svchost.exe

First submission 2024-02-04 18:35:32

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 2366.57 KB (2423366 bytes)
Compile time: 2022-06-10 13:05:14
MD5: f6f6c5d03d05d532af3a72b0fc0ffcfa
SHA1: b9cf2cad0e0170ccdbd76cdb9bdf0c19f6ca40c7
SHA256: fd1aceb058c052df23d78cd58de5f216c30cd83ce343f02dfe9ba96ee8512bb3
Import Hash : ede51167c96e01cacc457ccaedb80ab8
Sections 8 .rsrc
Directories 2 import resource
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://103.45.104.76:81/svchost.exe VirusTotal Report 103.45.104.76 VirusTotal Report 2024-02-04 18:35:32

PE Sections 7 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x45000 122368 a57ab9a3013bfa602ef8550f949602f360822c2c 7d89cfeded83b56bc741d938372f76ac
0x46000 0x172000 1210880 9a1983d1148f1ec0dcd2b3abfea3a85feed1dc6a ceb6f576fc7978a44e2a63d9bdc4aa40
0x1b8000 0x1000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
0x1b9000 0x1000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
0x1ba000 0x1000 3072 a3a863e9467a858f4d2c46caeb3ce351be94f8c6 6699d287b98424da79c72b5210d87416
.rsrc 0x1bb000 0x1000 512 e162ebf9cc1319366a077d86259da1883f27400a bd7f74dcc1297087d77eb6f81b669b3e
0x1bc000 0x4ba000 245248 9fb579260e57fb66d2e5b8461a13ef6161a04291 d35b843a2e1635bb8752a6848a49092d
0x676000 0x12c000 1225728 327991d1623fa0403ec9c5cafa1564fb84be1d8b d303c241d7cc7329524185f75139cd74

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x1bb058 346

Strings analysis - File found

Library
SHLWAPI.dll
OLEAUT32.dll
MSVCRT.dll
IPHLPAPI.DLL
WINMM.dll
WS2_32.dll
NETAPI32.dll
USER32.dll
PSAPI.DLL
ADVAPI32.dll
GDI32.dll
KERNEL32.dll
VERSION.dll
DINPUT8.dll
ole32.dll
SHELL32.dll

Import functions