Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.28 04:04
Purchase Order.pdf.msc
04.28 02:04
setup.exe
04.28 02:04
2025416-方案1-方案細節.pdf.lnk
04.28 10:04
Distribution Document....
04.28 10:04
pik.ps1
04.28 10:04
123.hta
04.28 10:04
verify-sec
04.28 10:04
nums.vbs
04.28 10:04
op.exe
04.28 10:04
cred.dll

Latest News
04.29 12:04
X-Rays From an Overdri...
04.29 12:04
[일본 애니메이션]샐러리맨이 이세계에 갔...
04.29 12:04
[Control systems] CISA...
04.29 12:04
Sony Weighs Chip Spino...
04.29 12:04
IT Sicherheitsnews tae...
04.29 12:04
Automatisierung: eine ...
04.28 11:04
Ubuntu security adviso...
04.28 11:04
IBM security advisory ...
04.28 11:04
Dell security advisory...
04.28 11:04
Combat Rising Account ...

Summary | ZeroBOX

svchosts.exe

Generic Malware Malicious Library UPX PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 28, 2025, 8:59 a.m.	April 28, 2025, 9:01 a.m.

Size	1.7MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`5c7c5ce42b1507c12d71fbaf2488f283`
SHA256	`f1e505fe96b8f83c84a20995e992b3794b1882df4954406e227bd7b75f13c779`
CRC32	`80BC8F4C`
ssdeep	`24576:eFLfAfgVNpNPsTQu2F9NpdOg6lEb6jZJRam8g6D+MxRZt/rTQKXZ242gzk8lu:6egVNpNUTcJQqkJRMg6D5rjIn8`
PDB Path	D:\a\1\s\exe\x64\Release\WinObj64.pdb
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

svchosts.exe "C:\Users\test22\AppData\Local\Temp\svchosts.exe"
1792

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\a\1\s\exe\x64\Release\WinObj64.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	.detourc
section	.detourd
section	_RDATA

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	AFX_DIALOG_LAYOUT
resource name	INI

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 28, 2025, 8:59 a.m.	stacktrace: HeapWalk-0x1ce0 kernel32+0x0 @ 0x76fc0000 FindFirstFileW+0x10 SetErrorMode-0x30 kernel32+0x1bd90 @ 0x76fdbd90 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 0x2 exception.instruction_r: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 exception.symbol: HeapWalk-0x1ce0 kernel32+0x0 exception.instruction: pop r10 exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 0 exception.address: 0x76fc0000 registers.r14: 5357764608 registers.r15: 18 registers.rcx: 45 registers.rsi: 7 registers.r10: 3221225485 registers.rbx: 0 registers.rsp: 2686344 registers.r11: 514 registers.r8: 0 registers.r9: 360 registers.rdx: 5358769932 registers.r12: 5358790512 registers.rbp: 5358790504 registers.rdi: -1 registers.rax: 45 registers.r13: 5358770032	1	0	0

File has been identified by 3 AntiVirus engines on VirusTotal as malicious (3 events)

Kaspersky	HEUR:Trojan.Win32.Generic
Rising	Trojan.Generic!8.C3 (CLOUD)
McAfeeD	ti!F1E505FE96B8