vbc.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6402 | Sept. 3, 2021, 9:11 a.m. | Sept. 3, 2021, 9:21 a.m. |
-
vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
564
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| img.neko.airforce | 167.172.239.151 |
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 192.168.56.102:49163 -> 167.172.239.151:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 192.168.56.102:49164 -> 167.172.239.151:443 | 906200056 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
| TCP 167.172.239.151:443 -> 192.168.56.102:49166 | 2029340 | ET INFO TLS Handshake Failure | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
| section | .gfids |
| section | {u'size_of_data': u'0x00001c00', u'virtual_address': u'0x00036000', u'entropy': 7.479997875798977, u'name': u'.rsrc', u'virtual_size': u'0x00001a88'} | entropy | 7.4799978758 | description | A section with a high entropy has been found | |||||||||
| Lionic | Trojan.Multi.Generic.4!c |
| FireEye | Generic.mg.2f66472775a1d52a |
| Cylance | Unsafe |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | Win32/TrojanDownloader.Agent.FVK |
| APEX | Malicious |
| Paloalto | generic.ml |
| Kaspersky | UDS:DangerousObject.Multi.Generic |
| Sophos | Mal/Generic-R |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.dm |
| Jiangmin | AdWare.Generic.tpvr |
| Kingsoft | Win32.Troj.Generic_a.a.(kcloud) |
| Microsoft | Trojan:Win32/Formbook!ml |
| Cynet | Malicious (score: 100) |
| McAfee | RDN/Generic.dx |
| VBA32 | suspected of Trojan.Downloader.gen |
| Malwarebytes | Malware.AI.1615674986 |
| SentinelOne | Static AI - Suspicious PE |
| eGambit | Unsafe.AI_Score_99% |
| BitDefenderTheta | Gen:NN.ZexaF.34126.nuW@aixJHJli |
| MaxSecure | Trojan.Malware.300983.susgen |