popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 1, 2021, 9:24 a.m. Oct. 1, 2021, 9:32 a.m.
Size 248.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a0251851e3f228572dd892e7005d5126
SHA256 2b0adb1ba45e7ea11b27618151f3a185ce653c81235ab523dce4292403f99ac0
CRC32 7A9165EF
ssdeep 3072:ySwNkENqCtq7vgNw+N3MGTE715yyrcPI1ZewDVoe5RHZFS4sz:ySJENqCt0vgNtyFqccPI1noe5R+
PDB Path C:\leyuzipozaw sejugobefo\nohobewolebo.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\leyuzipozaw sejugobefo\nohobewolebo.pdb
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 61440
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0064c000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2460
region_size: 110592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00320000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0001e600', u'virtual_address': u'0x00001000', u'entropy': 7.544871761301663, u'name': u'.text', u'virtual_size': u'0x0001e590'} entropy 7.5448717613 description A section with a high entropy has been found
entropy 0.491902834008 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
FireEye Generic.mg.a0251851e3f22857
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Cybereason malicious.a664d2
BitDefenderTheta Gen:NN.ZexaF.34170.pq0@aeKvtalO
Cyren W32/Kryptik.EWJ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
Rising Trojan.Generic@ML.89 (RDML:MhTLCn4kNzPIYAQx0f8JnA)
McAfee-GW-Edition BehavesLike.Win32.Emotet.dh
Emsisoft Trojan.Crypt (A)
Ikarus Trojan-Banker.UrSnif
Microsoft Ransom:Win32/StopCrypt.MJK!MTB
Cynet Malicious (score: 100)
Acronis suspicious
VBA32 Malware-Cryptor.2LA.gen
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_98%
CrowdStrike win/malicious_confidence_100% (W)