General

Malware Config

Signatures

Files

• Svchost.zip

  .zip
• svchost.exe

  .exe windows:6 windows x64 arch:x64

  6b5075b82f10534e3c23be1eaf3d1551

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  d3d11

  D3D11CreateDeviceAndSwapChain

  ws2_32

  getpeername

  getsockname

  ntohs

  setsockopt

  socket

  WSAIoctl

  getaddrinfo

  freeaddrinfo

  accept

  listen

  recvfrom

  sendto

  ioctlsocket

  gethostname

  htonl

  connect

  htons

  ntohl

  getsockopt

  closesocket

  bind

  send

  WSAStartup

  WSACleanup

  WSAGetLastError

  recv

  __WSAFDIsSet

  select

  WSASetLastError

  wldap32

  ord200

  ord30

  ord79

  ord35

  ord33

  ord32

  ord27

  ord26

  ord22

  ord41

  ord50

  ord45

  ord60

  ord143

  ord211

  ord46

  ord301

  crypt32

  CertFreeCertificateContext

  d3dcompiler_47

  D3DCompile

  imm32

  ImmGetContext

  ImmReleaseContext

  ImmSetCompositionWindow

  kernel32

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  WaitForMultipleObjects

  RtlVirtualUnwind

  ReadFile

  GetFileType

  GetStdHandle

  ExpandEnvironmentStringsA

  VerifyVersionInfoA

  GetSystemDirectoryA

  WaitForSingleObjectEx

  FormatMessageA

  SetLastError

  GetLastError

  SleepEx

  RtlLookupFunctionEntry

  RtlCaptureContext

  GetModuleHandleW

  CreateEventW

  ResetEvent

  SetEvent

  PeekNamedPipe

  InitializeCriticalSectionAndSpinCount

  MultiByteToWideChar

  GlobalAlloc

  GlobalFree

  GlobalLock

  WideCharToMultiByte

  GlobalUnlock

  LoadLibraryA

  QueryPerformanceFrequency

  GetProcAddress

  VerSetConditionMask

  QueryPerformanceCounter

  GetModuleHandleA

  GetConsoleWindow

  CloseHandle

  CreateThread

  Process32First

  GetCurrentProcess

  OpenProcess

  CreateToolhelp32Snapshot

  Process32Next

  WriteProcessMemory

  ReadProcessMemory

  GetModuleFileNameA

  TerminateProcess

  GetCurrentProcessId

  VirtualQueryEx

  GetExitCodeProcess

  GetTickCount64

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionEx

  DeleteCriticalSection

  FreeLibrary

  Sleep

  user32

  GetWindowTextA

  GetCursorInfo

  PostMessageA

  SendMessageA

  keybd_event

  SetForegroundWindow

  GetWindowThreadProcessId

  FindWindowA

  WindowFromPoint

  DispatchMessageA

  GetWindowRect

  DestroyWindow

  SetWindowPos

  ShowWindow

  GetAsyncKeyState

  SetWindowLongA

  DefWindowProcA

  CreateWindowExA

  TranslateMessage

  PeekMessageA

  UnregisterClassA

  PostQuitMessage

  GetDesktopWindow

  SetClipboardData

  RegisterClassExA

  UpdateWindow

  GetKeyState

  LoadCursorA

  ScreenToClient

  GetCapture

  ClientToScreen

  IsChild

  GetForegroundWindow

  SetCapture

  SetCursor

  GetClientRect

  ReleaseCapture

  SetCursorPos

  GetCursorPos

  OpenClipboard

  CloseClipboard

  EmptyClipboard

  GetClipboardData

  advapi32

  CloseServiceHandle

  OpenServiceA

  QueryServiceStatusEx

  OpenProcessToken

  OpenSCManagerA

  LookupPrivilegeValueA

  CryptEncrypt

  AdjustTokenPrivileges

  ControlService

  CryptAcquireContextA

  CryptReleaseContext

  CryptGenRandom

  CryptGetHashParam

  CryptCreateHash

  CryptHashData

  CryptDestroyHash

  CryptDestroyKey

  CryptImportKey

  msvcp140

  _Close_dir

  _Open_dir

  _Read_dir

  ?_Xinvalid_argument@std@@YAXPEBD@Z

  ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

  ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

  ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

  ??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

  ??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  _To_wide

  ?_Random_device@std@@YAIXZ

  ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

  ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z

  ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

  ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

  ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

  ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

  ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

  ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

  ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

  _Xtime_get_ticks

  _Query_perf_counter

  _Thrd_sleep

  ?_Xlength_error@std@@YAXPEBD@Z

  ?_Xout_of_range@std@@YAXPEBD@Z

  ?uncaught_exception@std@@YA_NXZ

  ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  _Query_perf_frequency

  ??1_Lockit@std@@QEAA@XZ

  ??0_Lockit@std@@QEAA@H@Z

  ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

  ?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A

  ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

  ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

  ?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

  ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

  ?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

  ?always_noconv@codecvt_base@std@@QEBA_NXZ

  ??Bid@locale@std@@QEAA_KXZ

  ?_Xbad_alloc@std@@YAXXZ

  xinput1_4

  ord2

  ord4

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  _CxxThrowException

  __std_terminate

  __C_specific_handler

  __current_exception_context

  __current_exception

  memchr

  memcmp

  strrchr

  memmove

  memset

  memcpy

  __std_type_info_compare

  __std_exception_copy

  __std_exception_destroy

  strchr

  strstr

  api-ms-win-crt-stdio-l1-1-0

  fread

  __stdio_common_vsprintf

  fwrite

  fseek

  fclose

  __stdio_common_vsscanf

  _wfopen

  _lseeki64

  _read

  _write

  _close

  _open

  fflush

  fopen

  _get_stream_buffer_pointers

  _fseeki64

  _set_fmode

  __acrt_iob_func

  fsetpos

  ungetc

  setvbuf

  ftell

  fgetpos

  __p__commode

  fgetc

  fputc

  api-ms-win-crt-string-l1-1-0

  isprint

  _strdup

  strncmp

  tolower

  isalpha

  isgraph

  islower

  strncpy

  isupper

  isxdigit

  strpbrk

  isspace

  toupper

  isalnum

  strcmp

  isdigit

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-heap-l1-1-0

  _set_new_mode

  calloc

  malloc

  _callnewh

  free

  realloc

  api-ms-win-crt-convert-l1-1-0

  strtoul

  atoi

  atof

  strtoll

  strtol

  api-ms-win-crt-runtime-l1-1-0

  strerror

  _invalid_parameter_noinfo_noreturn

  exit

  _beginthreadex

  __sys_nerr

  _getpid

  _register_thread_local_exe_atexit_callback

  _c_exit

  __p___argv

  terminate

  _configure_narrow_argv

  _initialize_narrow_environment

  _initialize_onexit_table

  _register_onexit_function

  _crt_atexit

  _cexit

  __p___argc

  _seh_filter_exe

  _set_app_type

  _initterm

  _get_initial_narrow_environment

  _errno

  _initterm_e

  _exit

  api-ms-win-crt-math-l1-1-0

  fmodf

  floorf

  powf

  cosf

  sinf

  sqrtf

  __setusermatherr

  ceil

  acosf

  log2

  atan2f

  ceilf

  pow

  api-ms-win-crt-filesystem-l1-1-0

  remove

  _fstat64

  _stat64

  _unlock_file

  _lock_file

  _access

  api-ms-win-crt-environment-l1-1-0

  getenv

  api-ms-win-crt-time-l1-1-0

  _time64

  _gmtime64

  api-ms-win-crt-multibyte-l1-1-0

  _mbspbrk

  _mbsnbcpy

  _mbschr

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  Sections

  .text

  Size: 522KB - Virtual size: 522KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 24KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 488B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ