popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

Generic Malware Admin Tool (Sysinternals etc ...) Malicious Library PWS PE File PE32 .NET EXE
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 6, 2021, 9:13 a.m. July 6, 2021, 9:27 a.m.
Size 643.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 7b2599a8cfa0f094012b546bdde76ee1
SHA256 acd1a87efc13e04a5426583b47ef2eede10ad0898280e38f098dd1884c22ca5a
CRC32 94D38F42
ssdeep 12288:0PhxWFHmsVdFny6AJF+ZEu4pXmIBv33Tp0wK3iE68ZSxsNNfKUj0WYTl:uhGHZF7G+ZEvmW/3Tp0wK336Bx0KWYT
Yara
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals
  • Malicious_Library_Zero - Malicious_Library

Name Response Post-Analysis Lookup
b2bnetlinkOne.kozow.com
A 79.134.225.70
79.134.225.70
IP Address Status Action
104.23.98.190 Active Moloch
164.124.101.2 Active Moloch
172.217.25.14 Active Moloch
79.134.225.70 Active Moloch
34.104.35.123 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: SUCCESS: The scheduled task "Updates\trhHkafhblv" has successfully been created.
console_handle: 0x00000007
1 1 0
section {u'size_of_data': u'0x000a0200', u'virtual_address': u'0x00002000', u'entropy': 7.419772864334729, u'name': u'.text', u'virtual_size': u'0x000a00c0'} entropy 7.41977286433 description A section with a high entropy has been found
entropy 0.996887159533 description Overall entropy of this PE file is high
host 104.23.98.190
host 172.217.25.14
host 34.104.35.123
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.46551051
McAfee RDN/Generic.rp
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0057e6201 )
Alibaba Trojan:Win32/starter.ali1000139
K7GW Trojan ( 0057e6201 )
Cybereason malicious.f2828f
Cyren W32/MSIL_Kryptik.DZG.gen!Eldorado
Symantec Trojan.Gen.2
ESET-NOD32 a variant of MSIL/Kryptik.ABPE
APEX Malicious
Paloalto generic.ml
Kaspersky HEUR:Backdoor.MSIL.Bladabindi.gen
BitDefender Trojan.GenericKD.46551051
Avast Win32:MalwareX-gen [Trj]
Tencent Msil.Backdoor.Bladabindi.Ahon
Ad-Aware Trojan.GenericKD.46551051
Emsisoft Trojan.Crypt (A)
Comodo Malware@#3du01y5a8a28c
DrWeb Trojan.PackedNET.862
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0WFL21
McAfee-GW-Edition BehavesLike.Win32.Fareit.jc
FireEye Generic.mg.7b2599a8cfa0f094
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
Jiangmin Backdoor.MSIL.escm
Webroot W32.Trojan.Gen
Avira TR/AD.Bladabindi.jwcsw
eGambit Unsafe.AI_Score_94%
MAX malware (ai score=87)
Antiy-AVL Trojan/Generic.ASMalwS.33A408A
Kingsoft Win32.Hack.Undef.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Microsoft Trojan:MSIL/AgentTesla.BNN!MTB
GData Trojan.GenericKD.46551051
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.AgentTesla.R426929
VBA32 TScope.Trojan.MSIL
ALYac Trojan.GenericKD.46551051
Malwarebytes Trojan.MalPack.PNG.Generic
TrendMicro-HouseCall TROJ_GEN.R002C0WFL21
Yandex Trojan.Kryptik!SV6C9g3Mi7M
Ikarus Trojan.MSIL.Inject
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Kryptik.ABOX!tr
BitDefenderTheta Gen:NN.ZemsilCO.34790.Om0@aeZZ4Qk
dead_host 192.168.56.102:49812
dead_host 192.168.56.102:49813
dead_host 79.134.225.70:4207
dead_host 192.168.56.102:49810
dead_host 192.168.56.102:49811
dead_host 192.168.56.102:49814