Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 28, 2022, 9:18 a.m.	June 28, 2022, 9:28 a.m.

Size	376.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e67bc6fca32bd5f5e0fa6bb98df682b3`
SHA256	`f8f459b89f367222f10938629a6c5fae6a8066b00de9f123ce53fa586314a0e8`
CRC32	`79C3F981`
ssdeep	`6144:pKqFOjcyQxYkv4fVWWw54mY4z0I/t0QcLEY30y42ihqdy:kqFUlQxYkYPwzY43/DYhiha`
PDB Path	ZXBCHJJS.pdb
Yara	IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Is_DotNET_EXE - (no description) UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature

vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
2336

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA June 28, 2022, 9:18 a.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW June 28, 2022, 9:18 a.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 28, 2022, 9:18 a.m.			0	0
IsDebuggerPresent June 28, 2022, 9:18 a.m.			0	0
IsDebuggerPresent June 28, 2022, 9:18 a.m.			0	0
IsDebuggerPresent June 28, 2022, 9:18 a.m.			0	0

This executable has a PDB path (1 event)

pdb_path

ZXBCHJJS.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 28, 2022, 9:18 a.m.		1	1	0

One or more processes crashed (2 events)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 28, 2022, 9:18 a.m.	stacktrace: 0x720fbd 0x720f3e 0x720e98 0x7207e0 mscorlib+0x2d5861 @ 0x722a5861 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73942652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7395264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73952e95 DllGetClassObjectInternal+0x357ee CorDllMainForThunk-0x56d0d clr+0xfa867 @ 0x73a3a867 DllGetClassObjectInternal+0x358c6 CorDllMainForThunk-0x56c35 clr+0xfa93f @ 0x73a3a93f PreBindAssemblyEx+0x107ff StrongNameSignatureVerification-0x174c clr+0x18836a @ 0x73ac836a CreateHistoryReader+0x48031 PostErrorVA-0x120f2e clr+0x257876 @ 0x73b97876 CreateAssemblyNameObject+0x28676 GetMetaDataInternalInterface-0xfdf9 clr+0x55b0f @ 0x73995b0f GetPrivateContextsPerfCounters+0x13ac DllGetActivationFactoryImpl-0x134b9 clr+0x8932e @ 0x739c932e mscorlib+0x2d40b3 @ 0x722a40b3 mscorlib+0x2d3909 @ 0x722a3909 mscorlib+0x2e6d02 @ 0x722b6d02 mscorlib+0x2e6ca9 @ 0x722b6ca9 0x72023e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73942652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7395264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73969df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73969e2f CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x73969efd CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x73969fa2 DllGetClassObjectInternal+0x8bed4 CorDllMainForThunk-0x627 clr+0x150f4d @ 0x73a90f4d DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x7395bcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x73942ae9 0x720178 0x72009a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73942652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7395264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73969df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73969e2f CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x73969efd CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x73969fa2 LogHelp_TerminateOnAssert+0x16b0b GetPrivateContextsPerfCounters-0x2937 clr+0x8564b @ 0x739c564b CreateAssemblyNameObject+0x2e9ca GetMetaDataInternalInterface-0x9aa5 clr+0x5be63 @ 0x7399be63 CreateAssemblyNameObject+0x2e4ff GetMetaDataInternalInterface-0x9f70 clr+0x5b998 @ 0x7399b998 CreateAssemblyNameObject+0x2e28d GetMetaDataInternalInterface-0xa1e2 clr+0x5b726 @ 0x7399b726 CreateAssemblyNameObject+0x2f451 GetMetaDataInternalInterface-0x901e clr+0x5c8ea @ 0x7399c8ea DllGetClassObjectInternal+0x526a2 CorDllMainForThunk-0x39e59 clr+0x11771b @ 0x73a5771b CorDllMainForThunk+0x593 _CorExeMain-0x2647 clr+0x151b07 @ 0x73a91b07 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a91e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a91f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a9416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73fef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74277f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74274de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 01 8b 40 38 ff 50 08 89 45 8c 90 90 e9 82 08 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7213cc registers.esp: 3911896 registers.edi: 3912352 registers.eax: 49 registers.ebp: 3912364 registers.edx: 0 registers.ebx: 36969980 registers.esi: 0 registers.ecx: 0	1	0	0
__exception__ June 28, 2022, 9:18 a.m.	stacktrace: 0x722013 0x720ec9 0x7207e0 mscorlib+0x2d5861 @ 0x722a5861 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73942652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7395264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73952e95 DllGetClassObjectInternal+0x357ee CorDllMainForThunk-0x56d0d clr+0xfa867 @ 0x73a3a867 DllGetClassObjectInternal+0x358c6 CorDllMainForThunk-0x56c35 clr+0xfa93f @ 0x73a3a93f PreBindAssemblyEx+0x107ff StrongNameSignatureVerification-0x174c clr+0x18836a @ 0x73ac836a CreateHistoryReader+0x48031 PostErrorVA-0x120f2e clr+0x257876 @ 0x73b97876 CreateAssemblyNameObject+0x28676 GetMetaDataInternalInterface-0xfdf9 clr+0x55b0f @ 0x73995b0f GetPrivateContextsPerfCounters+0x13ac DllGetActivationFactoryImpl-0x134b9 clr+0x8932e @ 0x739c932e mscorlib+0x2d40b3 @ 0x722a40b3 mscorlib+0x2d3909 @ 0x722a3909 mscorlib+0x2e6d02 @ 0x722b6d02 mscorlib+0x2e6ca9 @ 0x722b6ca9 0x72023e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73942652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7395264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73969df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73969e2f CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x73969efd CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x73969fa2 DllGetClassObjectInternal+0x8bed4 CorDllMainForThunk-0x627 clr+0x150f4d @ 0x73a90f4d DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x7395bcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x73942ae9 0x720178 0x72009a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73942652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7395264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73969df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73969e2f CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x73969efd CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x73969fa2 LogHelp_TerminateOnAssert+0x16b0b GetPrivateContextsPerfCounters-0x2937 clr+0x8564b @ 0x739c564b CreateAssemblyNameObject+0x2e9ca GetMetaDataInternalInterface-0x9aa5 clr+0x5be63 @ 0x7399be63 CreateAssemblyNameObject+0x2e4ff GetMetaDataInternalInterface-0x9f70 clr+0x5b998 @ 0x7399b998 CreateAssemblyNameObject+0x2e28d GetMetaDataInternalInterface-0xa1e2 clr+0x5b726 @ 0x7399b726 CreateAssemblyNameObject+0x2f451 GetMetaDataInternalInterface-0x901e clr+0x5c8ea @ 0x7399c8ea DllGetClassObjectInternal+0x526a2 CorDllMainForThunk-0x39e59 clr+0x11771b @ 0x73a5771b CorDllMainForThunk+0x593 _CorExeMain-0x2647 clr+0x151b07 @ 0x73a91b07 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a91e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a91f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a9416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73fef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74277f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74274de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 01 8b 40 38 ff 50 08 89 45 8c 90 90 e9 82 08 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7213cc registers.esp: 3906992 registers.edi: 3907448 registers.eax: 49 registers.ebp: 3907460 registers.edx: 0 registers.ebx: 36969980 registers.esi: 0 registers.ecx: 0	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

June 28, 2022, 9:18 a.m.

stacktrace:

0x720fbd
0x720f3e
0x720e98
0x7207e0
mscorlib+0x2d5861 @ 0x722a5861
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73942652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7395264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73952e95
DllGetClassObjectInternal+0x357ee CorDllMainForThunk-0x56d0d clr+0xfa867 @ 0x73a3a867
DllGetClassObjectInternal+0x358c6 CorDllMainForThunk-0x56c35 clr+0xfa93f @ 0x73a3a93f
PreBindAssemblyEx+0x107ff StrongNameSignatureVerification-0x174c clr+0x18836a @ 0x73ac836a
CreateHistoryReader+0x48031 PostErrorVA-0x120f2e clr+0x257876 @ 0x73b97876
CreateAssemblyNameObject+0x28676 GetMetaDataInternalInterface-0xfdf9 clr+0x55b0f @ 0x73995b0f
GetPrivateContextsPerfCounters+0x13ac DllGetActivationFactoryImpl-0x134b9 clr+0x8932e @ 0x739c932e
mscorlib+0x2d40b3 @ 0x722a40b3
mscorlib+0x2d3909 @ 0x722a3909
mscorlib+0x2e6d02 @ 0x722b6d02
mscorlib+0x2e6ca9 @ 0x722b6ca9
0x72023e
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73942652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7395264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73969df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73969e2f
CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x73969efd
CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x73969fa2
DllGetClassObjectInternal+0x8bed4 CorDllMainForThunk-0x627 clr+0x150f4d @ 0x73a90f4d
DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x7395bcd5
DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x73942ae9
0x720178
0x72009a
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73942652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7395264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73969df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73969e2f
CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x73969efd
CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x73969fa2
LogHelp_TerminateOnAssert+0x16b0b GetPrivateContextsPerfCounters-0x2937 clr+0x8564b @ 0x739c564b
CreateAssemblyNameObject+0x2e9ca GetMetaDataInternalInterface-0x9aa5 clr+0x5be63 @ 0x7399be63
CreateAssemblyNameObject+0x2e4ff GetMetaDataInternalInterface-0x9f70 clr+0x5b998 @ 0x7399b998
CreateAssemblyNameObject+0x2e28d GetMetaDataInternalInterface-0xa1e2 clr+0x5b726 @ 0x7399b726
CreateAssemblyNameObject+0x2f451 GetMetaDataInternalInterface-0x901e clr+0x5c8ea @ 0x7399c8ea
DllGetClassObjectInternal+0x526a2 CorDllMainForThunk-0x39e59 clr+0x11771b @ 0x73a5771b
CorDllMainForThunk+0x593 _CorExeMain-0x2647 clr+0x151b07 @ 0x73a91b07
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a91e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a91f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a9416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73fef5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74277f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74274de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 8b 01 8b 40 38 ff 50 08 89 45 8c 90 90 e9 82 08
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7213cc
registers.esp: 3911896
registers.edi: 3912352
registers.eax: 49
registers.ebp: 3912364
registers.edx: 0
registers.ebx: 36969980
registers.esi: 0
registers.ecx: 0

__exception__

June 28, 2022, 9:18 a.m.

stacktrace:

0x722013
0x720ec9
0x7207e0
mscorlib+0x2d5861 @ 0x722a5861
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73942652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7395264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73952e95
DllGetClassObjectInternal+0x357ee CorDllMainForThunk-0x56d0d clr+0xfa867 @ 0x73a3a867
DllGetClassObjectInternal+0x358c6 CorDllMainForThunk-0x56c35 clr+0xfa93f @ 0x73a3a93f
PreBindAssemblyEx+0x107ff StrongNameSignatureVerification-0x174c clr+0x18836a @ 0x73ac836a
CreateHistoryReader+0x48031 PostErrorVA-0x120f2e clr+0x257876 @ 0x73b97876
CreateAssemblyNameObject+0x28676 GetMetaDataInternalInterface-0xfdf9 clr+0x55b0f @ 0x73995b0f
GetPrivateContextsPerfCounters+0x13ac DllGetActivationFactoryImpl-0x134b9 clr+0x8932e @ 0x739c932e
mscorlib+0x2d40b3 @ 0x722a40b3
mscorlib+0x2d3909 @ 0x722a3909
mscorlib+0x2e6d02 @ 0x722b6d02
mscorlib+0x2e6ca9 @ 0x722b6ca9
0x72023e
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73942652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7395264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73969df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73969e2f
CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x73969efd
CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x73969fa2
DllGetClassObjectInternal+0x8bed4 CorDllMainForThunk-0x627 clr+0x150f4d @ 0x73a90f4d
DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x7395bcd5
DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x73942ae9
0x720178
0x72009a
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73942652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7395264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x73969df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x73969e2f
CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x73969efd
CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x73969fa2
LogHelp_TerminateOnAssert+0x16b0b GetPrivateContextsPerfCounters-0x2937 clr+0x8564b @ 0x739c564b
CreateAssemblyNameObject+0x2e9ca GetMetaDataInternalInterface-0x9aa5 clr+0x5be63 @ 0x7399be63
CreateAssemblyNameObject+0x2e4ff GetMetaDataInternalInterface-0x9f70 clr+0x5b998 @ 0x7399b998
CreateAssemblyNameObject+0x2e28d GetMetaDataInternalInterface-0xa1e2 clr+0x5b726 @ 0x7399b726
CreateAssemblyNameObject+0x2f451 GetMetaDataInternalInterface-0x901e clr+0x5c8ea @ 0x7399c8ea
DllGetClassObjectInternal+0x526a2 CorDllMainForThunk-0x39e59 clr+0x11771b @ 0x73a5771b
CorDllMainForThunk+0x593 _CorExeMain-0x2647 clr+0x151b07 @ 0x73a91b07
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a91e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a91f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a9416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73fef5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74277f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74274de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5

exception.instruction_r: 8b 01 8b 40 38 ff 50 08 89 45 8c 90 90 e9 82 08
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7213cc
registers.esp: 3906992
registers.edi: 3907448
registers.eax: 49
registers.ebp: 3907460
registers.edx: 0
registers.ebx: 36969980
registers.esi: 0
registers.ecx: 0

Allocates read-write-execute memory (usually to unpack itself) (16 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 1048576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00450000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00510000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73941000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73942000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 1048576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01ed0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00482000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0049c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00720000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004bb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004a6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00721000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 28, 2022, 9:18 a.m.	process_identifier: 2336 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00722000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00041600', u'virtual_address': u'0x00002000', u'entropy': 7.651538694877042, u'name': u'.text', u'virtual_size': u'0x00041534'}

entropy

7.65153869488

description

A section with a high entropy has been found

entropy

0.714480874317

description

Overall entropy of this PE file is high

File has been identified by 18 AntiVirus engines on VirusTotal as malicious (18 events)

Bkav	W32.AIDetectNet.01
Elastic	malicious (high confidence)
FireEye	Generic.mg.e67bc6fca32bd5f5
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZemsilF.34742.xmY@a0TwCxe
Cyren	W32/MSIL_Kryptik.HJO.gen!Eldorado
ESET-NOD32	a variant of MSIL/Kryptik.ADNS
Sophos	ML/PE-A
Avira	HEUR/AGEN.1203918
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 99)
Malwarebytes	Malware.AI.1117462035
Ikarus	Trojan.MSIL.Inject
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Cybereason	malicious.9d4840

vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All