popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 4, 2021, 9:31 a.m. Aug. 4, 2021, 9:33 a.m.
Size 177.3KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 26f17ecd8ee2fc34a1c0b3b850d9d0fc
SHA256 3201b9c69541d467058a40e6b6c1feeeb60bf572db419bd5f78c85a59ca77e44
CRC32 9329A7DE
ssdeep 3072:MZIIeAypf4ITFdmr10h5mnmwDoIpsZIdNUy:guVp8ZC5mnmwk6ay
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.67.188.154 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x75f5d08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x75f5964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x75f44d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x75f46f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x75f4e825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x75f46002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x75f45fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x75f449e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x75f45a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x77199a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x771b8f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x771b8e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x75077a25
ThunRTMain+0xb3 EbCreateContext-0x3160 msvbvm60+0x3657 @ 0x72943657
vbc+0x114e @ 0x40114e
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5

exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
exception.instruction: call dword ptr [ecx + 0xc]
exception.module: MSCTF.dll
exception.exception_code: 0xc0000005
exception.offset: 278260
exception.address: 0x75f73ef4
registers.esp: 1637516
registers.edi: 0
registers.eax: 51769952
registers.ebp: 1637544
registers.edx: 1
registers.ebx: 0
registers.esi: 3295368
registers.ecx: 1943090900
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1944
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x740b3000
process_handle: 0xffffffff
1 0 0
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL offset 0x00025270 size 0x000001d8
section {u'size_of_data': u'0x00022000', u'virtual_address': u'0x00001000', u'entropy': 7.035431822280597, u'name': u'.text', u'virtual_size': u'0x0002144c'} entropy 7.03543182228 description A section with a high entropy has been found
entropy 0.809523809524 description Overall entropy of this PE file is high
host 172.67.188.154
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
FireEye Generic.mg.26f17ecd8ee2fc34
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_80% (W)
BitDefenderTheta Gen:NN.ZevbaF.34058.lm1@aShh1Sbb
Symantec Packed.Generic.575
APEX Malicious
Kaspersky UDS:Trojan.Win32.Mucc
Avast FileRepMalware
McAfee-GW-Edition Artemis!Trojan
eGambit Unsafe.AI_Score_99%
Microsoft Trojan:Win32/Wacatac.B!ml
McAfee Artemis!26F17ECD8EE2
Ikarus Trojan.Inject
MaxSecure Trojan.Malware.300983.susgen
AVG FileRepMalware
Cybereason malicious.af9a84
Qihoo-360 Win32/Heur.Generic.HwMAueAA