popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

Admin Tool (Sysinternals etc ...) UPX PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 4, 2021, 10:57 a.m. Aug. 4, 2021, 10:57 a.m.
Size 177.3KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ecc19a6e75196aba87b243737d5fd361
SHA256 13fdc7878c5cdbdb1853fbfd15558014a9c64d7d45fde52088e61c6b8c0beae7
CRC32 0A5204CF
ssdeep 3072:eZIIeZuHs6psb4gdiJ0h5mnmwDCjpsZIDyIP:aia5pCqC5mnmwvMyIP
Yara
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • IsPE32 - (no description)
  • Admin_Tool_IN_Zero - Admin Tool Sysinternals

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
CtfImeIsIME+0x36fd DllUnregisterServer-0xf9d9 msctf+0x2d08c @ 0x766fd08c
TF_GetGlobalCompartment+0x3dfd CtfImeIsIME-0x344 msctf+0x2964b @ 0x766f964b
TF_GetInputScope+0xf65 CtfImeDestroyThreadMgr-0x25ae msctf+0x14d6b @ 0x766e4d6b
TF_GetInputScope+0x3176 CtfImeDestroyThreadMgr-0x39d msctf+0x16f7c @ 0x766e6f7c
CtfImeDestroyInputContext+0x280 TF_CanUninitialize-0x1c msctf+0x1e825 @ 0x766ee825
TF_GetInputScope+0x21fc CtfImeDestroyThreadMgr-0x1317 msctf+0x16002 @ 0x766e6002
TF_GetInputScope+0x21e2 CtfImeDestroyThreadMgr-0x1331 msctf+0x15fe8 @ 0x766e5fe8
TF_GetInputScope+0xbdd CtfImeDestroyThreadMgr-0x2936 msctf+0x149e3 @ 0x766e49e3
TF_GetInputScope+0x1c1a CtfImeDestroyThreadMgr-0x18f9 msctf+0x15a20 @ 0x766e5a20
RtlIsCurrentThreadAttachExempt+0x5f TpCheckTerminateWorker-0x37 ntdll+0x39a91 @ 0x773d9a91
LdrShutdownProcess+0x97 RtlDetectHeapLeaks-0x1bb ntdll+0x58f10 @ 0x773f8f10
RtlExitUserProcess+0x74 LdrShutdownProcess-0x1d ntdll+0x58e5c @ 0x773f8e5c
ExitProcess+0x15 TerminateThread-0xa kernel32+0x17a25 @ 0x75737a25
ThunRTMain+0xb3 EbCreateContext-0x3160 msvbvm60+0x3657 @ 0x72943657
vbc+0x114e @ 0x40114e
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5

exception.instruction_r: ff 51 0c 8b 45 fc 89 be 8c 04 00 00 3b c7 74 25
exception.symbol: TF_GetCompatibleKeyboardLayout+0x5885 TF_IsCtfmonRunning-0xfd3 msctf+0x43ef4
exception.instruction: call dword ptr [ecx + 0xc]
exception.module: MSCTF.dll
exception.exception_code: 0xc0000005
exception.offset: 278260
exception.address: 0x76713ef4
registers.esp: 1637516
registers.edi: 0
registers.eax: 53709200
registers.ebp: 1637544
registers.edx: 1
registers.ebx: 0
registers.esi: 8911256
registers.ecx: 50935260
1 0 0
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_TRADITIONAL offset 0x00025270 size 0x000001e8
section {u'size_of_data': u'0x00022000', u'virtual_address': u'0x00001000', u'entropy': 7.008381545069816, u'name': u'.text', u'virtual_size': u'0x0002144c'} entropy 7.00838154507 description A section with a high entropy has been found
entropy 0.809523809524 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
FireEye Generic.mg.ecc19a6e75196aba
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Cybereason malicious.23c100
BitDefenderTheta Gen:NN.ZevbaF.34058.lm1@aiKRcqkb
Symantec Packed.Generic.575
APEX Malicious
Kaspersky UDS:Trojan.Win32.Mucc
Microsoft Trojan:Win32/Tnega!ml
Yandex Trojan.GenAsa!6IHGaceYThA
Ikarus Trojan.Inject
eGambit Unsafe.AI_Score_89%
MaxSecure Trojan.Malware.300983.susgen