Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Summary | ZeroBOX

vbc.exe

Malicious Library UPX PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 15, 2021, 9:37 a.m.	Oct. 15, 2021, 9:46 a.m.

Size	794.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`09a2d9ea4a18f01aff698b8cfc98a87e`
SHA256	`99cdf3421923232c160c5075af3bf8620df65bd59cf99cc341f17a58e1eeb4f2`
CRC32	`5E329C8B`
ssdeep	`12288:ZV17shYPLAsHSU8Qrn47tremr8bP/xz4Hrh+MBtI+BfZ8fQO:ZfwYxHSyMreg0P94HdtBZ8I`
Yara	PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.67.188.154	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

Communicates with host for which no DNS query was performed (1 event)

host

172.67.188.154

File has been identified by 14 AntiVirus engines on VirusTotal as malicious (14 events)

Elastic	malicious (high confidence)
Sangfor	Trojan.Win32.Save.a
BitDefenderTheta	Gen:NN.ZelphiCO.34214.XGW@aGcUbUpi
Cyren	W32/Injector.AMR.gen!Eldorado
ESET-NOD32	a variant of Win32/Injector.EQAC
APEX	Malicious
Ikarus	Trojan.Win32.Injector
eGambit	Unsafe.AI_Score_84%
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
VBA32	BScope.TrojanSpy.Noon
Malwarebytes	Malware.AI.573117890
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/Injector.EQAC!tr