popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 19, 2022, 9:07 a.m. May 19, 2022, 9:12 a.m.
Size 539.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 bf3dcbe1e67a122f82c0d0adb6ab2c3e
SHA256 96b2da5b493ac29bb08e8045157cd8b2643dcfa4a937f7eced5a276b8f8a6b67
CRC32 1994EC21
ssdeep 12288:ceAllyB6NFuJ+yu/GfPYnuuA1uTHHnz5N9:ceAQOuwlOPYXD9
PDB Path C:\gijeyuvoforomu\hozonahigigi.pdb
Yara
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\gijeyuvoforomu\hozonahigigi.pdb
section .hoz
section .pepe
section .foperuh
section .cuy
resource name AFX_DIALOG_LAYOUT
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2776
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 282624
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02cae000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2776
region_size: 479232
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02c10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00056000', u'virtual_address': u'0x00001000', u'entropy': 7.874405896098802, u'name': u'.text', u'virtual_size': u'0x00055ea8'} entropy 7.8744058961 description A section with a high entropy has been found
entropy 0.639405204461 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Agent.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.87771
FireEye Generic.mg.bf3dcbe1e67a122f
ALYac Trojan.GenericKDZ.87771
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00564bda1 )
BitDefender Trojan.GenericKDZ.87771
K7GW Trojan ( 00564bda1 )
Cybereason malicious.c6321b
Arcabit Trojan.Generic.D156DB
Cyren W32/Kryptik.GOQ.gen!Eldorado
Symantec Packed.Generic.525
tehtris Generic.Malware
ESET-NOD32 a variant of Win32/Kryptik.HPPV
TrendMicro-HouseCall TROJ_FRS.0NA103EH22
Paloalto generic.ml
ClamAV Win.Dropper.Tofsee-9950166-0
Kaspersky HEUR:Exploit.Win32.Shellcode.gen
Alibaba Trojan:Win32/Starter.ali2000005
Rising Trojan.Kryptik!8.8 (CLOUD)
Ad-Aware Trojan.GenericKDZ.87771
Emsisoft Trojan.GenericKDZ.87771 (B)
TrendMicro TROJ_FRS.0NA103EH22
McAfee-GW-Edition BehavesLike.Win32.Flyagent.hh
SentinelOne Static AI - Malicious PE
Sophos ML/PE-A + Troj/Krypt-IR
APEX Malicious
Avira TR/Crypt.Agent.gdhav
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Microsoft Trojan:Win32/Raccrypt.GL!MTB
GData Trojan.GenericKDZ.87771
Cynet Malicious (score: 100)
AhnLab-V3 Ransomware/Win.Stop.R492806
Acronis suspicious
McAfee RDN/Remcos
MAX malware (ai score=89)
VBA32 Malware-Cryptor.InstallCore.6
Malwarebytes Trojan.MalPack.GS
Panda Trj/GdSda.A
Tencent Win32.Exploit.Shellcode.Phgn
Ikarus Trojan.Win32.Ranumbot
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/GenKryptik.ERHN!tr
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)