ScreenShot
| Created | 2021.04.29 22:23 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 29 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, Hacktool, ZexaF, my0@au50jfhO, Kryptik, Eldorado, Attribute, HighConfidence, HKQF, FileRepMalware, Fareit, Auto, Static AI, Malicious PE, Predator, score, Artemis, ET#98%, RDMK, cmRtazrWBazOPb83cTFGJQtoYbTp, confidence) | ||
| md5 | 346cf0402aa3f87e686a16da0d73e419 | ||
| sha256 | 65309f9f8c2b26c74b9c77c1fc4cb88843021b7e2b6c4c8ed1c2ac743b200bed | ||
| ssdeep | 3072:TjWsLkxCJiC8g4Lm1TKIso1ayHeHolqQzEwhgFE6LrXENH5hyUh:/XLSop4oTKfoFjzZ2K6Lr0ZyUh | ||
| imphash | 20a3b8299db6e8582c3eb04a6c72e959 | ||
| impfuzzy | 24:Uj8kx8V/OuqbJcDL1tvTqvKr2epms7tehJK5cxOaNTqdbpluHuOZyvFlRfGNZrKJ:Ujde172epms7to6cvcd10ulfGNZ2drj | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x446008 FreeLibrary
0x44600c SystemTimeToTzSpecificLocalTime
0x446010 GetConsoleAliasA
0x446014 GetModuleHandleExW
0x446018 GetTickCount
0x44601c SetFileTime
0x446020 TerminateThread
0x446024 GetLocaleInfoW
0x446028 SetSystemTimeAdjustment
0x44602c GetFileAttributesA
0x446030 SetTimeZoneInformation
0x446034 GetAtomNameW
0x446038 ReadFile
0x44603c lstrcatA
0x446040 RaiseException
0x446044 FindResourceW
0x446048 SetLastError
0x44604c GetProcAddress
0x446050 OpenWaitableTimerA
0x446054 LocalAlloc
0x446058 SetConsoleOutputCP
0x44605c GlobalFindAtomW
0x446060 SetConsoleCursorInfo
0x446064 GetModuleHandleA
0x446068 LoadLibraryExA
0x44606c FindAtomW
0x446070 FileTimeToLocalFileTime
0x446074 GetCurrentProcessId
0x446078 CompareStringW
0x44607c CompareStringA
0x446080 LCMapStringA
0x446084 MapViewOfFile
0x446088 GetModuleHandleW
0x44608c Sleep
0x446090 ExitProcess
0x446094 GetStartupInfoW
0x446098 TerminateProcess
0x44609c GetCurrentProcess
0x4460a0 UnhandledExceptionFilter
0x4460a4 SetUnhandledExceptionFilter
0x4460a8 IsDebuggerPresent
0x4460ac HeapAlloc
0x4460b0 TlsGetValue
0x4460b4 TlsAlloc
0x4460b8 TlsSetValue
0x4460bc TlsFree
0x4460c0 InterlockedIncrement
0x4460c4 GetCurrentThreadId
0x4460c8 GetLastError
0x4460cc InterlockedDecrement
0x4460d0 GetCurrentThread
0x4460d4 WriteFile
0x4460d8 GetStdHandle
0x4460dc GetModuleFileNameA
0x4460e0 DeleteCriticalSection
0x4460e4 LeaveCriticalSection
0x4460e8 FatalAppExitA
0x4460ec EnterCriticalSection
0x4460f0 SetConsoleCtrlHandler
0x4460f4 InterlockedExchange
0x4460f8 LoadLibraryA
0x4460fc InitializeCriticalSectionAndSpinCount
0x446100 GetModuleFileNameW
0x446104 FreeEnvironmentStringsW
0x446108 GetEnvironmentStringsW
0x44610c GetCommandLineW
0x446110 SetHandleCount
0x446114 GetFileType
0x446118 GetStartupInfoA
0x44611c HeapCreate
0x446120 HeapDestroy
0x446124 VirtualFree
0x446128 HeapFree
0x44612c QueryPerformanceCounter
0x446130 GetSystemTimeAsFileTime
0x446134 VirtualAlloc
0x446138 HeapReAlloc
0x44613c GetCPInfo
0x446140 GetACP
0x446144 GetOEMCP
0x446148 IsValidCodePage
0x44614c HeapSize
0x446150 RtlUnwind
0x446154 GetLocaleInfoA
0x446158 WideCharToMultiByte
0x44615c MultiByteToWideChar
0x446160 LCMapStringW
0x446164 GetStringTypeA
0x446168 GetStringTypeW
0x44616c GetTimeFormatA
0x446170 GetDateFormatA
0x446174 GetUserDefaultLCID
0x446178 EnumSystemLocalesA
0x44617c IsValidLocale
0x446180 GetTimeZoneInformation
0x446184 SetEnvironmentVariableA
USER32.dll
0x44618c GetDesktopWindow
ADVAPI32.dll
0x446000 RegCreateKeyW
EAT(Export Address Table) is none
KERNEL32.dll
0x446008 FreeLibrary
0x44600c SystemTimeToTzSpecificLocalTime
0x446010 GetConsoleAliasA
0x446014 GetModuleHandleExW
0x446018 GetTickCount
0x44601c SetFileTime
0x446020 TerminateThread
0x446024 GetLocaleInfoW
0x446028 SetSystemTimeAdjustment
0x44602c GetFileAttributesA
0x446030 SetTimeZoneInformation
0x446034 GetAtomNameW
0x446038 ReadFile
0x44603c lstrcatA
0x446040 RaiseException
0x446044 FindResourceW
0x446048 SetLastError
0x44604c GetProcAddress
0x446050 OpenWaitableTimerA
0x446054 LocalAlloc
0x446058 SetConsoleOutputCP
0x44605c GlobalFindAtomW
0x446060 SetConsoleCursorInfo
0x446064 GetModuleHandleA
0x446068 LoadLibraryExA
0x44606c FindAtomW
0x446070 FileTimeToLocalFileTime
0x446074 GetCurrentProcessId
0x446078 CompareStringW
0x44607c CompareStringA
0x446080 LCMapStringA
0x446084 MapViewOfFile
0x446088 GetModuleHandleW
0x44608c Sleep
0x446090 ExitProcess
0x446094 GetStartupInfoW
0x446098 TerminateProcess
0x44609c GetCurrentProcess
0x4460a0 UnhandledExceptionFilter
0x4460a4 SetUnhandledExceptionFilter
0x4460a8 IsDebuggerPresent
0x4460ac HeapAlloc
0x4460b0 TlsGetValue
0x4460b4 TlsAlloc
0x4460b8 TlsSetValue
0x4460bc TlsFree
0x4460c0 InterlockedIncrement
0x4460c4 GetCurrentThreadId
0x4460c8 GetLastError
0x4460cc InterlockedDecrement
0x4460d0 GetCurrentThread
0x4460d4 WriteFile
0x4460d8 GetStdHandle
0x4460dc GetModuleFileNameA
0x4460e0 DeleteCriticalSection
0x4460e4 LeaveCriticalSection
0x4460e8 FatalAppExitA
0x4460ec EnterCriticalSection
0x4460f0 SetConsoleCtrlHandler
0x4460f4 InterlockedExchange
0x4460f8 LoadLibraryA
0x4460fc InitializeCriticalSectionAndSpinCount
0x446100 GetModuleFileNameW
0x446104 FreeEnvironmentStringsW
0x446108 GetEnvironmentStringsW
0x44610c GetCommandLineW
0x446110 SetHandleCount
0x446114 GetFileType
0x446118 GetStartupInfoA
0x44611c HeapCreate
0x446120 HeapDestroy
0x446124 VirtualFree
0x446128 HeapFree
0x44612c QueryPerformanceCounter
0x446130 GetSystemTimeAsFileTime
0x446134 VirtualAlloc
0x446138 HeapReAlloc
0x44613c GetCPInfo
0x446140 GetACP
0x446144 GetOEMCP
0x446148 IsValidCodePage
0x44614c HeapSize
0x446150 RtlUnwind
0x446154 GetLocaleInfoA
0x446158 WideCharToMultiByte
0x44615c MultiByteToWideChar
0x446160 LCMapStringW
0x446164 GetStringTypeA
0x446168 GetStringTypeW
0x44616c GetTimeFormatA
0x446170 GetDateFormatA
0x446174 GetUserDefaultLCID
0x446178 EnumSystemLocalesA
0x44617c IsValidLocale
0x446180 GetTimeZoneInformation
0x446184 SetEnvironmentVariableA
USER32.dll
0x44618c GetDesktopWindow
ADVAPI32.dll
0x446000 RegCreateKeyW
EAT(Export Address Table) is none