Summary | ZeroBOX

vbc.exe

Generic Malware Malicious Library UPX Malicious Packer PE File OS Processor Check PE32
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 12, 2021, 10:56 a.m. Nov. 12, 2021, 10:58 a.m.
Size 473.9KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 cab077fad804e27baf9256754bd848b3
SHA256 074135bb9026efbce79d86f3cf9f6eeb7304905cad07d594e3453eeed6f187de
CRC32 767E8CD8
ssdeep 6144:vBMYXoufOfAZ/8tbayAZIxS6YnJRrQTaeQLWphDDuLxqLNweKRvj2W8TCy8bB:vBMYGfAy/YnJgZ0QLNw7Rr1c52
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

stacktrace:
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x766fb727
registers.esp: 1635880
registers.edi: 5994128
registers.eax: 1635880
registers.ebp: 1635960
registers.edx: 0
registers.ebx: 5994128
registers.esi: 5994128
registers.ecx: 2
1 0 0

__exception__

stacktrace:
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x766fb727
registers.esp: 1635880
registers.edi: 5994128
registers.eax: 1635880
registers.ebp: 1635960
registers.edx: 0
registers.ebx: 5994128
registers.esi: 5994128
registers.ecx: 2
1 0 0

__exception__

stacktrace:
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x766fb727
registers.esp: 1635880
registers.edi: 5994128
registers.eax: 1635880
registers.ebp: 1635960
registers.edx: 0
registers.ebx: 5994128
registers.esi: 5994128
registers.ecx: 2
1 0 0

__exception__

stacktrace:
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x766fb727
registers.esp: 1635880
registers.edi: 5994128
registers.eax: 1635880
registers.ebp: 1635960
registers.edx: 0
registers.ebx: 5994128
registers.esi: 5994128
registers.ecx: 2
1 0 0

__exception__

stacktrace:
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x766fb727
registers.esp: 1636424
registers.edi: 5994128
registers.eax: 1636424
registers.ebp: 1636504
registers.edx: 0
registers.ebx: 5994128
registers.esi: 5994128
registers.ecx: 2
1 0 0

__exception__

stacktrace:
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x766fb727
registers.esp: 1636568
registers.edi: 1636756
registers.eax: 1636568
registers.ebp: 1636648
registers.edx: 0
registers.ebx: 5994128
registers.esi: 1636756
registers.ecx: 2
1 0 0

__exception__

stacktrace:
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x766fb727
registers.esp: 1636624
registers.edi: 1636812
registers.eax: 1636624
registers.ebp: 1636704
registers.edx: 0
registers.ebx: 5994128
registers.esi: 1636812
registers.ecx: 2
1 0 0

__exception__

stacktrace:
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x766fb727
registers.esp: 1636680
registers.edi: 1636868
registers.eax: 1636680
registers.ebp: 1636760
registers.edx: 0
registers.ebx: 5994128
registers.esi: 1636868
registers.ecx: 2
1 0 0

__exception__

stacktrace:
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x766fb727
registers.esp: 1636736
registers.edi: 1636924
registers.eax: 1636736
registers.ebp: 1636816
registers.edx: 0
registers.ebx: 5994128
registers.esi: 1636924
registers.ecx: 2
1 0 0

__exception__

stacktrace:
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x766fb727
registers.esp: 1636792
registers.edi: 1636980
registers.eax: 1636792
registers.ebp: 1636872
registers.edx: 0
registers.ebx: 5994128
registers.esi: 1636980
registers.ecx: 2
1 0 0

__exception__

stacktrace:
EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf
rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc000008f
exception.offset: 46887
exception.address: 0x766fb727
registers.esp: 1634840
registers.edi: 5994128
registers.eax: 1634840
registers.ebp: 1634920
registers.edx: 0
registers.ebx: 5994128
registers.esi: 5994128
registers.ecx: 2
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2348
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x00450000
process_handle: 0xffffffff
1 0 0
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37993076
FireEye Generic.mg.cab077fad804e27b
ALYac Trojan.GenericKD.37993076
Cylance Unsafe
Cybereason malicious.c1f0ad
Arcabit Trojan.Generic.D243BA74
Cyren W32/VBCrypt.A!Generic
Symantec ML.Attribute.HighConfidence
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Trojan.GenericKD.37993076
Ad-Aware Trojan.GenericKD.37993076
Sophos Mal/Generic-R
VIPRE VirTool.Win32.Vbinder.gen.g (v)
McAfee-GW-Edition BehavesLike.Win32.Generic.gc
Emsisoft Trojan.GenericKD.37993076 (B)
SentinelOne Static AI - Malicious PE
Microsoft Trojan:Win32/Sabsik.FL.B!ml
GData Trojan.GenericKD.37993076
McAfee Artemis!CAB077FAD804
MAX malware (ai score=88)
VBA32 Malware-Cryptor.VB.gen.2
Malwarebytes Malware.AI.2820529486
Ikarus Trojan.VB.Crypt
eGambit Unsafe.AI_Score_95%
BitDefenderTheta Gen:NN.ZevbaF.34266.Dm3@aGxFFHli
CrowdStrike win/malicious_confidence_100% (D)
MaxSecure Trojan.Malware.300983.susgen