popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 23, 2021, 7:11 p.m. Aug. 23, 2021, 7:18 p.m.
Size 515.9KB
Type PE32 executable (console) Intel 80386, for MS Windows
MD5 162c0de193b3ba1d3f873bb06a8bdd60
SHA256 672bfd2ee1ff418a1d0a969c4a8e548a359a389f31c12a720feb7b821975f8a5
CRC32 4B55071A
ssdeep 12288:3g8tD+p1h79i/DdVedE5fJD7uwkWPs6BJirF2kMsBtJ:3gwVDdcE5fJ02mAsBv
PDB Path C:\rdfqx\dpijpz\brud\3a29f776a6834468a9ba48ef1d9fd3a7\bfixbx\bpgxeczg\Release\bpgxeczg.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\rdfqx\dpijpz\brud\3a29f776a6834468a9ba48ef1d9fd3a7\bfixbx\bpgxeczg\Release\bpgxeczg.pdb
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2088
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00aa9000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2088
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004e0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2088
region_size: 217088
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x008c0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtTerminateProcess

 status_code: 0x00000000
process_identifier: 1224
process_handle: 0x00000098
0 0

NtTerminateProcess

 status_code: 0x00000000
process_identifier: 1224
process_handle: 0x00000098
1 0 0
Lionic Trojan.Win32.Androm.m!c
Cynet Malicious (score: 100)
FireEye Generic.mg.162c0de193b3ba1d
McAfee Artemis!162C0DE193B3
Sangfor Trojan.Win32.Save.a
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.FJKE
APEX Malicious
Paloalto generic.ml
Kaspersky UDS:DangerousObject.Multi.Generic
Avast Win32:PWSX-gen [Trj]
McAfee-GW-Edition BehavesLike.Win32.Generic.hc
Sophos Mal/Generic-R
Avira TR/Crypt.ZPACK.Gen2
Microsoft Trojan:Script/Phonzy.B!ml
ZoneAlarm UDS:DangerousObject.Multi.Generic
Malwarebytes Spyware.AgentTesla
TrendMicro-HouseCall TROJ_GEN.R002H07HN21
Rising Trojan.Kryptik!1.D84E (CLASSIC)
SentinelOne Static AI - Suspicious PE
AVG Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)