popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

UPX Malicious Library PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Jan. 13, 2022, 9:40 a.m. Jan. 13, 2022, 9:44 a.m.
Size 701.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 38f1007dda4df73d9274b8dfa1683d93
SHA256 e98006424a36e34271488f8a584b535b0bdf1650d2da228ec4c2a94e24ca20bb
CRC32 A4E9A272
ssdeep 12288:HB+Wk51M2qz6umSUAXwF1Oh99ojWa713rCOKGbrq9JTu7dK+/3yjc4uBd8QWOl:hnK66umSUAXweh99oj3713rRS9JJ+fyu
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .itext
packer BobSoft Mini Delphi -> BoB / BobSoft
request GET https://onedrive.live.com/download?cid=C3C0A692803ED1E8&resid=C3C0A692803ED1E8%21112&authkey=ANjDOz6phEbw5-8
request GET https://lqxlpq.db.files.1drv.com/y4mlk7dFP-M0RnPYff1C3nkvINRW1bOZ9qHUq4MqIwe_I02IOVUwP9Z2VubMPC2YmRJW5w1UIVGClOrxxU2sgznVi1hUc4yd0vRe0pRKzkqXcQ4jeLxs-9z0Z5WTFUBG84Qly2oIS3WnAM4xkfaFMeu9zY0VD_O9JvfxfX4Uy1WB-0B6-62MPHKhIMjMs2DsGQ-43zoF5iMjVWq-mT4Q5dp6w/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
request GET https://lqxlpq.db.files.1drv.com/y4mSvcyy0IAHKrLkg3SjRZ4sSJf9w7rI-i3hpeiwSdZtPCKNyEk7AhccnqCGbt9_gizydGiHdj9uTqI965hvAGGnUAwJvW4P-oxn-TkhZRXehFvt57LMIdTUfXhtFy2hkJoOEIpC21B8LutJuAOLpLXymcC2POc-22UizC-eHX2wLDYR0lSQ4hwMYZje2tmvZ69wZKqzdyv527HwHoQdv9EMg/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
request GET https://lqxlpq.db.files.1drv.com/y4mXUEPM0n6sItbcbnjxoeVnPuQJavKC4NNFBXsvnAdWeoB_Ki3abADB2xScqFVwTo_NtEq9uj_2-Sg12JrsxjG5JnN8kxMeLy1J1C4x6d0jTvnLbffLqR1WsncX0Cf0EyzSI7ul8IfpwgF66--9pUPYJm3095BCmI17aIYo55jJjTvKZxH3_VhE_sOMUrcENnnJ3rIwVORawfK2Al1TzWMew/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
request GET https://lqxlpq.db.files.1drv.com/y4mFT8aPU00JDlQJJt4iDFlSELVjJklfB8osvD9ChHozVxqpSJhN9KnccxoJ5_qSikXyJLL09rNKnTIP7lbr5_as_VY5Jeqnjxq_tsvMMgsZx4AM1szRrsgFMdtqe6Rq0xxEAWGJC_Y2MfchwauZ3MEu_zMJ_q08U8JHUVR8LJa9VVr0RJKFOyWMFaYpW-1n4UxvWY7LKEspbqRPw7XcwuN7A/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
request GET https://lqxlpq.db.files.1drv.com/y4myEkjFT7XqiIGaMVTyZi9STNz9-W9cJZs7XmfaVEVUHO6DyckBbZmvQGu1bc3djb4wiNGLceiuyK4QKuuPsHJe2qZj3aVQKy59WDQb9Q5PyUfmOvBq18Ipe0EiLO3ypmU2zGJF6yaRHpdotiExFb07k2tongT8J4Jb--Ltt7PqyTVawH5lSXsActolwQYRprJtgDZFvHkPm9w8mD7oXligA/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
request GET https://lqxlpq.db.files.1drv.com/y4m4oG_AQ5gWHg4mu0IPxG8HvUuhKqLzGk89FqJfZJE-HwO5fsZjAfCm1O7bed7LpS_Yvb3NW53yKXg9JYqhHUriilfHUbQcs5ph-08FCsQ7cJzEpKj64GclLke1i4-oPJ9fQWwu-_30oeXsdjhnnjcuhInubQx8H-8nsqS_xKBk4vjEhSH3vAZ96ZaKM90Bw2T005otXg9i9BYuftiALJKpg/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
request GET https://lqxlpq.db.files.1drv.com/y4mbCeSRE0rG7ziEp3ozPFebwlTjmNQ2GGlVznH174M4PNpvkRh0xz_fXvwSfxXvFHYueW8QvmNIjErg_1lTkuGYykO9i4B5ngD6CK4wLxFmyLJ-RQtD24OI8OA7DxQxGzyUzE50NlPCS59K9SDQnXv1tZNKKjbd_xbxBECtwKvEGgppHSoEKtPzOpaIYJElqH44iSu_icoueOXfBDtIgi9NA/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
request GET https://lqxlpq.db.files.1drv.com/y4m4QFHB58xOaRhE-Myq1XS4-F16QdkLadH1DQYRCjA1v4EzRspS-jS6Qa0LbYVTvWKMqASSwnj7J0S8CT8342BrVz8naC1XhyQwsZDxYHiDsKWqfgRzhlWCatbX-KiEq26isN_r8BaycTBtSxLXssp8SnYHxIoWN4orB2Y1nzDz87xYXtoMizyAfamf3_g1UBoFTXpduDbO-eo97yi3NYTyA/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
request GET https://lqxlpq.db.files.1drv.com/y4m9I-WXb_FACwf0q97jJsCvJOP70BT5w2WjysHvxQG_FmvQuXEwiaQRmToJZ5dR1snRULgd86WEaNJ4itHICK6CFu49tvL_z0ITeKH7WTTBgP5V24JNpZTO0peBToBXREjp-eD2f-ziNYuDl1USBat8ltotajQQa7ogs_DdwbVtzzyCAb9cb6PgkwXplv_b1TtEYH-4NKrE0ckL1fmnN1l3Q/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
request GET https://lqxlpq.db.files.1drv.com/y4mOM1rxJgJ-8chInwBzNO5-eMhuvn8mE9o4i_sZdp9oQUDLEOdnWMqkuI0dtX8m6x7-2rG6leW9MYSJj9CAbray9DVrn5OSnG6o7uUcJDyLGlnX50Caq4M0YEoL4-C35SYipjYxFbI2zDCvxZvTrpq-t5eFgt6mf21ETbPS_XERJ4Z_mdVrF4WJDSH00b6CYg0BDN5uhQ-XrIGYlCZrQnuTQ/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
request GET https://lqxlpq.db.files.1drv.com/y4mhOYPZU47GNoGYQPhMcB9-cmuRofa9atgV20wglwgRqXE2F_vAMGtbNOw6N67uiB_rq4bYv8kjmHyi1IFXkFlSlA8tYGn_Rjypd5-sw44Va3PxMFYJoGLgeX_cP9JTVOmkeaL3CqquMmlo2KABT61MxNqN5cML2fprdmNu_z3R4ZH9TYjlEmrYXho53OFT4PxJ2zozdzb1Svl67RFiiC-nA/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
request GET https://lqxlpq.db.files.1drv.com/y4meXszciy-_ipQdPKkDPt8ivd5YyEMjKYMeJy9AYEBBCIBWAG4IzdaIb6RKfae_sVjz6Tf33eaKQZRL0hC-u1YkPpJXV3WDp0Om8Tttsplx61Zgvd25BkUcYpVt5gNRmu4Co1Le_7LNbivMl3dNECZZX3r71Z7_qLX-mrmZTJpXNVivxHRlVoWqbM9VDRh9UUnYrt0B7-mstPdzd3M3NdPxQ/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
request GET https://lqxlpq.db.files.1drv.com/y4m0BlEv1YX95PV2PjGCqtA-YtVjNQ401tOEtAHUdFW7GtfRqGMBS5SzzbgPYlM9aRS6-Excq4Z6qxyC-GuKOzcdYwl5rKzG4D0U3ieyAcOXY0W7pxZID4iCpOnm6xET-ZXDyQfeW9GwZJgi06x4qQzukauTyYkg6iggBhD2a07At6AHBmrNiuF5Pra1MA5ODhxL7eA3tZ8UkTJJaFVurMtog/Vnscjnsahrzwgwkfalpfrrteqjetuny?download&psid=1
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2340
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00600000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0045f000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0045f000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00468000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2340
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 81920
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x02f11000
process_handle: 0xffffffff
1 0 0
Lionic Trojan.Win32.Noon.l!c
DrWeb Trojan.DownLoader44.32108
MicroWorld-eScan Gen:Variant.Strictor.267532
FireEye Gen:Variant.Zusy.411877
McAfee Artemis!38F1007DDA4D
Cylance Unsafe
Sangfor Spyware.Win32.Noon.gen
BitDefenderTheta Gen:NN.ZelphiCO.34114.RK0@aiUZPDek
VirIT Trojan.Win32.PSWStealer.IB
Cyren W32/Delf.QT.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Injector.EQXB
TrendMicro-HouseCall TROJ_GEN.R002C0WAC22
Avast Win32:InjectorX-gen [Trj]
Kaspersky HEUR:Trojan-Spy.Win32.Noon.gen
BitDefender Gen:Variant.Strictor.267532
Rising Trojan.GenKryptik!8.AA55 (CLOUD)
Ad-Aware Gen:Variant.Strictor.267532
Emsisoft Gen:Variant.Fragtor.52438 (B)
TrendMicro TROJ_GEN.R002C0WAC22
McAfee-GW-Edition BehavesLike.Win32.Infected.bh
Sophos Mal/Generic-S
Paloalto generic.ml
Webroot W32.Trojan.Dropper
MAX malware (ai score=86)
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Microsoft Trojan:Win32/Sabsik.FL.B!ml
GData Gen:Variant.Zusy.411877
ALYac Gen:Variant.Fragtor.52438
VBA32 Malware-Cryptor.Limpopo
Malwarebytes Malware.AI.2933089245
APEX Malicious
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Injector.EQPQ!tr
AVG Win32:InjectorX-gen [Trj]
Panda Trj/RnkBend.A