popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Aug. 17, 2021, 5:31 p.m. Aug. 17, 2021, 5:34 p.m.
Size 447.6KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 ed42831e07a3c0a9f2240b6475f4ba3c
SHA256 c56bc83a9e77b9ee422f659aaebab96027d0e5c57dce023a0f5939a96964d620
CRC32 EBE3E17F
ssdeep 6144:tdzkwTaTa6aOwZpJl3e5I7wjmzCcOeHPGOOwm1WhRpuexi6rqi7BCU2T05bXU/2C:TzT6Cpe5I7wjmxGKr/puGjhXwIGB9J
PDB Path C:\vuifo\awizea\yzll\1a02308607f745cca928b8b0a7f6e630\jfbkdg\ofchdhlo\Release\ofchdhlo.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\vuifo\awizea\yzll\1a02308607f745cca928b8b0a7f6e630\jfbkdg\ofchdhlo\Release\ofchdhlo.pdb
section .00cfg
section .voltbl
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 560
stack_dep_bypass: 1
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0041f000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 560
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x002a0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 560
region_size: 217088
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00490000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtTerminateProcess

 status_code: 0x00000000
process_identifier: 1960
process_handle: 0x0000008c
0 0

NtTerminateProcess

 status_code: 0x00000000
process_identifier: 1960
process_handle: 0x0000008c
1 0 0
Elastic malicious (high confidence)
FireEye Generic.mg.ed42831e07a3c0a9
McAfee Artemis!ED42831E07A3
Cylance Unsafe
BitDefenderTheta Gen:NN.ZexaF.34088.BCZ@aWPZNCmi
ESET-NOD32 a variant of Win32/GenKryptik.FJCG
Paloalto generic.ml
Kaspersky UDS:Backdoor.Win32.Androm.gen
McAfee-GW-Edition BehavesLike.Win32.Dropper.gc
Microsoft Trojan:Win32/Sabsik.FL.B!ml
VBA32 BScope.Trojan-Dropper.Injector
Avast FileRepMalware
Rising Trojan.Kryptik!1.D84E (CLASSIC)
AVG FileRepMalware
Qihoo-360 HEUR/QVM20.1.5257.Malware.Gen