popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

vbc.exe

Generic Malware UPX Malicious Library PE File OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 May 10, 2023, 5:58 p.m. May 10, 2023, 6:02 p.m.
Size 320.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 906095752970580abc9cabb800275187
SHA256 21e0ec96d06a0b1e71712fd34ce50e1e4c5a937e8fe8c21f89c5eade948affd5
CRC32 32100D83
ssdeep 6144:75eMULO4RRcb7XHmmGnFdvDUQGkNIsPUNvGG4:7DUq4RRC7XGmudvDiuIjvG
PDB Path C:\desukehehum35\witolacopowur\muvom.pdb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
117.18.232.200 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\desukehehum35\witolacopowur\muvom.pdb
resource name AFX_DIALOG_LAYOUT
resource name FOLOYEZIMAWOKI
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2572
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 86016
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00b4e000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2572
region_size: 110592
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00320000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x0002a200', u'virtual_address': u'0x00001000', u'entropy': 7.522952826431127, u'name': u'.text', u'virtual_size': u'0x0002a1b6'} entropy 7.52295282643 description A section with a high entropy has been found
entropy 0.527386541471 description Overall entropy of this PE file is high
host 117.18.232.200
dead_host 192.168.56.101:49176
Bkav W32.AIDetectMalware
Elastic malicious (high confidence)
FireEye Generic.mg.906095752970580a
CAT-QuickHeal Ransom.Stop.P5
Cylance unsafe
Sangfor Trojan.Win32.Save.a
Cybereason malicious.88cc20
Cyren W32/Kryptik.JTD.gen!Eldorado
ESET-NOD32 a variant of Win32/GenKryptik.GJRD
Cynet Malicious (score: 100)
APEX Malicious
ClamAV Win.Packer.pkr_ce1a-9980177-0
Kaspersky UDS:Backdoor.Win32.Androm.gen
Avast Win32:PWSX-gen [Trj]
Rising Trojan.Generic@AI.100 (RDML:CJzKdr5QCPruKi/K0ypeAQ)
Sophos Troj/Krypt-VZ
McAfee-GW-Edition BehavesLike.Win32.Generic.fh
Trapmine malicious.moderate.ml.score
SentinelOne Static AI - Suspicious PE
Gridinsoft Trojan.Win32.Sabsik.dd!n
Microsoft Trojan:Win32/Amadey.GIG!MTB
ZoneAlarm UDS:Backdoor.Win32.Androm.gen
Google Detected
Acronis suspicious
Panda Trj/Genetic.gen
Ikarus Trojan.Win32.SmokeLoader
Fortinet W32/GenKryptik.GJQU!tr
AVG Win32:PWSX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (D)