ScreenShot
| Created | 2021.06.25 14:35 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 53 detected (AIDetect, malware1, malicious, high confidence, Johnnie, Unsafe, Noon, Save, confidence, 100%, runner, ali1000123, Kryptik, Eldorado, Attribute, HighConfidence, HLLD, Pwsx, Siggen13, R002C0DFL21, susgen, Zenpak, bwhoj, kcloud, Azorult, QU8RTK, score, Caynamer, R426773, Generic PWS, ai score=80, BScope, CLASSIC, Static AI, Malicious PE, GenericKDZ, ZexaF, yu1@aO2, X3eQ, GdSda) | ||
| md5 | 7fe627a1683ec232399cb09e99995038 | ||
| sha256 | 9156ffdaa24940b38a6bac300ef18a2acaac9ed521d6968ff0477170e209b1fb | ||
| ssdeep | 12288:/dn6YWBZh4tbqI+kgzGhuzbV6HcI/BYl:/UYWBZsmRzx6 | ||
| imphash | 621d175e940c3f2ca7217a398b3c22a6 | ||
| impfuzzy | 48:ZnRAOvrmp4dlDJTI1PvYPOtaEafnLRhV8Ib3VdvOGT:ZOOvAQl2KPJEafLRhV8Ib3Vdh | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 53 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x445000 EnumResourceNamesW
0x445004 SearchPathW
0x445008 FindFirstFileW
0x44500c TlsGetValue
0x445010 SetLocalTime
0x445014 GetDriveTypeW
0x445018 GetNumberOfConsoleInputEvents
0x44501c FindResourceExW
0x445020 CallNamedPipeA
0x445024 InterlockedIncrement
0x445028 InitializeSListHead
0x44502c GlobalLock
0x445030 SetComputerNameW
0x445034 GetComputerNameW
0x445038 GetCommProperties
0x44503c FreeEnvironmentStringsA
0x445040 SetTapeParameters
0x445044 GetModuleHandleW
0x445048 GenerateConsoleCtrlEvent
0x44504c GetConsoleAliasesLengthA
0x445050 GetPrivateProfileStringW
0x445054 GetConsoleTitleA
0x445058 GetCommandLineA
0x44505c GetSystemWow64DirectoryA
0x445060 CreateDirectoryExW
0x445064 InitializeCriticalSection
0x445068 GlobalAlloc
0x44506c AddRefActCtx
0x445070 GetVolumeInformationA
0x445074 Sleep
0x445078 ReadFileScatter
0x44507c GetSystemWindowsDirectoryA
0x445080 GetSystemTimeAdjustment
0x445084 GetVersionExW
0x445088 GlobalFlags
0x44508c GetBinaryTypeA
0x445090 TerminateProcess
0x445094 IsDBCSLeadByte
0x445098 ReadFile
0x44509c CompareStringW
0x4450a0 lstrlenW
0x4450a4 SetConsoleTitleA
0x4450a8 LCMapStringA
0x4450ac VerifyVersionInfoW
0x4450b0 CreateDirectoryA
0x4450b4 InterlockedExchange
0x4450b8 GetFileSizeEx
0x4450bc GetCurrentDirectoryW
0x4450c0 GetProcAddress
0x4450c4 SetVolumeLabelW
0x4450c8 WriteProfileSectionA
0x4450cc FreeUserPhysicalPages
0x4450d0 BuildCommDCBW
0x4450d4 OpenWaitableTimerA
0x4450d8 LoadLibraryA
0x4450dc Process32FirstW
0x4450e0 OpenMutexA
0x4450e4 SetConsoleOutputCP
0x4450e8 AddAtomW
0x4450ec SetFileApisToANSI
0x4450f0 FindAtomA
0x4450f4 GetTapeParameters
0x4450f8 GetSystemInfo
0x4450fc EnumResourceTypesW
0x445100 CreateIoCompletionPort
0x445104 FreeEnvironmentStringsW
0x445108 FindNextFileW
0x44510c RequestWakeupLatency
0x445110 GetConsoleCursorInfo
0x445114 ScrollConsoleScreenBufferA
0x445118 SetCalendarInfoA
0x44511c GetWindowsDirectoryW
0x445120 GetProfileSectionW
0x445124 CopyFileExA
0x445128 DeleteFileA
0x44512c FlushFileBuffers
0x445130 GetLastError
0x445134 MoveFileA
0x445138 GetStartupInfoA
0x44513c HeapValidate
0x445140 IsBadReadPtr
0x445144 RaiseException
0x445148 LeaveCriticalSection
0x44514c EnterCriticalSection
0x445150 SetStdHandle
0x445154 GetFileType
0x445158 WriteFile
0x44515c WideCharToMultiByte
0x445160 GetConsoleCP
0x445164 GetConsoleMode
0x445168 DeleteCriticalSection
0x44516c GetModuleFileNameW
0x445170 SetUnhandledExceptionFilter
0x445174 QueryPerformanceCounter
0x445178 GetTickCount
0x44517c GetCurrentThreadId
0x445180 GetCurrentProcessId
0x445184 GetSystemTimeAsFileTime
0x445188 InterlockedDecrement
0x44518c ExitProcess
0x445190 GetModuleFileNameA
0x445194 GetEnvironmentStrings
0x445198 GetEnvironmentStringsW
0x44519c SetHandleCount
0x4451a0 GetStdHandle
0x4451a4 TlsAlloc
0x4451a8 TlsSetValue
0x4451ac TlsFree
0x4451b0 SetLastError
0x4451b4 HeapDestroy
0x4451b8 HeapCreate
0x4451bc HeapFree
0x4451c0 VirtualFree
0x4451c4 HeapAlloc
0x4451c8 GetCurrentProcess
0x4451cc UnhandledExceptionFilter
0x4451d0 IsDebuggerPresent
0x4451d4 HeapSize
0x4451d8 HeapReAlloc
0x4451dc VirtualAlloc
0x4451e0 GetACP
0x4451e4 GetOEMCP
0x4451e8 GetCPInfo
0x4451ec IsValidCodePage
0x4451f0 InitializeCriticalSectionAndSpinCount
0x4451f4 WriteConsoleA
0x4451f8 GetConsoleOutputCP
0x4451fc WriteConsoleW
0x445200 MultiByteToWideChar
0x445204 SetFilePointer
0x445208 RtlUnwind
0x44520c DebugBreak
0x445210 OutputDebugStringA
0x445214 OutputDebugStringW
0x445218 LoadLibraryW
0x44521c LCMapStringW
0x445220 GetStringTypeA
0x445224 GetStringTypeW
0x445228 GetLocaleInfoA
0x44522c CreateFileA
0x445230 CloseHandle
0x445234 GetModuleHandleA
USER32.dll
0x44523c GetMenuCheckMarkDimensions
0x445240 GetMenuInfo
0x445244 GetMenuBarInfo
EAT(Export Address Table) is none
KERNEL32.dll
0x445000 EnumResourceNamesW
0x445004 SearchPathW
0x445008 FindFirstFileW
0x44500c TlsGetValue
0x445010 SetLocalTime
0x445014 GetDriveTypeW
0x445018 GetNumberOfConsoleInputEvents
0x44501c FindResourceExW
0x445020 CallNamedPipeA
0x445024 InterlockedIncrement
0x445028 InitializeSListHead
0x44502c GlobalLock
0x445030 SetComputerNameW
0x445034 GetComputerNameW
0x445038 GetCommProperties
0x44503c FreeEnvironmentStringsA
0x445040 SetTapeParameters
0x445044 GetModuleHandleW
0x445048 GenerateConsoleCtrlEvent
0x44504c GetConsoleAliasesLengthA
0x445050 GetPrivateProfileStringW
0x445054 GetConsoleTitleA
0x445058 GetCommandLineA
0x44505c GetSystemWow64DirectoryA
0x445060 CreateDirectoryExW
0x445064 InitializeCriticalSection
0x445068 GlobalAlloc
0x44506c AddRefActCtx
0x445070 GetVolumeInformationA
0x445074 Sleep
0x445078 ReadFileScatter
0x44507c GetSystemWindowsDirectoryA
0x445080 GetSystemTimeAdjustment
0x445084 GetVersionExW
0x445088 GlobalFlags
0x44508c GetBinaryTypeA
0x445090 TerminateProcess
0x445094 IsDBCSLeadByte
0x445098 ReadFile
0x44509c CompareStringW
0x4450a0 lstrlenW
0x4450a4 SetConsoleTitleA
0x4450a8 LCMapStringA
0x4450ac VerifyVersionInfoW
0x4450b0 CreateDirectoryA
0x4450b4 InterlockedExchange
0x4450b8 GetFileSizeEx
0x4450bc GetCurrentDirectoryW
0x4450c0 GetProcAddress
0x4450c4 SetVolumeLabelW
0x4450c8 WriteProfileSectionA
0x4450cc FreeUserPhysicalPages
0x4450d0 BuildCommDCBW
0x4450d4 OpenWaitableTimerA
0x4450d8 LoadLibraryA
0x4450dc Process32FirstW
0x4450e0 OpenMutexA
0x4450e4 SetConsoleOutputCP
0x4450e8 AddAtomW
0x4450ec SetFileApisToANSI
0x4450f0 FindAtomA
0x4450f4 GetTapeParameters
0x4450f8 GetSystemInfo
0x4450fc EnumResourceTypesW
0x445100 CreateIoCompletionPort
0x445104 FreeEnvironmentStringsW
0x445108 FindNextFileW
0x44510c RequestWakeupLatency
0x445110 GetConsoleCursorInfo
0x445114 ScrollConsoleScreenBufferA
0x445118 SetCalendarInfoA
0x44511c GetWindowsDirectoryW
0x445120 GetProfileSectionW
0x445124 CopyFileExA
0x445128 DeleteFileA
0x44512c FlushFileBuffers
0x445130 GetLastError
0x445134 MoveFileA
0x445138 GetStartupInfoA
0x44513c HeapValidate
0x445140 IsBadReadPtr
0x445144 RaiseException
0x445148 LeaveCriticalSection
0x44514c EnterCriticalSection
0x445150 SetStdHandle
0x445154 GetFileType
0x445158 WriteFile
0x44515c WideCharToMultiByte
0x445160 GetConsoleCP
0x445164 GetConsoleMode
0x445168 DeleteCriticalSection
0x44516c GetModuleFileNameW
0x445170 SetUnhandledExceptionFilter
0x445174 QueryPerformanceCounter
0x445178 GetTickCount
0x44517c GetCurrentThreadId
0x445180 GetCurrentProcessId
0x445184 GetSystemTimeAsFileTime
0x445188 InterlockedDecrement
0x44518c ExitProcess
0x445190 GetModuleFileNameA
0x445194 GetEnvironmentStrings
0x445198 GetEnvironmentStringsW
0x44519c SetHandleCount
0x4451a0 GetStdHandle
0x4451a4 TlsAlloc
0x4451a8 TlsSetValue
0x4451ac TlsFree
0x4451b0 SetLastError
0x4451b4 HeapDestroy
0x4451b8 HeapCreate
0x4451bc HeapFree
0x4451c0 VirtualFree
0x4451c4 HeapAlloc
0x4451c8 GetCurrentProcess
0x4451cc UnhandledExceptionFilter
0x4451d0 IsDebuggerPresent
0x4451d4 HeapSize
0x4451d8 HeapReAlloc
0x4451dc VirtualAlloc
0x4451e0 GetACP
0x4451e4 GetOEMCP
0x4451e8 GetCPInfo
0x4451ec IsValidCodePage
0x4451f0 InitializeCriticalSectionAndSpinCount
0x4451f4 WriteConsoleA
0x4451f8 GetConsoleOutputCP
0x4451fc WriteConsoleW
0x445200 MultiByteToWideChar
0x445204 SetFilePointer
0x445208 RtlUnwind
0x44520c DebugBreak
0x445210 OutputDebugStringA
0x445214 OutputDebugStringW
0x445218 LoadLibraryW
0x44521c LCMapStringW
0x445220 GetStringTypeA
0x445224 GetStringTypeW
0x445228 GetLocaleInfoA
0x44522c CreateFileA
0x445230 CloseHandle
0x445234 GetModuleHandleA
USER32.dll
0x44523c GetMenuCheckMarkDimensions
0x445240 GetMenuInfo
0x445244 GetMenuBarInfo
EAT(Export Address Table) is none