Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Summary | ZeroBOX

vbc.exe

Admin Tool (Sysinternals etc ...) Malicious Library UPX PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 14, 2021, 3:17 p.m.	Oct. 14, 2021, 3:19 p.m.

Size	991.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2292debf2685fda1410be586bd7d25b1`
SHA256	`90e1eac40edda005fffadbb1d16c652d16e685f8f4cf7375eb6ac928222c3a1c`
CRC32	`51AC6A90`
ssdeep	`12288:GrHeuodar6Dd3m4aS9FCZXhGiX1d0uVrLGaDOdJ4NUTI94rv4lprmi:GDe0W1m4aVNTc9jOiI2rqpm`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

File has been identified by 16 AntiVirus engines on VirusTotal as malicious (16 events)

Elastic	malicious (high confidence)
McAfee	Artemis!2292DEBF2685
Cylance	Unsafe
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
McAfee-GW-Edition	BehavesLike.Win32.Worm.dh
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
BitDefenderTheta	Gen:NN.ZelphiCO.34214.9GW@aGR2mjei
VBA32	BScope.TrojanSpy.Noon
Malwarebytes	Trojan.MalPack.SMY.Generic
Rising	Trojan.Generic@ML.100 (RDML:/qRZtUoiYH58wFqRX2Kpiw)
Ikarus	Trojan.Win32.Spy
Fortinet	W32/Injector.EQAC!tr