ScreenShot
| Created | 2021.06.07 21:06 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 32 detected (AIDetect, malware1, malicious, high confidence, Fugrafa, Unsafe, Save, Hacktool, ZexaF, vqX@aOFwcZiG, Attribute, HighConfidence, Kryptik, HLFI, PWSX, Convagent, ET#88%, RDMK, cmRtazr5vfBQcK+gfyYDCYZHZXlV, A + Troj, Score, ai score=89, Detplock, BScope, Hynamer, Static AI, Malicious PE, HLFH, RnkBend, confidence, 100%) | ||
| md5 | 64eaf97106ba76288f92396de46f322c | ||
| sha256 | 0f832876e5226548ea1d6460e26f546c344b9edb63c9009176e04ebbb562aa08 | ||
| ssdeep | 6144:ea0r/ZAm+sV4PW4P6sscvUMJ1hhlphU0dskDV77XMgy7IKH+:ea0r/ZAmsW4iP01hh20dZl7cLX | ||
| imphash | 34a88fcee714364cfcbac54c6885bedd | ||
| impfuzzy | 48:QhWQeWLM3icuSdPuXx6da11f5FMsX8v1eLaAclRD0BT:QEQ8+uPuXxLH/X8v1eOAclRD6 | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x444008 CreateFileA
0x44400c FindFirstFileW
0x444010 lstrlenA
0x444014 WritePrivateProfileStructA
0x444018 CopyFileExW
0x44401c SetComputerNameExA
0x444020 CommConfigDialogA
0x444024 SetEndOfFile
0x444028 HeapAlloc
0x44402c SetUnhandledExceptionFilter
0x444030 WaitNamedPipeA
0x444034 WritePrivateProfileSectionA
0x444038 GetModuleHandleExW
0x44403c CreateDirectoryW
0x444040 SetVolumeMountPointW
0x444044 OpenSemaphoreA
0x444048 GetTickCount
0x44404c EnumTimeFormatsA
0x444050 SetProcessPriorityBoost
0x444054 GetDriveTypeA
0x444058 ActivateActCtx
0x44405c LoadLibraryW
0x444060 GetConsoleMode
0x444064 ReadConsoleInputA
0x444068 CopyFileW
0x44406c GetPrivateProfileStructW
0x444070 GlobalFlags
0x444074 SetTimeZoneInformation
0x444078 VerifyVersionInfoA
0x44407c WriteConsoleW
0x444080 TerminateProcess
0x444084 ReadFile
0x444088 GetModuleFileNameW
0x44408c CreateActCtxA
0x444090 CompareStringW
0x444094 GetACP
0x444098 RaiseException
0x44409c InterlockedExchange
0x4440a0 SetCurrentDirectoryA
0x4440a4 SetThreadLocale
0x4440a8 GlobalFix
0x4440ac GetHandleInformation
0x4440b0 IsDBCSLeadByteEx
0x4440b4 SetLastError
0x4440b8 GetProcAddress
0x4440bc VirtualAlloc
0x4440c0 WriteProfileSectionA
0x4440c4 IsValidCodePage
0x4440c8 SetComputerNameA
0x4440cc BuildCommDCBW
0x4440d0 GetTempFileNameA
0x4440d4 ResetEvent
0x4440d8 OpenWaitableTimerA
0x4440dc GetAtomNameA
0x4440e0 LoadLibraryA
0x4440e4 Process32FirstW
0x4440e8 WriteConsoleA
0x4440ec LocalAlloc
0x4440f0 GetFileType
0x4440f4 SetConsoleWindowInfo
0x4440f8 AddAtomA
0x4440fc SetCommMask
0x444100 SetEnvironmentVariableA
0x444104 SetConsoleCursorInfo
0x444108 SetConsoleTitleW
0x44410c GetModuleHandleA
0x444110 DebugBreakProcess
0x444114 FreeEnvironmentStringsW
0x444118 GetCurrentDirectoryA
0x44411c GetCPInfoExA
0x444120 GetVersionExA
0x444124 GetWindowsDirectoryW
0x444128 FileTimeToLocalFileTime
0x44412c ReadConsoleOutputCharacterW
0x444130 TlsFree
0x444134 GetProfileSectionW
0x444138 LCMapStringW
0x44413c GetVolumeInformationW
0x444140 CloseHandle
0x444144 CreateFileW
0x444148 SetStdHandle
0x44414c OpenMutexW
0x444150 FillConsoleOutputCharacterA
0x444154 GetCommandLineW
0x444158 HeapSetInformation
0x44415c GetStartupInfoW
0x444160 QueryPerformanceCounter
0x444164 GetCurrentThreadId
0x444168 GetCurrentProcessId
0x44416c GetSystemTimeAsFileTime
0x444170 InterlockedIncrement
0x444174 InterlockedDecrement
0x444178 DecodePointer
0x44417c GetModuleHandleW
0x444180 ExitProcess
0x444184 GetEnvironmentStringsW
0x444188 SetHandleCount
0x44418c GetStdHandle
0x444190 InitializeCriticalSectionAndSpinCount
0x444194 DeleteCriticalSection
0x444198 HeapValidate
0x44419c IsBadReadPtr
0x4441a0 EncodePointer
0x4441a4 TlsAlloc
0x4441a8 TlsGetValue
0x4441ac TlsSetValue
0x4441b0 GetLastError
0x4441b4 HeapCreate
0x4441b8 WriteFile
0x4441bc GetOEMCP
0x4441c0 GetCPInfo
0x4441c4 EnterCriticalSection
0x4441c8 LeaveCriticalSection
0x4441cc GetCurrentProcess
0x4441d0 UnhandledExceptionFilter
0x4441d4 IsDebuggerPresent
0x4441d8 GetModuleFileNameA
0x4441dc HeapReAlloc
0x4441e0 HeapSize
0x4441e4 HeapQueryInformation
0x4441e8 HeapFree
0x4441ec RtlUnwind
0x4441f0 WideCharToMultiByte
0x4441f4 MultiByteToWideChar
0x4441f8 GetStringTypeW
0x4441fc OutputDebugStringA
0x444200 OutputDebugStringW
0x444204 IsProcessorFeaturePresent
0x444208 SetFilePointer
0x44420c GetConsoleCP
0x444210 FlushFileBuffers
USER32.dll
0x444218 GetMessageTime
0x44421c GetMenuInfo
ADVAPI32.dll
0x444000 RevertToSelf
EAT(Export Address Table) is none
KERNEL32.dll
0x444008 CreateFileA
0x44400c FindFirstFileW
0x444010 lstrlenA
0x444014 WritePrivateProfileStructA
0x444018 CopyFileExW
0x44401c SetComputerNameExA
0x444020 CommConfigDialogA
0x444024 SetEndOfFile
0x444028 HeapAlloc
0x44402c SetUnhandledExceptionFilter
0x444030 WaitNamedPipeA
0x444034 WritePrivateProfileSectionA
0x444038 GetModuleHandleExW
0x44403c CreateDirectoryW
0x444040 SetVolumeMountPointW
0x444044 OpenSemaphoreA
0x444048 GetTickCount
0x44404c EnumTimeFormatsA
0x444050 SetProcessPriorityBoost
0x444054 GetDriveTypeA
0x444058 ActivateActCtx
0x44405c LoadLibraryW
0x444060 GetConsoleMode
0x444064 ReadConsoleInputA
0x444068 CopyFileW
0x44406c GetPrivateProfileStructW
0x444070 GlobalFlags
0x444074 SetTimeZoneInformation
0x444078 VerifyVersionInfoA
0x44407c WriteConsoleW
0x444080 TerminateProcess
0x444084 ReadFile
0x444088 GetModuleFileNameW
0x44408c CreateActCtxA
0x444090 CompareStringW
0x444094 GetACP
0x444098 RaiseException
0x44409c InterlockedExchange
0x4440a0 SetCurrentDirectoryA
0x4440a4 SetThreadLocale
0x4440a8 GlobalFix
0x4440ac GetHandleInformation
0x4440b0 IsDBCSLeadByteEx
0x4440b4 SetLastError
0x4440b8 GetProcAddress
0x4440bc VirtualAlloc
0x4440c0 WriteProfileSectionA
0x4440c4 IsValidCodePage
0x4440c8 SetComputerNameA
0x4440cc BuildCommDCBW
0x4440d0 GetTempFileNameA
0x4440d4 ResetEvent
0x4440d8 OpenWaitableTimerA
0x4440dc GetAtomNameA
0x4440e0 LoadLibraryA
0x4440e4 Process32FirstW
0x4440e8 WriteConsoleA
0x4440ec LocalAlloc
0x4440f0 GetFileType
0x4440f4 SetConsoleWindowInfo
0x4440f8 AddAtomA
0x4440fc SetCommMask
0x444100 SetEnvironmentVariableA
0x444104 SetConsoleCursorInfo
0x444108 SetConsoleTitleW
0x44410c GetModuleHandleA
0x444110 DebugBreakProcess
0x444114 FreeEnvironmentStringsW
0x444118 GetCurrentDirectoryA
0x44411c GetCPInfoExA
0x444120 GetVersionExA
0x444124 GetWindowsDirectoryW
0x444128 FileTimeToLocalFileTime
0x44412c ReadConsoleOutputCharacterW
0x444130 TlsFree
0x444134 GetProfileSectionW
0x444138 LCMapStringW
0x44413c GetVolumeInformationW
0x444140 CloseHandle
0x444144 CreateFileW
0x444148 SetStdHandle
0x44414c OpenMutexW
0x444150 FillConsoleOutputCharacterA
0x444154 GetCommandLineW
0x444158 HeapSetInformation
0x44415c GetStartupInfoW
0x444160 QueryPerformanceCounter
0x444164 GetCurrentThreadId
0x444168 GetCurrentProcessId
0x44416c GetSystemTimeAsFileTime
0x444170 InterlockedIncrement
0x444174 InterlockedDecrement
0x444178 DecodePointer
0x44417c GetModuleHandleW
0x444180 ExitProcess
0x444184 GetEnvironmentStringsW
0x444188 SetHandleCount
0x44418c GetStdHandle
0x444190 InitializeCriticalSectionAndSpinCount
0x444194 DeleteCriticalSection
0x444198 HeapValidate
0x44419c IsBadReadPtr
0x4441a0 EncodePointer
0x4441a4 TlsAlloc
0x4441a8 TlsGetValue
0x4441ac TlsSetValue
0x4441b0 GetLastError
0x4441b4 HeapCreate
0x4441b8 WriteFile
0x4441bc GetOEMCP
0x4441c0 GetCPInfo
0x4441c4 EnterCriticalSection
0x4441c8 LeaveCriticalSection
0x4441cc GetCurrentProcess
0x4441d0 UnhandledExceptionFilter
0x4441d4 IsDebuggerPresent
0x4441d8 GetModuleFileNameA
0x4441dc HeapReAlloc
0x4441e0 HeapSize
0x4441e4 HeapQueryInformation
0x4441e8 HeapFree
0x4441ec RtlUnwind
0x4441f0 WideCharToMultiByte
0x4441f4 MultiByteToWideChar
0x4441f8 GetStringTypeW
0x4441fc OutputDebugStringA
0x444200 OutputDebugStringW
0x444204 IsProcessorFeaturePresent
0x444208 SetFilePointer
0x44420c GetConsoleCP
0x444210 FlushFileBuffers
USER32.dll
0x444218 GetMessageTime
0x44421c GetMenuInfo
ADVAPI32.dll
0x444000 RevertToSelf
EAT(Export Address Table) is none