DigitalSide Threat Intel

svhosts.exe

First submission 2024-07-26 00:38:04 Last sumbission 2024-09-02 06:29:02

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 690.5 KB (707072 bytes)
Compile time: 2024-07-25 15:35:14
MD5: fcd623c9b95c16f581efb05c9a87affb
SHA1: 17d1c2bede0885186b64cc615d61693eb90332de
SHA256: 3eb7b830379458b4788162b6444f8b8c5b37a3190d86d8e00a6e762093e1f2b9
Import Hash : 6addd02d82538c2ca23958c8c292883b
Sections 5 .text .zzZ .rdata .data .reloc
Directories 5 import export debug tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 39/79 VT report date: 2024-07-25 23:32:13
Malware Type 1 trojan
Threat Type 3 midie stelpak filerepmalware

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXps://www.mavidjipro.com/inc/svhosts.exe VirusTotal Report www.mavidjipro.com VirusTotal Report 2024-09-02 06:29:04
hXXps://detailed-finance.top/inc/svhosts.exe VirusTotal Report detailed-finance.top VirusTotal Report 2024-09-01 22:22:04

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x23147 143872 48477aabc9efa0b31e00c4121f443db2f5b63fe5 0d69d4ce93e92ca4292df7524d9d3352
.zzZ 0x25000 0x720 2048 26b7bee1465b035d0da16996addfeaaf27175960 96daccf90af134874d5c244de26d1c6b
.rdata 0x26000 0xb2f2 46080 ecb37b7ec1758393519dba9ee89cce6de58c5e6c f2b46c3d33aa2067dd691bddad97ea2f
.data 0x32000 0x7c47c 505344 6fbeb28894489967e12e88817cc1a6deee467719 bc6e7e243007d7d54dc2bde3f5510118
.reloc 0xaf000 0x2064 8704 7b4b842e6ff509e6ba9d240d72f66c82a27a4d82 b90350ce88f6835dbf0e4837c41b607c

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll

Import functions

Function Address Souspicious Anti Debug
WaitForSingleObject 0x426000
CreateThread 0x426004
VirtualAllocEx 0x426008
FreeConsole 0x42600c
RaiseException 0x426010
InitOnceBeginInitialize 0x426014
InitOnceComplete 0x426018
CloseHandle 0x42601c
GetCurrentThreadId 0x426020
ReleaseSRWLockExclusive 0x426024
AcquireSRWLockExclusive 0x426028
TryAcquireSRWLockExclusive 0x42602c
WakeAllConditionVariable 0x426030
SleepConditionVariableSRW 0x426034
GetLastError 0x426038
FreeLibraryWhenCallbackReturns 0x42603c
CreateThreadpoolWork 0x426040
SubmitThreadpoolWork 0x426044
CloseThreadpoolWork 0x426048
GetModuleHandleExW 0x42604c
IsProcessorFeaturePresent 0x426050
EnterCriticalSection 0x426054
LeaveCriticalSection 0x426058
InitializeCriticalSectionEx 0x42605c
DeleteCriticalSection 0x426060
QueryPerformanceCounter 0x426064
EncodePointer 0x426068
DecodePointer 0x42606c
MultiByteToWideChar 0x426070
WideCharToMultiByte 0x426074
LCMapStringEx 0x426078
GetSystemTimeAsFileTime 0x42607c
GetModuleHandleW 0x426080
GetProcAddress 0x426084
GetStringTypeW 0x426088
GetCPInfo 0x42608c
IsDebuggerPresent 0x426090
UnhandledExceptionFilter 0x426094
SetUnhandledExceptionFilter 0x426098
GetStartupInfoW 0x42609c
GetCurrentProcess 0x4260a0
TerminateProcess 0x4260a4
GetCurrentProcessId 0x4260a8
InitializeSListHead 0x4260ac
CreateFileW 0x4260b0
RtlUnwind 0x4260b4
SetLastError 0x4260b8
InitializeCriticalSectionAndSpinCount 0x4260bc
TlsAlloc 0x4260c0
TlsGetValue 0x4260c4
TlsSetValue 0x4260c8
TlsFree 0x4260cc
FreeLibrary 0x4260d0
LoadLibraryExW 0x4260d4
ExitProcess 0x4260d8
GetModuleFileNameW 0x4260dc
GetStdHandle 0x4260e0
WriteFile 0x4260e4
GetCommandLineA 0x4260e8
GetCommandLineW 0x4260ec
HeapFree 0x4260f0
HeapAlloc 0x4260f4
CompareStringW 0x4260f8
LCMapStringW 0x4260fc
GetLocaleInfoW 0x426100
IsValidLocale 0x426104
GetUserDefaultLCID 0x426108
EnumSystemLocalesW 0x42610c
GetFileType 0x426110
GetFileSizeEx 0x426114
SetFilePointerEx 0x426118
FlushFileBuffers 0x42611c
GetConsoleOutputCP 0x426120
GetConsoleMode 0x426124
ReadFile 0x426128
ReadConsoleW 0x42612c
HeapReAlloc 0x426130
FindClose 0x426134
FindFirstFileExW 0x426138
FindNextFileW 0x42613c
IsValidCodePage 0x426140
GetACP 0x426144
GetOEMCP 0x426148
GetEnvironmentStringsW 0x42614c
FreeEnvironmentStringsW 0x426150
SetEnvironmentVariableW 0x426154
GetProcessHeap 0x426158
SetStdHandle 0x42615c
HeapSize 0x426160
WriteConsoleW 0x426164

PE Exports 5 suspicious

Function Address
QuitMessageStr 0x42570f
_QuitMessageStr 0x42570f
_QuitMessageStr2 0x42570f
_QuitMessageStr3 0x42570f
_QuitMessageStr4 0x42570f

Related files by ImpHash 2 6addd02d82538c2ca23958c8c292883b

Name Latest seen MD5
crypteda.exe 2024-07-26 01:51:02 04e90b2cf273efb3f6895cfcef1e59ba
5447jsX.exe 2024-08-26 14:41:02 5dd9c1ffc4a95d8f1636ce53a5d99997