popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 May 21, 2021, 10:35 a.m. May 21, 2021, 10:37 a.m.
Size 148.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 102d327574963061daf3b844bfbd9dd0
SHA256 70fd2a8e29c613aaf186c7df7ec3d03e64a137f9b3d4ca8e1ea0c5bf567eac04
CRC32 F4D6DCB5
ssdeep 1536:cTEvVbJks3aJnAypYQv8h7PvD4iPWrBG+8+oSCooQSbUhC30JkXeTEv:p+I27REh7PzPsV8+aooQSbUhGNX
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73772000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2952
region_size: 86016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03b90000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 876544
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x773b0000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x00430000
process_handle: 0xffffffff
1 0 0
host 172.217.25.14
MicroWorld-eScan Gen:Variant.Graftor.952873
FireEye Generic.mg.102d327574963061
ALYac Gen:Variant.Graftor.952873
K7AntiVirus Trojan ( 005690671 )
K7GW Trojan ( 005690671 )
BitDefenderTheta Gen:NN.ZevbaF.34690.jm0@aG6ICsdi
Cyren W32/Trojan.GFV.gen!Eldorado
ESET-NOD32 a variant of Win32/Kryptik.HKXN
APEX Malicious
Avast Win32:Malware-gen
Kaspersky Trojan.Win32.Mucc.obp
BitDefender Gen:Variant.Graftor.952873
Paloalto generic.ml
Ad-Aware Gen:Variant.Graftor.952873
Emsisoft Gen:Variant.Graftor.952873 (B)
VIPRE Trojan.Win32.Generic!BT
McAfee-GW-Edition BehavesLike.Win32.Vilsel.ct
Ikarus Trojan.VB.Crypt
MAX malware (ai score=82)
Microsoft Trojan:Win32/VBInject.VAM!MTB
Arcabit Trojan.Graftor.DE8A29
ZoneAlarm Trojan.Win32.Mucc.obp
GData Gen:Variant.Graftor.952873
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win.AGEN.R421604
McAfee Artemis!102D32757496
VBA32 BScope.Trojan.Mucc
Malwarebytes Trojan.GuLoader
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgWMqkXoUiysUg)
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_99%
Fortinet W32/Mucc.OAH!tr
AVG Win32:Malware-gen
Panda Trj/GdSda.A