXET, GdSda, Kqil, susgen, Behavior) | ||
| md5 | 8b85497783857bcbc16bc7f0a24a7aec | ||
| sha256 | 4b00565a29eeb0446393d0538e8f24de232339cf3ffb6a76a2bce3ba160c2066 | ||
| ssdeep | 1536:6spv0MyR/clIvPknDm+hIoJYXPmHYRCD7yg+cye0YhIA3QhR5qMp58s7ddo40icb:JosZm+P4m4oyRnIcDp58AovUP2 | ||
| imphash | b03acc8c3f6eb40c85e1308b086b8dc9 | ||
| impfuzzy | 24:OUkrkYbG2Se5IQJm3JiA8yJR4zn+SSrq1OClqDRLOovtte2cfWRvZISplOJT4Jm9:eE1yIJuS5N6ktvcfOZJkcJIl | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x420008 GetNativeSystemInfo
0x42000c OpenFile
0x420010 GetConsoleAliasesLengthW
0x420014 TlsGetValue
0x420018 GetDefaultCommConfigW
0x42001c InterlockedIncrement
0x420020 SystemTimeToFileTime
0x420024 MoveFileExW
0x420028 GetEnvironmentStringsW
0x42002c InterlockedCompareExchange
0x420030 GetTimeFormatA
0x420034 CallNamedPipeW
0x420038 FreeEnvironmentStringsA
0x42003c GetModuleHandleW
0x420040 EnumTimeFormatsA
0x420044 GetDateFormatA
0x420048 GetVolumePathNameW
0x42004c GetEnvironmentStrings
0x420050 SearchPathW
0x420054 LoadLibraryW
0x420058 HeapQueryInformation
0x42005c GetAtomNameW
0x420060 GetStartupInfoW
0x420064 SetLastError
0x420068 GetLongPathNameA
0x42006c SetVolumeLabelW
0x420070 MoveFileW
0x420074 SetComputerNameA
0x420078 LocalAlloc
0x42007c SetConsoleDisplayMode
0x420080 AddAtomW
0x420084 OpenFileMappingW
0x420088 BuildCommDCBA
0x42008c VirtualProtect
0x420090 Module32Next
0x420094 EndUpdateResourceA
0x420098 DeleteTimerQueueTimer
0x42009c GetProfileSectionW
0x4200a0 GetCommandLineW
0x4200a4 GetLastError
0x4200a8 HeapFree
0x4200ac HeapReAlloc
0x4200b0 HeapAlloc
0x4200b4 Sleep
0x4200b8 GetProcAddress
0x4200bc ExitProcess
0x4200c0 GetCommandLineA
0x4200c4 GetStartupInfoA
0x4200c8 TerminateProcess
0x4200cc GetCurrentProcess
0x4200d0 UnhandledExceptionFilter
0x4200d4 SetUnhandledExceptionFilter
0x4200d8 IsDebuggerPresent
0x4200dc HeapCreate
0x4200e0 VirtualFree
0x4200e4 DeleteCriticalSection
0x4200e8 LeaveCriticalSection
0x4200ec EnterCriticalSection
0x4200f0 VirtualAlloc
0x4200f4 SetHandleCount
0x4200f8 GetStdHandle
0x4200fc GetFileType
0x420100 TlsAlloc
0x420104 TlsSetValue
0x420108 TlsFree
0x42010c GetCurrentThreadId
0x420110 InterlockedDecrement
0x420114 WriteFile
0x420118 GetModuleFileNameA
0x42011c LoadLibraryA
0x420120 InitializeCriticalSectionAndSpinCount
0x420124 FreeEnvironmentStringsW
0x420128 WideCharToMultiByte
0x42012c QueryPerformanceCounter
0x420130 GetTickCount
0x420134 GetCurrentProcessId
0x420138 GetSystemTimeAsFileTime
0x42013c RtlUnwind
0x420140 SetFilePointer
0x420144 GetConsoleCP
0x420148 GetConsoleMode
0x42014c GetCPInfo
0x420150 GetACP
0x420154 GetOEMCP
0x420158 IsValidCodePage
0x42015c HeapSize
0x420160 GetLocaleInfoA
0x420164 FlushFileBuffers
0x420168 SetStdHandle
0x42016c WriteConsoleA
0x420170 GetConsoleOutputCP
0x420174 WriteConsoleW
0x420178 MultiByteToWideChar
0x42017c LCMapStringA
0x420180 LCMapStringW
0x420184 GetStringTypeA
0x420188 GetStringTypeW
0x42018c CloseHandle
0x420190 CreateFileA
GDI32.dll
0x420000 GetBitmapBits
EAT(Export Address Table) is none
KERNEL32.dll
0x420008 GetNativeSystemInfo
0x42000c OpenFile
0x420010 GetConsoleAliasesLengthW
0x420014 TlsGetValue
0x420018 GetDefaultCommConfigW
0x42001c InterlockedIncrement
0x420020 SystemTimeToFileTime
0x420024 MoveFileExW
0x420028 GetEnvironmentStringsW
0x42002c InterlockedCompareExchange
0x420030 GetTimeFormatA
0x420034 CallNamedPipeW
0x420038 FreeEnvironmentStringsA
0x42003c GetModuleHandleW
0x420040 EnumTimeFormatsA
0x420044 GetDateFormatA
0x420048 GetVolumePathNameW
0x42004c GetEnvironmentStrings
0x420050 SearchPathW
0x420054 LoadLibraryW
0x420058 HeapQueryInformation
0x42005c GetAtomNameW
0x420060 GetStartupInfoW
0x420064 SetLastError
0x420068 GetLongPathNameA
0x42006c SetVolumeLabelW
0x420070 MoveFileW
0x420074 SetComputerNameA
0x420078 LocalAlloc
0x42007c SetConsoleDisplayMode
0x420080 AddAtomW
0x420084 OpenFileMappingW
0x420088 BuildCommDCBA
0x42008c VirtualProtect
0x420090 Module32Next
0x420094 EndUpdateResourceA
0x420098 DeleteTimerQueueTimer
0x42009c GetProfileSectionW
0x4200a0 GetCommandLineW
0x4200a4 GetLastError
0x4200a8 HeapFree
0x4200ac HeapReAlloc
0x4200b0 HeapAlloc
0x4200b4 Sleep
0x4200b8 GetProcAddress
0x4200bc ExitProcess
0x4200c0 GetCommandLineA
0x4200c4 GetStartupInfoA
0x4200c8 TerminateProcess
0x4200cc GetCurrentProcess
0x4200d0 UnhandledExceptionFilter
0x4200d4 SetUnhandledExceptionFilter
0x4200d8 IsDebuggerPresent
0x4200dc HeapCreate
0x4200e0 VirtualFree
0x4200e4 DeleteCriticalSection
0x4200e8 LeaveCriticalSection
0x4200ec EnterCriticalSection
0x4200f0 VirtualAlloc
0x4200f4 SetHandleCount
0x4200f8 GetStdHandle
0x4200fc GetFileType
0x420100 TlsAlloc
0x420104 TlsSetValue
0x420108 TlsFree
0x42010c GetCurrentThreadId
0x420110 InterlockedDecrement
0x420114 WriteFile
0x420118 GetModuleFileNameA
0x42011c LoadLibraryA
0x420120 InitializeCriticalSectionAndSpinCount
0x420124 FreeEnvironmentStringsW
0x420128 WideCharToMultiByte
0x42012c QueryPerformanceCounter
0x420130 GetTickCount
0x420134 GetCurrentProcessId
0x420138 GetSystemTimeAsFileTime
0x42013c RtlUnwind
0x420140 SetFilePointer
0x420144 GetConsoleCP
0x420148 GetConsoleMode
0x42014c GetCPInfo
0x420150 GetACP
0x420154 GetOEMCP
0x420158 IsValidCodePage
0x42015c HeapSize
0x420160 GetLocaleInfoA
0x420164 FlushFileBuffers
0x420168 SetStdHandle
0x42016c WriteConsoleA
0x420170 GetConsoleOutputCP
0x420174 WriteConsoleW
0x420178 MultiByteToWideChar
0x42017c LCMapStringA
0x420180 LCMapStringW
0x420184 GetStringTypeA
0x420188 GetStringTypeW
0x42018c CloseHandle
0x420190 CreateFileA
GDI32.dll
0x420000 GetBitmapBits
EAT(Export Address Table) is none