popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 March 30, 2023, 4:27 p.m. March 30, 2023, 4:39 p.m.
Size 222.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a3b0daf59ad3e6d2e465ea72ea83c4e0
SHA256 fa1276a654a6f969dbe586b09ca9d1a460158de4519eed4698a7feb1f42c16d9
CRC32 C35F147B
ssdeep 3072:30j9EObKm9RB+6wxbLtyzeaL0ws69i1pnqfCHTaWdcRI9pyOeY:EevK+1dcs69i5zaD+9n
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
31.186.11.254 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

resource name TOXUWUMOFIBABAHAD
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 73728
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02c2c000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2564
region_size: 110592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x003a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00012a00', u'virtual_address': u'0x00017000', u'entropy': 7.899987183291149, u'name': u'.data', u'virtual_size': u'0x0273e30c'} entropy 7.89998718329 description A section with a high entropy has been found
entropy 0.336343115124 description Overall entropy of this PE file is high
host 31.186.11.254
Bkav W32.AIDetectNet.01
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Ser.Zusy.4106
FireEye Generic.mg.a3b0daf59ad3e6d2
Malwarebytes Trojan.MalPack.GS
Sangfor Trojan.Win32.Save.a
Cyren W32/Convagent.BZ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of Win32/Kryptik.HTER
Cynet Malicious (score: 100)
APEX Malicious
Paloalto generic.ml
ClamAV Win.Packed.Dropperx-9994664-0
Kaspersky HEUR:Backdoor.Win32.Androm.gen
BitDefender Gen:Variant.Ser.Zusy.4106
Avast Win32:RansomX-gen [Ransom]
Emsisoft Gen:Variant.Ser.Zusy.4106 (B)
McAfee-GW-Edition BehavesLike.Win32.Lockbit.dh
Trapmine malicious.high.ml.score
Sophos Troj/Krypt-WE
Ikarus Trojan.Kryptik
Antiy-AVL Trojan[PSW]/Win32.Convagent
Arcabit Trojan.Ser.Zusy.D100A
ZoneAlarm HEUR:Backdoor.Win32.Androm.gen
GData Win32.Trojan.PSE.10H93EF
Google Detected
AhnLab-V3 Trojan/Win.Generic.R566684
VBA32 Malware-Cryptor.Azorult.gen
MAX malware (ai score=84)
Cylance unsafe
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.HKJI!tr
AVG Win32:RansomX-gen [Ransom]
Panda Trj/Genetic.gen