popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

Generic Malware UPX Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Oct. 19, 2021, 10:09 a.m. Oct. 19, 2021, 10:09 a.m.
Size 124.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 70e9b753cb1f4f173c75c0d85f5e5a48
SHA256 ed77b015d1ca486b1820727ec913ee0c42b3f622dae4ab25c9605f34ea13ba47
CRC32 B5F7693B
ssdeep 1536:kSXSFqLB1inqw8lIFhQZjPNTGYLEiNFVZ1Kefrg6roVU2hmhLB:VXSCOnEIF+PNCYwAbKejrF2E
Yara
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
resource name DATA
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2080
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73f92000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2080
region_size: 69632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02570000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2080
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x02430000
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00018000', u'virtual_address': u'0x00001000', u'entropy': 6.969465859944907, u'name': u'.text', u'virtual_size': u'0x000176a4'} entropy 6.96946585994 description A section with a high entropy has been found
entropy 0.8 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Injector.EQII
APEX Malicious
Paloalto generic.ml
Kaspersky UDS:DangerousObject.Multi.Generic
Avast FileRepMalware
McAfee-GW-Edition BehavesLike.Win32.Fareit.ch
FireEye Generic.mg.70e9b753cb1f4f17
Ikarus Win32.Outbreak
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft Trojan:Win32/Sabsik.FL.B!ml
McAfee Artemis!70E9B753CB1F
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_99%
Fortinet W32/Kryptik.EPAP!tr
BitDefenderTheta Gen:NN.ZevbaF.34218.hm0@a04uTLhi
AVG FileRepMalware
Panda Trj/GdSda.A