ScreenShot
| Created | 2021.04.28 09:57 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetect, malware1, malicious, high confidence, GenericKD, GenericKDZ, Unsafe, Save, Ranumbot, ZexaF, zuX@aC7f9gkO, Kryptik, Eldorado, Attribute, HighConfidence, HKOR, CrypterX, Noon, Obscure, CLOUD, mrwhy@0, Lockbit, R + Mal, GandCrypt, Static AI, Malicious PE, hrogz, ai score=100, kcloud, Glupteba, 1L1P37C, score, CoinMiner, R417847, R002C0RDQ21, Auto, HKPA, GdSda, confidence, 100%) | ||
| md5 | cd4a716b2886b9d6609b4e00c97964f0 | ||
| sha256 | 91fa1797421a3393289ae3892d128158ca3a16efd453be49e0c38d5891deefba | ||
| ssdeep | 12288:cm9enLXQpjT7iBQks1IftmqxL5v06QtHpa:xMXQlyBQJ7Kv06QtJa | ||
| imphash | 7992f385465c3a91784159b680857f5e | ||
| impfuzzy | 48:QXKdBUO+0p/Bbnkd7qXpjEBOCfGQ0cvl8uucjYNZehKp6l:QXKdBV+0weZjEbfGQ0cvlccjweK0 | ||
Network IP location
Signature (10cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Trojan_Win32_Glupteba_1_Zero | Trojan Win32 Glupteba | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | PE_Header_Zero | PE File Signature Zero | binaries (upload) |
| info | HasDebugData | DebugData Check | binaries (upload) |
| info | HasOverlay | Overlay Check | binaries (upload) |
| info | IsPacked | Entropy Check | binaries (upload) |
| info | IsWindowsGUI | (no description) | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x446000 FileTimeToDosDateTime
0x446004 SetThreadContext
0x446008 lstrlenA
0x44600c TlsGetValue
0x446010 SetLocalTime
0x446014 FreeLibrary
0x446018 CallNamedPipeA
0x44601c SystemTimeToTzSpecificLocalTime
0x446020 SetWaitableTimer
0x446024 SetUnhandledExceptionFilter
0x446028 LoadLibraryExW
0x44602c GetNumberOfConsoleMouseButtons
0x446030 GlobalSize
0x446034 GetProfileSectionA
0x446038 WriteConsoleInputA
0x44603c GetComputerNameW
0x446040 GetProcessPriorityBoost
0x446044 CreateNamedPipeW
0x446048 WriteFile
0x44604c GetCommandLineA
0x446050 GlobalAlloc
0x446054 GetVolumeInformationA
0x446058 GetConsoleMode
0x44605c TerminateThread
0x446060 Sleep
0x446064 GetSystemPowerStatus
0x446068 SetVolumeMountPointA
0x44606c GetSystemTimeAdjustment
0x446070 DeleteVolumeMountPointW
0x446074 GetFileAttributesA
0x446078 Beep
0x44607c SetTimeZoneInformation
0x446080 GetBinaryTypeA
0x446084 lstrcatA
0x446088 DisconnectNamedPipe
0x44608c InterlockedExchange
0x446090 GetStdHandle
0x446094 OpenMutexW
0x446098 GetHandleInformation
0x44609c GetLastError
0x4460a0 GetCurrentDirectoryW
0x4460a4 HeapSize
0x4460a8 MoveFileW
0x4460ac GetLocalTime
0x4460b0 LoadLibraryA
0x4460b4 LocalAlloc
0x4460b8 BuildCommDCBAndTimeoutsW
0x4460bc AddAtomA
0x4460c0 SetCommMask
0x4460c4 GetOEMCP
0x4460c8 CreateIoCompletionPort
0x4460cc DebugBreakProcess
0x4460d0 CreateMutexA
0x4460d4 VirtualProtect
0x4460d8 GetSystemTime
0x4460dc SetEnvironmentVariableA
0x4460e0 CompareStringW
0x4460e4 DeleteFileA
0x4460e8 TerminateProcess
0x4460ec GetCurrentProcess
0x4460f0 UnhandledExceptionFilter
0x4460f4 IsDebuggerPresent
0x4460f8 HeapReAlloc
0x4460fc HeapAlloc
0x446100 GetStartupInfoW
0x446104 RaiseException
0x446108 RtlUnwind
0x44610c HeapFree
0x446110 GetModuleHandleW
0x446114 GetProcAddress
0x446118 TlsAlloc
0x44611c TlsSetValue
0x446120 TlsFree
0x446124 InterlockedIncrement
0x446128 SetLastError
0x44612c GetCurrentThreadId
0x446130 InterlockedDecrement
0x446134 GetCurrentThread
0x446138 DeleteCriticalSection
0x44613c LeaveCriticalSection
0x446140 FatalAppExitA
0x446144 EnterCriticalSection
0x446148 HeapCreate
0x44614c HeapDestroy
0x446150 VirtualFree
0x446154 VirtualAlloc
0x446158 ExitProcess
0x44615c GetModuleFileNameA
0x446160 GetModuleFileNameW
0x446164 FreeEnvironmentStringsW
0x446168 GetEnvironmentStringsW
0x44616c GetCommandLineW
0x446170 SetHandleCount
0x446174 GetFileType
0x446178 GetStartupInfoA
0x44617c QueryPerformanceCounter
0x446180 GetTickCount
0x446184 GetCurrentProcessId
0x446188 GetSystemTimeAsFileTime
0x44618c GetCPInfo
0x446190 GetACP
0x446194 IsValidCodePage
0x446198 InitializeCriticalSectionAndSpinCount
0x44619c SetConsoleCtrlHandler
0x4461a0 GetTimeFormatA
0x4461a4 GetDateFormatA
0x4461a8 GetUserDefaultLCID
0x4461ac GetLocaleInfoA
0x4461b0 EnumSystemLocalesA
0x4461b4 IsValidLocale
0x4461b8 GetStringTypeA
0x4461bc MultiByteToWideChar
0x4461c0 GetStringTypeW
0x4461c4 LCMapStringA
0x4461c8 WideCharToMultiByte
0x4461cc LCMapStringW
0x4461d0 GetLocaleInfoW
0x4461d4 GetTimeZoneInformation
0x4461d8 CompareStringA
0x4461dc GetModuleHandleA
USER32.dll
0x4461e4 GetWindowInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x446000 FileTimeToDosDateTime
0x446004 SetThreadContext
0x446008 lstrlenA
0x44600c TlsGetValue
0x446010 SetLocalTime
0x446014 FreeLibrary
0x446018 CallNamedPipeA
0x44601c SystemTimeToTzSpecificLocalTime
0x446020 SetWaitableTimer
0x446024 SetUnhandledExceptionFilter
0x446028 LoadLibraryExW
0x44602c GetNumberOfConsoleMouseButtons
0x446030 GlobalSize
0x446034 GetProfileSectionA
0x446038 WriteConsoleInputA
0x44603c GetComputerNameW
0x446040 GetProcessPriorityBoost
0x446044 CreateNamedPipeW
0x446048 WriteFile
0x44604c GetCommandLineA
0x446050 GlobalAlloc
0x446054 GetVolumeInformationA
0x446058 GetConsoleMode
0x44605c TerminateThread
0x446060 Sleep
0x446064 GetSystemPowerStatus
0x446068 SetVolumeMountPointA
0x44606c GetSystemTimeAdjustment
0x446070 DeleteVolumeMountPointW
0x446074 GetFileAttributesA
0x446078 Beep
0x44607c SetTimeZoneInformation
0x446080 GetBinaryTypeA
0x446084 lstrcatA
0x446088 DisconnectNamedPipe
0x44608c InterlockedExchange
0x446090 GetStdHandle
0x446094 OpenMutexW
0x446098 GetHandleInformation
0x44609c GetLastError
0x4460a0 GetCurrentDirectoryW
0x4460a4 HeapSize
0x4460a8 MoveFileW
0x4460ac GetLocalTime
0x4460b0 LoadLibraryA
0x4460b4 LocalAlloc
0x4460b8 BuildCommDCBAndTimeoutsW
0x4460bc AddAtomA
0x4460c0 SetCommMask
0x4460c4 GetOEMCP
0x4460c8 CreateIoCompletionPort
0x4460cc DebugBreakProcess
0x4460d0 CreateMutexA
0x4460d4 VirtualProtect
0x4460d8 GetSystemTime
0x4460dc SetEnvironmentVariableA
0x4460e0 CompareStringW
0x4460e4 DeleteFileA
0x4460e8 TerminateProcess
0x4460ec GetCurrentProcess
0x4460f0 UnhandledExceptionFilter
0x4460f4 IsDebuggerPresent
0x4460f8 HeapReAlloc
0x4460fc HeapAlloc
0x446100 GetStartupInfoW
0x446104 RaiseException
0x446108 RtlUnwind
0x44610c HeapFree
0x446110 GetModuleHandleW
0x446114 GetProcAddress
0x446118 TlsAlloc
0x44611c TlsSetValue
0x446120 TlsFree
0x446124 InterlockedIncrement
0x446128 SetLastError
0x44612c GetCurrentThreadId
0x446130 InterlockedDecrement
0x446134 GetCurrentThread
0x446138 DeleteCriticalSection
0x44613c LeaveCriticalSection
0x446140 FatalAppExitA
0x446144 EnterCriticalSection
0x446148 HeapCreate
0x44614c HeapDestroy
0x446150 VirtualFree
0x446154 VirtualAlloc
0x446158 ExitProcess
0x44615c GetModuleFileNameA
0x446160 GetModuleFileNameW
0x446164 FreeEnvironmentStringsW
0x446168 GetEnvironmentStringsW
0x44616c GetCommandLineW
0x446170 SetHandleCount
0x446174 GetFileType
0x446178 GetStartupInfoA
0x44617c QueryPerformanceCounter
0x446180 GetTickCount
0x446184 GetCurrentProcessId
0x446188 GetSystemTimeAsFileTime
0x44618c GetCPInfo
0x446190 GetACP
0x446194 IsValidCodePage
0x446198 InitializeCriticalSectionAndSpinCount
0x44619c SetConsoleCtrlHandler
0x4461a0 GetTimeFormatA
0x4461a4 GetDateFormatA
0x4461a8 GetUserDefaultLCID
0x4461ac GetLocaleInfoA
0x4461b0 EnumSystemLocalesA
0x4461b4 IsValidLocale
0x4461b8 GetStringTypeA
0x4461bc MultiByteToWideChar
0x4461c0 GetStringTypeW
0x4461c4 LCMapStringA
0x4461c8 WideCharToMultiByte
0x4461cc LCMapStringW
0x4461d0 GetLocaleInfoW
0x4461d4 GetTimeZoneInformation
0x4461d8 CompareStringA
0x4461dc GetModuleHandleA
USER32.dll
0x4461e4 GetWindowInfo
EAT(Export Address Table) is none