popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

UPX Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 19, 2021, 9:18 a.m. Oct. 19, 2021, 9:22 a.m.
Size 201.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d5221f463d6fe2799e405236513610cb
SHA256 fbf8573e839732a10b86926f7431ec61f95b328db6bb074dd0f8173cbea75f2e
CRC32 792AB2C4
ssdeep 3072:M0QP6wY8eSlG+huEfjkYyzy/4eAU7cG0jcPtr7+4oS9D98aShyuyo0+53E:bw6RmG+hu2kB2QHEclcFW4Vx98aCNXE
PDB Path C:\wanok\vehudezepedu-jutiyotaru\pod_lihusit.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\wanok\vehudezepedu-jutiyotaru\pod_lihusit.pdb
section .nocemi
section .dofu
resource name BOSECOGUDIVOROZEGAM
resource name MAVOLEZUZA
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 61440
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00544000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2648
region_size: 110592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00390000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0001b600', u'virtual_address': u'0x00001000', u'entropy': 7.633973630571782, u'name': u'.text', u'virtual_size': u'0x0001b5ac'} entropy 7.63397363057 description A section with a high entropy has been found
entropy 0.5475 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Androm.m!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Fragtor.30708
FireEye Generic.mg.d5221f463d6fe279
McAfee GenericRXQJ-SI!D5221F463D6F
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
K7GW Trojan ( 00588dd21 )
BitDefenderTheta Gen:NN.ZexaF.34214.my0@aixlq7aO
Cyren W32/Agent.DMP.gen!Eldorado
ESET-NOD32 a variant of Win32/Kryptik.HMWQ
APEX Malicious
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Gen:Variant.Fragtor.30708
Avast Win32:RansomX-gen [Ransom]
Tencent Win32.Backdoor.Androm.Woza
Ad-Aware Gen:Variant.Fragtor.30708
Sophos Mal/Generic-R + Troj/Krypt-BO
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Emsisoft Trojan.Agent (A)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.Strab.am
eGambit Unsafe.AI_Score_99%
MAX malware (ai score=87)
Microsoft Trojan:Win32/Azorult.RT!MTB
GData Gen:Variant.Fragtor.30708
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win.RansomX-gen.R445206
Acronis suspicious
ALYac Gen:Variant.Fragtor.30708
Malwarebytes Trojan.MalPack.GS
Rising Trojan.Generic@ML.100 (RDML:aOv/bUj5l/0q09D2F6orkg)
Fortinet W32/Kryptik.HMWM!tr
AVG Win32:RansomX-gen [Ransom]
Panda Trj/Genetic.gen