svchost[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

svchost.dll
Size

11KB
MD5

ccc5e09cb26f8841e21979d476cb8a5d
SHA1

96bfb5458748be8fe0b551fb714b0d0350e945fb
SHA256

f20b3d001e16f10522b1ef34f8c38d39ba6938d2ac3f3ae5b6c5c5b0ba2ba9e5
SHA512

48edb23fffd5c388b074b278071fc0bc303d4be5304d912438378d00b64478f7e491262cc9ca317073b29596e22714fd04c16c94e85396cba617cee66a9b3ef5
SSDEEP

192:ZSHT9F634EHidqdHA/wnsG1k1npkPBxcfq2yvp:g9c34EHiGt1rPAIvp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
svchost.dll

Files

svchost.dll
.exe windows:4 windows x86

be1a56b4f86d6bef40870fa0bf105d44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

strcat
RtlAdjustPrivilege
memset
_snprintf
strcpy
strlen
memcpy

shlwapi

StrStrIA

kernel32

CreateToolhelp32Snapshot
GetSystemDirectoryA
WriteProcessMemory
CloseHandle
ExitProcess
HeapAlloc
GlobalAddAtomA
HeapFree
Process32First
VirtualFree
GetProcessHeap
CreateRemoteThread
OpenProcess
GlobalFindAtomA
HeapValidate
GetModuleHandleA
GetEnvironmentVariableA
GetShortPathNameA
VirtualAlloc
CopyFileA
VirtualAllocEx
Process32Next
VirtualLock
GetModuleFileNameA
WinExec

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ