Summary | ZeroBOX

vbc.exe

Gen1 Malicious Library OS Processor Check PE32 PE File
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 1, 2021, 6:11 p.m. Oct. 1, 2021, 6:22 p.m.
Size 419.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e679e225d76dff7f96af4a858a89d492
SHA256 5cc657ed35428b9d26ddfb7c9097039971d263ce605cf712b0179c73fc802ec4
CRC32 00220438
ssdeep 6144:/Nmvwy0zRUgE/hwXwzF+EKaEUmdWOcp6dIuFPObzc9VNL:/woXzRUzwXwzF+haEh0gIuxObzc9VZ
PDB Path C:\hup\fecuduwa_gag\82_yonab1\x.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\hup\fecuduwa_gag\82_yonab1\x.pdb
resource name AFX_DIALOG_LAYOUT
resource name MUPOXAKOZEZUMEXUGOWERABUZALEZ
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 1092
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 69632
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00283000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 1092
region_size: 110592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00920000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
name AFX_DIALOG_LAYOUT language LANG_MONGOLIAN filetype data sublanguage SUBLANG_DEFAULT offset 0x00461418 size 0x00000002
name MUPOXAKOZEZUMEXUGOWERABUZALEZ language LANG_MONGOLIAN filetype ASCII text, with very long lines, with no line terminators sublanguage SUBLANG_DEFAULT offset 0x0046141c size 0x000002fa
name RT_ACCELERATOR language LANG_MONGOLIAN filetype data sublanguage SUBLANG_DEFAULT offset 0x00491e58 size 0x00000060
name None language LANG_MONGOLIAN filetype data sublanguage SUBLANG_DEFAULT offset 0x004921bc size 0x0000000a
name None language LANG_MONGOLIAN filetype data sublanguage SUBLANG_DEFAULT offset 0x004921bc size 0x0000000a
section {u'size_of_data': u'0x00010a00', u'virtual_address': u'0x00023000', u'entropy': 7.7806716571252315, u'name': u'.data', u'virtual_size': u'0x0043d6e0'} entropy 7.78067165713 description A section with a high entropy has been found
Lionic Trojan.Win32.Androm.m!c
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader42.62977
MicroWorld-eScan Gen:Variant.Ulise.306827
FireEye Generic.mg.e679e225d76dff7f
CAT-QuickHeal Ransom.Stop.Z5
McAfee Packed-GDT!E679E225D76D
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
Cybereason malicious.69c59e
BitDefenderTheta Gen:NN.ZexaF.34170.Au0@aOI3L0oO
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HMRV
APEX Malicious
Kaspersky UDS:Backdoor.Win32.Androm.gen
BitDefender Gen:Variant.Ulise.306827
Avast FileRepMalware
McAfee-GW-Edition BehavesLike.Win32.Generic.gh
Sophos ML/PE-A
MAX malware (ai score=89)
Microsoft Trojan:Win32/Tnega.PAF!MTB
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Gen:Variant.Ulise.306827
Cynet Malicious (score: 100)
AhnLab-V3 Downloader/Win.BeamWinHTTP.R443544
Acronis suspicious
Malwarebytes Trojan.MalPack.GS
Rising Trojan.Kryptik!1.D9CF (CLASSIC)
SentinelOne Static AI - Malicious PE
Fortinet W32/Agent.DLJ!tr
AVG FileRepMalware
CrowdStrike win/malicious_confidence_90% (W)