popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

UPX Malicious Library OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 22, 2021, 5:16 p.m. Oct. 22, 2021, 5:19 p.m.
Size 283.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c8448f9cc3379dcbc504469d36446ed5
SHA256 973cf901e982219a28db36b7120f924ad2c5d79f4561eb43c7274f91f8edd454
CRC32 9BA48829
ssdeep 6144:AnuM3W+L7UwfX01ylUgHvGYbGpzvFranoGKDke0wekM/gd4:guMvHxfEbshStvN9DXDekM/
PDB Path C:\jiwisopicay werovupohecato\23\zahab_riviluyesuxoc46.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\jiwisopicay werovupohecato\23\zahab_riviluyesuxoc46.pdb
resource name XASOBEZEHAMUHEYENEXUT
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1336
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 69632
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00949000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1336
region_size: 110592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00380000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0003b200', u'virtual_address': u'0x00001000', u'entropy': 6.951129851531131, u'name': u'.text', u'virtual_size': u'0x0003b0e8'} entropy 6.95112985153 description A section with a high entropy has been found
entropy 0.837168141593 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware1
Elastic malicious (high confidence)
FireEye Generic.mg.c8448f9cc3379dcb
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
Cybereason malicious.df2871
Cyren W32/Kryptik.FOO.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Kaspersky VHO:Trojan.Win32.Chapak.gen
Baidu Win32.Trojan.Kryptik.jm
McAfee-GW-Edition Packed-GDT!C8448F9CC337
Sophos ML/PE-A
SentinelOne Static AI - Malicious PE
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Cynet Malicious (score: 100)
Acronis suspicious
McAfee Packed-GDT!C8448F9CC337
Malwarebytes Trojan.MalPack.GS
Rising Trojan.Kryptik!1.D9FE (CLASSIC)
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Trojan.Malware.300983.susgen