ScreenShot
| Created | 2021.06.24 09:54 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 35 detected (AIDetect, malware1, malicious, high confidence, Artemis, Unsafe, Save, Attribute, HighConfidence, GenKryptik, FGUO, PWSX, Androm, Generic@ML, RDML, aXtlgIFcXpq26cEFUsRzlw, R + Troj, Kryptik, Lockbit, Static AI, Malicious PE, Zenpak, Score, Glupteba, 8O8WYA, ZexaF, wu0@a81R9SjI, BScope, susgen, RnkBend, confidence, 100%) | ||
| md5 | de41a01457573e366909c2ddb491d1f3 | ||
| sha256 | e272af98ac66fa088b63aa66caeec5ea402966a2c78bb3df09d139168437cb0f | ||
| ssdeep | 6144:lpVArYsAKC8ig2seQM8D6BbkQCYP0wdUz0v3IXnuWF:5ArpAH8ig2sY8D6Bb6YP0wdt4ue | ||
| imphash | 821307fdbf673876d4e5c6aaf4b90eb6 | ||
| impfuzzy | 48:ZLIbODAovA84dVXSEDyL9TnfYHOLaE8fcRhV8hUheLXsIOGT:Z5EMKVXhaTAH3E8fcRhV8hmeLXsK | ||
Network IP location
Signature (9cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 35 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x434000 GetComputerNameA
0x434004 EnumResourceNamesW
0x434008 SearchPathW
0x43400c CopyFileExW
0x434010 GetDriveTypeW
0x434014 SetEndOfFile
0x434018 GetNumberOfConsoleInputEvents
0x43401c FindResourceExW
0x434020 MapUserPhysicalPages
0x434024 LoadResource
0x434028 InterlockedIncrement
0x43402c CreateDirectoryW
0x434030 GlobalLock
0x434034 WriteConsoleInputA
0x434038 GetCommProperties
0x43403c FreeEnvironmentStringsA
0x434040 SetTapeParameters
0x434044 GetModuleHandleW
0x434048 CreateNamedPipeW
0x43404c LocalFlags
0x434050 GetConsoleAliasesLengthA
0x434054 GetPrivateProfileStringW
0x434058 GetWindowsDirectoryA
0x43405c WriteFile
0x434060 SetCommState
0x434064 GetCommandLineA
0x434068 GetSystemWow64DirectoryA
0x43406c CreateDirectoryExW
0x434070 SetProcessPriorityBoost
0x434074 InitializeCriticalSection
0x434078 TlsSetValue
0x43407c GlobalAlloc
0x434080 LoadLibraryW
0x434084 GetCalendarInfoA
0x434088 ReadFileScatter
0x43408c SetSystemTimeAdjustment
0x434090 GetSystemWindowsDirectoryA
0x434094 TerminateProcess
0x434098 IsDBCSLeadByte
0x43409c GetBinaryTypeW
0x4340a0 GetOverlappedResult
0x4340a4 CompareStringW
0x4340a8 lstrlenW
0x4340ac GetConsoleOutputCP
0x4340b0 VerifyVersionInfoW
0x4340b4 InterlockedExchange
0x4340b8 ReleaseActCtx
0x4340bc GetFileSizeEx
0x4340c0 SetThreadLocale
0x4340c4 FindFirstFileA
0x4340c8 OpenMutexW
0x4340cc GetCurrentDirectoryW
0x4340d0 GetProcAddress
0x4340d4 SetVolumeLabelW
0x4340d8 WriteProfileSectionA
0x4340dc SetComputerNameA
0x4340e0 BuildCommDCBW
0x4340e4 GetLocalTime
0x4340e8 Process32FirstW
0x4340ec OpenMutexA
0x4340f0 OpenWaitableTimerW
0x4340f4 SetConsoleCtrlHandler
0x4340f8 AddAtomA
0x4340fc FindAtomA
0x434100 GetSystemInfo
0x434104 EnumResourceTypesW
0x434108 CreateIoCompletionPort
0x43410c SetConsoleTitleW
0x434110 FindNextFileW
0x434114 GetConsoleTitleW
0x434118 RequestWakeupLatency
0x43411c GetConsoleCursorInfo
0x434120 ScrollConsoleScreenBufferA
0x434124 GetVersionExA
0x434128 InterlockedPushEntrySList
0x43412c GetProfileSectionW
0x434130 LCMapStringW
0x434134 AreFileApisANSI
0x434138 DeleteFileA
0x43413c GetVolumeInformationW
0x434140 GetModuleHandleA
0x434144 FlushFileBuffers
0x434148 GetStartupInfoA
0x43414c HeapValidate
0x434150 IsBadReadPtr
0x434154 RaiseException
0x434158 DeleteCriticalSection
0x43415c EnterCriticalSection
0x434160 LeaveCriticalSection
0x434164 GetModuleFileNameW
0x434168 SetUnhandledExceptionFilter
0x43416c QueryPerformanceCounter
0x434170 GetTickCount
0x434174 GetCurrentThreadId
0x434178 GetCurrentProcessId
0x43417c GetSystemTimeAsFileTime
0x434180 Sleep
0x434184 InterlockedDecrement
0x434188 ExitProcess
0x43418c GetModuleFileNameA
0x434190 GetEnvironmentStrings
0x434194 FreeEnvironmentStringsW
0x434198 WideCharToMultiByte
0x43419c GetLastError
0x4341a0 GetEnvironmentStringsW
0x4341a4 SetHandleCount
0x4341a8 GetStdHandle
0x4341ac GetFileType
0x4341b0 TlsGetValue
0x4341b4 TlsAlloc
0x4341b8 TlsFree
0x4341bc SetLastError
0x4341c0 HeapDestroy
0x4341c4 HeapCreate
0x4341c8 HeapFree
0x4341cc VirtualFree
0x4341d0 HeapAlloc
0x4341d4 GetCurrentProcess
0x4341d8 UnhandledExceptionFilter
0x4341dc IsDebuggerPresent
0x4341e0 HeapSize
0x4341e4 HeapReAlloc
0x4341e8 VirtualAlloc
0x4341ec GetACP
0x4341f0 GetOEMCP
0x4341f4 GetCPInfo
0x4341f8 IsValidCodePage
0x4341fc RtlUnwind
0x434200 InitializeCriticalSectionAndSpinCount
0x434204 DebugBreak
0x434208 OutputDebugStringA
0x43420c WriteConsoleW
0x434210 OutputDebugStringW
0x434214 LoadLibraryA
0x434218 MultiByteToWideChar
0x43421c LCMapStringA
0x434220 GetStringTypeA
0x434224 GetStringTypeW
0x434228 GetLocaleInfoA
0x43422c SetFilePointer
0x434230 GetConsoleCP
0x434234 GetConsoleMode
0x434238 SetStdHandle
0x43423c WriteConsoleA
0x434240 CreateFileA
0x434244 CloseHandle
USER32.dll
0x43424c GetMenuCheckMarkDimensions
0x434250 GetMenuInfo
0x434254 GetMenuBarInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x434000 GetComputerNameA
0x434004 EnumResourceNamesW
0x434008 SearchPathW
0x43400c CopyFileExW
0x434010 GetDriveTypeW
0x434014 SetEndOfFile
0x434018 GetNumberOfConsoleInputEvents
0x43401c FindResourceExW
0x434020 MapUserPhysicalPages
0x434024 LoadResource
0x434028 InterlockedIncrement
0x43402c CreateDirectoryW
0x434030 GlobalLock
0x434034 WriteConsoleInputA
0x434038 GetCommProperties
0x43403c FreeEnvironmentStringsA
0x434040 SetTapeParameters
0x434044 GetModuleHandleW
0x434048 CreateNamedPipeW
0x43404c LocalFlags
0x434050 GetConsoleAliasesLengthA
0x434054 GetPrivateProfileStringW
0x434058 GetWindowsDirectoryA
0x43405c WriteFile
0x434060 SetCommState
0x434064 GetCommandLineA
0x434068 GetSystemWow64DirectoryA
0x43406c CreateDirectoryExW
0x434070 SetProcessPriorityBoost
0x434074 InitializeCriticalSection
0x434078 TlsSetValue
0x43407c GlobalAlloc
0x434080 LoadLibraryW
0x434084 GetCalendarInfoA
0x434088 ReadFileScatter
0x43408c SetSystemTimeAdjustment
0x434090 GetSystemWindowsDirectoryA
0x434094 TerminateProcess
0x434098 IsDBCSLeadByte
0x43409c GetBinaryTypeW
0x4340a0 GetOverlappedResult
0x4340a4 CompareStringW
0x4340a8 lstrlenW
0x4340ac GetConsoleOutputCP
0x4340b0 VerifyVersionInfoW
0x4340b4 InterlockedExchange
0x4340b8 ReleaseActCtx
0x4340bc GetFileSizeEx
0x4340c0 SetThreadLocale
0x4340c4 FindFirstFileA
0x4340c8 OpenMutexW
0x4340cc GetCurrentDirectoryW
0x4340d0 GetProcAddress
0x4340d4 SetVolumeLabelW
0x4340d8 WriteProfileSectionA
0x4340dc SetComputerNameA
0x4340e0 BuildCommDCBW
0x4340e4 GetLocalTime
0x4340e8 Process32FirstW
0x4340ec OpenMutexA
0x4340f0 OpenWaitableTimerW
0x4340f4 SetConsoleCtrlHandler
0x4340f8 AddAtomA
0x4340fc FindAtomA
0x434100 GetSystemInfo
0x434104 EnumResourceTypesW
0x434108 CreateIoCompletionPort
0x43410c SetConsoleTitleW
0x434110 FindNextFileW
0x434114 GetConsoleTitleW
0x434118 RequestWakeupLatency
0x43411c GetConsoleCursorInfo
0x434120 ScrollConsoleScreenBufferA
0x434124 GetVersionExA
0x434128 InterlockedPushEntrySList
0x43412c GetProfileSectionW
0x434130 LCMapStringW
0x434134 AreFileApisANSI
0x434138 DeleteFileA
0x43413c GetVolumeInformationW
0x434140 GetModuleHandleA
0x434144 FlushFileBuffers
0x434148 GetStartupInfoA
0x43414c HeapValidate
0x434150 IsBadReadPtr
0x434154 RaiseException
0x434158 DeleteCriticalSection
0x43415c EnterCriticalSection
0x434160 LeaveCriticalSection
0x434164 GetModuleFileNameW
0x434168 SetUnhandledExceptionFilter
0x43416c QueryPerformanceCounter
0x434170 GetTickCount
0x434174 GetCurrentThreadId
0x434178 GetCurrentProcessId
0x43417c GetSystemTimeAsFileTime
0x434180 Sleep
0x434184 InterlockedDecrement
0x434188 ExitProcess
0x43418c GetModuleFileNameA
0x434190 GetEnvironmentStrings
0x434194 FreeEnvironmentStringsW
0x434198 WideCharToMultiByte
0x43419c GetLastError
0x4341a0 GetEnvironmentStringsW
0x4341a4 SetHandleCount
0x4341a8 GetStdHandle
0x4341ac GetFileType
0x4341b0 TlsGetValue
0x4341b4 TlsAlloc
0x4341b8 TlsFree
0x4341bc SetLastError
0x4341c0 HeapDestroy
0x4341c4 HeapCreate
0x4341c8 HeapFree
0x4341cc VirtualFree
0x4341d0 HeapAlloc
0x4341d4 GetCurrentProcess
0x4341d8 UnhandledExceptionFilter
0x4341dc IsDebuggerPresent
0x4341e0 HeapSize
0x4341e4 HeapReAlloc
0x4341e8 VirtualAlloc
0x4341ec GetACP
0x4341f0 GetOEMCP
0x4341f4 GetCPInfo
0x4341f8 IsValidCodePage
0x4341fc RtlUnwind
0x434200 InitializeCriticalSectionAndSpinCount
0x434204 DebugBreak
0x434208 OutputDebugStringA
0x43420c WriteConsoleW
0x434210 OutputDebugStringW
0x434214 LoadLibraryA
0x434218 MultiByteToWideChar
0x43421c LCMapStringA
0x434220 GetStringTypeA
0x434224 GetStringTypeW
0x434228 GetLocaleInfoA
0x43422c SetFilePointer
0x434230 GetConsoleCP
0x434234 GetConsoleMode
0x434238 SetStdHandle
0x43423c WriteConsoleA
0x434240 CreateFileA
0x434244 CloseHandle
USER32.dll
0x43424c GetMenuCheckMarkDimensions
0x434250 GetMenuInfo
0x434254 GetMenuBarInfo
EAT(Export Address Table) is none