7ff740d70000[.]svchost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

7ff740d70000.svchost.exe
Size

44KB
MD5

39c18063dacfc0605780f3a761f980fb
SHA1

c05ae4f80b4fd33cd5b837c0b44d2a494f623029
SHA256

7b01b79b3f7a1f70f36879579d3028e4afa74cc68b48c606d637b79983395408
SHA512

5b3559570655370edc016e1308fc072fb821d668051fd4f34d07fd0904f7659e8654a4707cb9f6c6181a601d62de958afc01592c04727ef5c36f26fabcff2704
SSDEEP

768:aCsmFHQ68l82s0GSNvJmEbcetbPImvK+mdGpjXu2YCD8HVnY19:a12HQC2s0GivbBtEybYRS19

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ff740d70000.svchost.exe

Files

7ff740d70000.svchost.exe
.exe windows:10 windows x64 arch:x64

247b9220e5d9b720a82b2c8b5069ad69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

svchost.pdb

Imports

api-ms-win-core-crt-l2-1-0

_initterm
_initterm_e
__wgetmainargs
exit

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
TerminateProcess
SetProcessAffinityUpdateMode
ExitProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-service-private-l1-1-3

I_RegisterSvchostNotificationCallback

api-ms-win-core-crt-l1-1-0

qsort_s
memcpy
memset
_wcsicmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSetInformation

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegDisablePredefinedCacheEx
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

rpcrt4

RpcServerUnregisterIf
I_RpcMapWin32Status
RpcMgmtSetServerStackSize
I_RpcServerDisableExceptionFilter
RpcServerUseProtseqEpW
RpcServerUnregisterIfEx
RpcMgmtStopServerListening
RpcServerListen
RpcMgmtWaitServerListen
RpcServerRegisterIf

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
MakeAbsoluteSD
AddAccessAllowedAce
GetTokenInformation
GetLengthSid
InitializeAcl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-crt-utility-l1-1-0

bsearch_s

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
ReleaseActCtx
CreateActCtxW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

ntdll

RtlQueryHeapInformation
TpAllocTimer
_vsnwprintf
EtwEventEnabled
TpReleaseWait
RtlNtStatusToDosErrorNoTeb
TpSetWait
TpAllocWait
EtwEventRegister
RtlUnhandledExceptionFilter
NtSetInformationProcess
RtlSetProcessIsCritical
TpSetTimerEx
TpSetTimer
RtlImageNtHeader
RtlValidSecurityDescriptor
NtQuerySystemInformation
RtlRunOnceExecuteOnce
RtlNtStatusToDosError
RtlFreeHeap
EtwEventWrite
TpReleaseTimer
RtlInitializeCriticalSection
RtlInitializeSid
RtlSubAuthoritySid
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlSubAuthorityCountSid
RtlAcquireSRWLockExclusive
RtlLengthRequiredSid
RtlDeriveCapabilitySidsFromName
RtlCopySid
TpWaitForTimer
RtlAllocateHeap

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

247b9220e5d9b720a82b2c8b5069ad69

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-crt-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-service-private-l1-1-3

api-ms-win-core-crt-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-processthreads-l1-1-2

rpcrt4

api-ms-win-core-localization-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-threadpool-private-l1-1-0

ntdll

api-ms-win-core-heap-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 48B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 108B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 48B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 108B