svchost.exe

First submission 2024-07-09 00:05:14 Last sumbission 2024-07-09 00:06:10

File details

File type: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 5800.5 KB (5939712 bytes)
Compile time: 1970-01-01 01:00:00
MD5: cb146d2042ae0df2c95f3afde7256583
SHA1: 3a5e3ff5fdb3106bf6e6e6ac6788f4b473f0d7c8
SHA256: a6b3c627daa303eb2994b27b68e4c4b0d88fe2bc99511cc7ddf8eb7ac818b468
Import Hash : 6ed4f5f04d62b18d96b26d6db7c18840
Sections 3 UPX0 UPX1 UPX2
Directories 1 import

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 36/78 VT report date: 2024-07-08 23:15:50
Malware Type 1 trojan
Threat Type 2 supershell wingo

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://43.242.203.214:60000/supershell/compile/download/.svchost.exe VirusTotal Report 43.242.203.214 VirusTotal Report 2024-07-09 00:05:14

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
UPX0 0x1000 0xa79000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xa7a000 0x5aa000 5938688 ac4a07a626ac00edf63d1dc58014fa92873a8d26 fb2e552a1666852a2353f809458ad4b2
UPX2 0x1024000 0x1000 512 3b80dfb287f3a61ea950cdb53eeb379777cc63e8 7e52da50a2c179bbebab5ba9aef24dfb

Strings analysis - File found

Database
/.db
0_51?U1B.dB
Library
TG.dll
KERNEL32.dll
g.dll

Import functions

Name Latest seen MD5
BnWxM.exe 2022-08-02 21:31:02 44e041dc2e445fcd33cc89b8453d0539
FkSyDHJGjzKRHTp.exe 2022-08-28 12:59:02 21f894391eaac76010275132312ac5c8
1533572208.exe 2022-09-26 07:48:02 809b9513cecea98e925419a39a6244a2
smbscanlocal-6e08d39fe99ad508d7e0c7aed19ececd.exe 2022-10-15 05:08:04 6e08d39fe99ad508d7e0c7aed19ececd
softv2.exe 2022-10-21 04:31:04 624d887c50cd38398904002ffcbc732a
chrome10_.eff 2022-11-01 07:56:05 73b9004ff373f3b7b2f595541deb5a02
win8def.exe 2022-11-03 21:45:08 99fa3cf292e4c3534951b6ebd96a6802
win.exe 2023-01-20 20:32:40 eb61b390ea1d6a48148fc1d368ce0bb4
wupxarch-6162-dcb505dc2b9d8aac05f4ca0727f5eadb.exe 2023-02-26 08:37:02 dcb505dc2b9d8aac05f4ca0727f5eadb
clip.exe 2023-03-22 17:37:04 8d3942d2bfaf962a1177aee8d08ca079
huilang.exe 2023-03-24 03:15:05 f1ec2cf6256a7c8543586065a07da47a
w-9.exe 2023-06-05 07:27:02 2dbc44aae677e2661475da5b2a3aac2e
wr.exe 2024-05-22 12:53:02 e2a072228078e6f3cf5073f4af029913
fscan.exe 2024-05-29 14:55:03 cf903e4a1629aa0582fd0363b5786676
[win 2024-07-07 17:45:17 e42a8e96e08ce2e22fade2309798e4ad
sevchost.exe 2024-06-06 09:33:08 ce8a92812da2af7e020a136c9ffeb656
test.exe 2024-06-14 16:55:18 71687e0babe1e0575c7471b0e696e9d3
win.exe 2024-06-17 18:51:06 9b79217f96ca501755c420141029fb56
tool.exe 2024-07-07 15:24:22 34c704347497551c5593eeabebb7b6ce
1.exe 2024-07-07 15:26:04 ed44c98c40576ef50f6abcf6e40c71d7
win 2024-07-07 15:34:05 620f02a61ac141dd1cedb8750bb9d288
check.exe 2024-07-07 15:56:24 f5402c009b189b8558e0d8ca5542d5df
windows_update.exe 2024-07-07 16:01:04 14129aa32bbd6bf03d3cde8837119e2a
win.exe 2024-07-07 19:46:04 36dcf115331160b2f88e83e5b8d07036
regedit.exe 2024-07-07 17:04:09 35de9800099c79c9f3e197b01f3ce9ab
win.exe 2024-07-07 19:43:27 351c0fca05d6d3808ff61b30ace8680a
win 2024-07-07 19:49:25 8077ae512e46e4b90cce77649b4a0329
shell 2024-07-07 19:50:13 7f4c6117939347448b3312f326f1c26b
shell 2024-07-07 20:07:00 4a4821089d05159eb3bb0b99f3a6992e
win 2024-07-07 20:07:24 8caac258a7b7088223c93cdf8433a815
shell 2024-07-07 20:09:21 d95db9b54b09b369477a463e8318a84b
sync.exe 2024-07-09 00:02:09 69bf43760932bcccc3f1d58edc80bef9
cab.exe 2024-07-09 00:04:13 5aefab6d98b943df267e28b42b5871e0
svhost.exe 2024-07-09 00:09:18 745fb7d63f32eb616ec46b61792f39b0
test.exe 2024-07-09 00:10:10 d19291fc64d40d67755f8a66e43200a3
sss.exe 2024-07-09 00:28:33 132311fd6b3d449f231b680640544b1b
cc 2024-07-09 00:30:13 f84d08aa136cff60ce8e8c45202190af