20220124svchost[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

20220124svchost.zip
Size

4.2MB
MD5

73e10501b54e3ed8024f4882ef5f3cff
SHA1

08372e11394b25eedbb84f3cc3fd915d0be5ad14
SHA256

f01f5fb0137d71bbaa7e2762e6e92d9b8fdb56d16b60c332b7e0a897c6205f31
SHA512

781c39a32409261bdcefebc50b18f7c52549751835839216cb2e03727a6bc05ca4cfcd34e4dfa58f1dbbf2b08025092d244b4ca81bb2a6e30c38b051ef66e52f
SSDEEP

98304:Kc9MFzCYeDvF2Ctfs94McRgnd7HcXPoH3/obNtfIP:nMCY2vrtfsV0a7HcAAbT2

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/20220124svchost/svchost.exe	upx

Files

20220124svchost.zip
.zip
20220124svchost/dllhost.exe
.exe windows x64

6d08db5b7990c26ea7afcea30ea2df27

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-07-2014 20:32

Not After

01-10-2015 20:32

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:af:60:53:fb:4a:fb:ee:8a:15:09:67:15:23:c1:fb:aa:f7:78:1f:f3:72:29:cc:17:e2:ce:c7:76:eb:dd:49
Signer

Actual PE Digest

af:af:60:53:fb:4a:fb:ee:8a:15:09:67:15:23:c1:fb:aa:f7:78:1f:f3:72:29:cc:17:e2:ce:c7:76:eb:dd:49

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

21-01-2022 13:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_wcmdln
_XcptFilter
_amsg_exit
__wgetmainargs
?terminate@@YAXXZ
_commode
_fmode
_wcsicmp
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-com-private-l1-1-0

CoRegisterSurrogateEx

api-ms-win-core-com-l1-1-1

CoUninitialize
IIDFromString
CoInitializeEx

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetStartupInfoW
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-heap-l1-2-0

HeapSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
20220124svchost/host.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
20220124svchost/svchost.exe
.exe windows x64

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d08db5b7990c26ea7afcea30ea2df27

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4eCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

af:af:60:53:fb:4a:fb:ee:8a:15:09:67:15:23:c1:fb:aa:f7:78:1f:f3:72:29:cc:17:e2:ce:c7:76:eb:dd:49Signer

Signature Validations

Verification

21-01-2022 13:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-heap-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

Sections

.text Size: 4KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 288B

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 512B - Virtual size: 36B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 5.5MB

UPX1 Size: 4.3MB - Virtual size: 4.3MB

UPX2 Size: 512B - Virtual size: 4KB

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

af:af:60:53:fb:4a:fb:ee:8a:15:09:67:15:23:c1:fb:aa:f7:78:1f:f3:72:29:cc:17:e2:ce:c7:76:eb:dd:49
Signer

21-01-2022 13:36
Valid: false

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 288B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 512B - Virtual size: 36B

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 5.5MB

UPX1
Size: 4.3MB - Virtual size: 4.3MB

UPX2
Size: 512B - Virtual size: 4KB