ScreenShot
Created | 2021.04.09 11:39 | Machine | s1_win7_x6402 |
Filename | vbc.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 36 detected (AIDetect, malware1, malicious, high confidence, Graftor, HwoCcnIA, Unsafe, Save, Kryptik, confidence, 100%, Eldorado, Attribute, HighConfidence, HKII, DropperX, Noon, Auto, Static AI, Malicious PE, kcloud, Glupteba, score, Artemis, BScope, Wacatac, CLOUD, Outbreak, HKID, ZexaF, xC1@aWfbpggG) | ||
md5 | 29e8627d7b80c21fc98c82314f3df5e2 | ||
sha256 | 98bf20a283219c4cc786234b7d389766fddbe3b095d13c9109f5406128e83103 | ||
ssdeep | 6144:1wpTcyLItYxn3QDQN/rismCZyxB7HZ7g+xsoyEnGYgGI:1wpTd063QDQNSCZQB757txnG5l | ||
imphash | 9c90aa63bb435d1aab6db36d5bf4ee01 | ||
impfuzzy | 48:qiFOLP8298TtWG6cjPMuD8cpNKd6ANZ7p61:qisL5ytWG6cjPF8cpNG64N0 |
Network IP location
Signature (18cnts)
Level | Description |
---|---|
danger | Executed a process and injected code into it |
danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
watch | Allocates execute permission to another process indicative of possible code injection |
watch | Communicates with host for which no DNS query was performed |
watch | Potential code injection by writing to the memory of another process |
watch | Resumed a suspended thread in a remote process potentially indicative of process injection |
watch | Used NtSetContextThread to modify a thread in a remote process indicative of process injection |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Checks for the Locally Unique Identifier on the system for a suspicious privilege |
notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
notice | One or more potentially interesting buffers were extracted |
notice | Performs some HTTP requests |
notice | Sends data using the HTTP POST Method |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
notice | Yara rule detected in process memory |
info | Checks if process is being debugged by a debugger |
info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
info | The file contains an unknown PE resource name possibly indicative of a packer |
Rules (13cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | DebuggerCheck__GlobalFlags | (no description) | memory |
info | DebuggerCheck__QueryInfo | (no description) | memory |
info | DebuggerHiding__Active | (no description) | memory |
info | DebuggerHiding__Thread | (no description) | memory |
info | disable_dep | Bypass DEP | memory |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
info | SEH__vectored | (no description) | memory |
info | ThreadControl__Context | (no description) | memory |
info | HasOverlay | Overlay Check | binaries (upload) |
info | IsWindowsGUI | (no description) | binaries (upload) |
info | win_files_operation | Affect private profile | binaries (upload) |
Network (53cnts) ?
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x3dad000 HeapReAlloc
0x3dad004 RemoveVectoredExceptionHandler
0x3dad008 EnumDateFormatsExW
0x3dad00c FindResourceExW
0x3dad010 WriteConsoleOutputCharacterA
0x3dad014 LoadResource
0x3dad018 SetWaitableTimer
0x3dad01c GetCurrentProcess
0x3dad020 HeapFree
0x3dad024 GetModuleHandleExW
0x3dad028 GlobalLock
0x3dad02c CancelWaitableTimer
0x3dad030 LockFile
0x3dad034 SetTapeParameters
0x3dad038 GetModuleHandleW
0x3dad03c EnumCalendarInfoExW
0x3dad040 TzSpecificLocalTimeToSystemTime
0x3dad044 GetLocaleInfoW
0x3dad048 GetSystemTimeAdjustment
0x3dad04c InterlockedPopEntrySList
0x3dad050 GetFileAttributesA
0x3dad054 GetCompressedFileSizeA
0x3dad058 GetTimeZoneInformation
0x3dad05c GetEnvironmentVariableA
0x3dad060 DisconnectNamedPipe
0x3dad064 VirtualUnlock
0x3dad068 GetConsoleAliasesW
0x3dad06c GetProcAddress
0x3dad070 GetAtomNameA
0x3dad074 LocalAlloc
0x3dad078 AddAtomA
0x3dad07c GlobalFindAtomW
0x3dad080 GlobalUnWire
0x3dad084 lstrcatW
0x3dad088 FatalExit
0x3dad08c GetFileTime
0x3dad090 GetConsoleCursorInfo
0x3dad094 LocalFree
0x3dad098 LCMapStringW
0x3dad09c SetEnvironmentVariableA
0x3dad0a0 CompareStringW
0x3dad0a4 TerminateProcess
0x3dad0a8 UnhandledExceptionFilter
0x3dad0ac SetUnhandledExceptionFilter
0x3dad0b0 IsDebuggerPresent
0x3dad0b4 GetStartupInfoW
0x3dad0b8 RaiseException
0x3dad0bc RtlUnwind
0x3dad0c0 HeapAlloc
0x3dad0c4 GetLastError
0x3dad0c8 EnterCriticalSection
0x3dad0cc LeaveCriticalSection
0x3dad0d0 TlsGetValue
0x3dad0d4 TlsAlloc
0x3dad0d8 TlsSetValue
0x3dad0dc TlsFree
0x3dad0e0 InterlockedIncrement
0x3dad0e4 SetLastError
0x3dad0e8 GetCurrentThreadId
0x3dad0ec InterlockedDecrement
0x3dad0f0 GetCurrentThread
0x3dad0f4 Sleep
0x3dad0f8 ExitProcess
0x3dad0fc WriteFile
0x3dad100 GetStdHandle
0x3dad104 GetModuleFileNameA
0x3dad108 GetModuleFileNameW
0x3dad10c FreeEnvironmentStringsW
0x3dad110 GetEnvironmentStringsW
0x3dad114 GetCommandLineW
0x3dad118 SetHandleCount
0x3dad11c GetFileType
0x3dad120 GetStartupInfoA
0x3dad124 DeleteCriticalSection
0x3dad128 HeapCreate
0x3dad12c HeapDestroy
0x3dad130 VirtualFree
0x3dad134 QueryPerformanceCounter
0x3dad138 GetTickCount
0x3dad13c GetCurrentProcessId
0x3dad140 GetSystemTimeAsFileTime
0x3dad144 SetFilePointer
0x3dad148 WideCharToMultiByte
0x3dad14c GetConsoleCP
0x3dad150 GetConsoleMode
0x3dad154 GetCPInfo
0x3dad158 GetACP
0x3dad15c GetOEMCP
0x3dad160 IsValidCodePage
0x3dad164 FatalAppExitA
0x3dad168 VirtualAlloc
0x3dad16c MultiByteToWideChar
0x3dad170 CloseHandle
0x3dad174 CreateFileA
0x3dad178 InitializeCriticalSectionAndSpinCount
0x3dad17c HeapSize
0x3dad180 SetConsoleCtrlHandler
0x3dad184 FreeLibrary
0x3dad188 InterlockedExchange
0x3dad18c LoadLibraryA
0x3dad190 SetStdHandle
0x3dad194 WriteConsoleA
0x3dad198 GetConsoleOutputCP
0x3dad19c WriteConsoleW
0x3dad1a0 LCMapStringA
0x3dad1a4 GetStringTypeA
0x3dad1a8 GetStringTypeW
0x3dad1ac GetTimeFormatA
0x3dad1b0 GetDateFormatA
0x3dad1b4 GetUserDefaultLCID
0x3dad1b8 GetLocaleInfoA
0x3dad1bc EnumSystemLocalesA
0x3dad1c0 IsValidLocale
0x3dad1c4 FlushFileBuffers
0x3dad1c8 ReadFile
0x3dad1cc SetEndOfFile
0x3dad1d0 GetProcessHeap
0x3dad1d4 CompareStringA
0x3dad1d8 GetModuleHandleA
USER32.dll
0x3dad1e0 GetProcessDefaultLayout
EAT(Export Address Table) Library
0x4449c0 Lolipops
0x4449a0 NoMore
0x4449b0 Robin
KERNEL32.dll
0x3dad000 HeapReAlloc
0x3dad004 RemoveVectoredExceptionHandler
0x3dad008 EnumDateFormatsExW
0x3dad00c FindResourceExW
0x3dad010 WriteConsoleOutputCharacterA
0x3dad014 LoadResource
0x3dad018 SetWaitableTimer
0x3dad01c GetCurrentProcess
0x3dad020 HeapFree
0x3dad024 GetModuleHandleExW
0x3dad028 GlobalLock
0x3dad02c CancelWaitableTimer
0x3dad030 LockFile
0x3dad034 SetTapeParameters
0x3dad038 GetModuleHandleW
0x3dad03c EnumCalendarInfoExW
0x3dad040 TzSpecificLocalTimeToSystemTime
0x3dad044 GetLocaleInfoW
0x3dad048 GetSystemTimeAdjustment
0x3dad04c InterlockedPopEntrySList
0x3dad050 GetFileAttributesA
0x3dad054 GetCompressedFileSizeA
0x3dad058 GetTimeZoneInformation
0x3dad05c GetEnvironmentVariableA
0x3dad060 DisconnectNamedPipe
0x3dad064 VirtualUnlock
0x3dad068 GetConsoleAliasesW
0x3dad06c GetProcAddress
0x3dad070 GetAtomNameA
0x3dad074 LocalAlloc
0x3dad078 AddAtomA
0x3dad07c GlobalFindAtomW
0x3dad080 GlobalUnWire
0x3dad084 lstrcatW
0x3dad088 FatalExit
0x3dad08c GetFileTime
0x3dad090 GetConsoleCursorInfo
0x3dad094 LocalFree
0x3dad098 LCMapStringW
0x3dad09c SetEnvironmentVariableA
0x3dad0a0 CompareStringW
0x3dad0a4 TerminateProcess
0x3dad0a8 UnhandledExceptionFilter
0x3dad0ac SetUnhandledExceptionFilter
0x3dad0b0 IsDebuggerPresent
0x3dad0b4 GetStartupInfoW
0x3dad0b8 RaiseException
0x3dad0bc RtlUnwind
0x3dad0c0 HeapAlloc
0x3dad0c4 GetLastError
0x3dad0c8 EnterCriticalSection
0x3dad0cc LeaveCriticalSection
0x3dad0d0 TlsGetValue
0x3dad0d4 TlsAlloc
0x3dad0d8 TlsSetValue
0x3dad0dc TlsFree
0x3dad0e0 InterlockedIncrement
0x3dad0e4 SetLastError
0x3dad0e8 GetCurrentThreadId
0x3dad0ec InterlockedDecrement
0x3dad0f0 GetCurrentThread
0x3dad0f4 Sleep
0x3dad0f8 ExitProcess
0x3dad0fc WriteFile
0x3dad100 GetStdHandle
0x3dad104 GetModuleFileNameA
0x3dad108 GetModuleFileNameW
0x3dad10c FreeEnvironmentStringsW
0x3dad110 GetEnvironmentStringsW
0x3dad114 GetCommandLineW
0x3dad118 SetHandleCount
0x3dad11c GetFileType
0x3dad120 GetStartupInfoA
0x3dad124 DeleteCriticalSection
0x3dad128 HeapCreate
0x3dad12c HeapDestroy
0x3dad130 VirtualFree
0x3dad134 QueryPerformanceCounter
0x3dad138 GetTickCount
0x3dad13c GetCurrentProcessId
0x3dad140 GetSystemTimeAsFileTime
0x3dad144 SetFilePointer
0x3dad148 WideCharToMultiByte
0x3dad14c GetConsoleCP
0x3dad150 GetConsoleMode
0x3dad154 GetCPInfo
0x3dad158 GetACP
0x3dad15c GetOEMCP
0x3dad160 IsValidCodePage
0x3dad164 FatalAppExitA
0x3dad168 VirtualAlloc
0x3dad16c MultiByteToWideChar
0x3dad170 CloseHandle
0x3dad174 CreateFileA
0x3dad178 InitializeCriticalSectionAndSpinCount
0x3dad17c HeapSize
0x3dad180 SetConsoleCtrlHandler
0x3dad184 FreeLibrary
0x3dad188 InterlockedExchange
0x3dad18c LoadLibraryA
0x3dad190 SetStdHandle
0x3dad194 WriteConsoleA
0x3dad198 GetConsoleOutputCP
0x3dad19c WriteConsoleW
0x3dad1a0 LCMapStringA
0x3dad1a4 GetStringTypeA
0x3dad1a8 GetStringTypeW
0x3dad1ac GetTimeFormatA
0x3dad1b0 GetDateFormatA
0x3dad1b4 GetUserDefaultLCID
0x3dad1b8 GetLocaleInfoA
0x3dad1bc EnumSystemLocalesA
0x3dad1c0 IsValidLocale
0x3dad1c4 FlushFileBuffers
0x3dad1c8 ReadFile
0x3dad1cc SetEndOfFile
0x3dad1d0 GetProcessHeap
0x3dad1d4 CompareStringA
0x3dad1d8 GetModuleHandleA
USER32.dll
0x3dad1e0 GetProcessDefaultLayout
EAT(Export Address Table) Library
0x4449c0 Lolipops
0x4449a0 NoMore
0x4449b0 Robin