ScreenShot
| Created | 2021.06.30 15:09 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | b9f3efaa0601ad882c2409c0a18c5840 | ||
| sha256 | 0b8fa4431b582b06f77e3c8c94947a50b6c4baf85081a10aff52f7738e4beb4a | ||
| ssdeep | 6144:MHe8s7IoAXzzft9R1ThGZQ315lS2JtYntlo2Ea4JxpEVP/Y:MoAXt9R1FG21C20wBJwV | ||
| imphash | 082e9d7628311472d52904fc98c0610d | ||
| impfuzzy | 48:ACB1Dae6OXPmiX8B0uXFE7JTOX6+fcft2MaEG00KdTcgePp:ZtlFw0uXaFTh+fcftKEGLKdTcgk | ||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| watch | Communicates with host for which no DNS query was performed |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x439000 GetComputerNameA
0x439004 WritePrivateProfileStructA
0x439008 GetConsoleAliasesLengthW
0x43900c CopyFileExW
0x439010 TlsGetValue
0x439014 CommConfigDialogA
0x439018 GetDefaultCommConfigW
0x43901c FindResourceExW
0x439020 GetProcessIoCounters
0x439024 MapUserPhysicalPages
0x439028 FreeLibrary
0x43902c CallNamedPipeA
0x439030 GetCommState
0x439034 InterlockedDecrement
0x439038 ZombifyActCtx
0x43903c ScrollConsoleScreenBufferW
0x439040 GetSystemWindowsDirectoryW
0x439044 GetNamedPipeHandleStateA
0x439048 GlobalLock
0x43904c SetConsoleScreenBufferSize
0x439050 WriteConsoleInputA
0x439054 SetComputerNameW
0x439058 CreateDirectoryExA
0x43905c GetModuleHandleW
0x439060 CreateNamedPipeW
0x439064 GetPrivateProfileStringW
0x439068 WriteFileGather
0x43906c SetProcessPriorityBoost
0x439070 GetSystemDirectoryW
0x439074 LoadLibraryW
0x439078 GetConsoleMode
0x43907c SetCommConfig
0x439080 SizeofResource
0x439084 GetSystemWow64DirectoryW
0x439088 GetSystemTimeAdjustment
0x43908c InterlockedPopEntrySList
0x439090 GlobalFlags
0x439094 GetBinaryTypeA
0x439098 ReadFile
0x43909c GetBinaryTypeW
0x4390a0 GetOverlappedResult
0x4390a4 CompareStringW
0x4390a8 ExitThread
0x4390ac lstrlenW
0x4390b0 GetStartupInfoW
0x4390b4 LCMapStringA
0x4390b8 VerifyVersionInfoW
0x4390bc CreateDirectoryA
0x4390c0 GetProfileIntA
0x4390c4 GetFileSizeEx
0x4390c8 SetCurrentDirectoryA
0x4390cc SetThreadLocale
0x4390d0 GetCPInfoExW
0x4390d4 OpenMutexW
0x4390d8 GetCurrentDirectoryW
0x4390dc ReadConsoleOutputCharacterA
0x4390e0 GetProcessHeaps
0x4390e4 SetVolumeLabelW
0x4390e8 WriteProfileSectionA
0x4390ec SetStdHandle
0x4390f0 SearchPathA
0x4390f4 GetLocalTime
0x4390f8 GetAtomNameA
0x4390fc LoadLibraryA
0x439100 LocalAlloc
0x439104 SetCalendarInfoW
0x439108 SetConsoleCtrlHandler
0x43910c SetConsoleWindowInfo
0x439110 GetTapeParameters
0x439114 WTSGetActiveConsoleSessionId
0x439118 SetConsoleTitleW
0x43911c GetProcessShutdownParameters
0x439120 CreateMutexA
0x439124 FreeEnvironmentStringsW
0x439128 RequestWakeupLatency
0x43912c VirtualProtect
0x439130 GetCPInfoExA
0x439134 GetVersionExA
0x439138 FindAtomW
0x43913c GetWindowsDirectoryW
0x439140 GetVersion
0x439144 GetVolumeNameForVolumeMountPointW
0x439148 DeleteFileW
0x43914c FindActCtxSectionStringW
0x439150 GetProfileSectionW
0x439154 CommConfigDialogW
0x439158 GetModuleHandleA
0x43915c InterlockedIncrement
0x439160 Sleep
0x439164 InitializeCriticalSection
0x439168 DeleteCriticalSection
0x43916c EnterCriticalSection
0x439170 LeaveCriticalSection
0x439174 TerminateProcess
0x439178 GetCurrentProcess
0x43917c UnhandledExceptionFilter
0x439180 SetUnhandledExceptionFilter
0x439184 IsDebuggerPresent
0x439188 GetModuleFileNameW
0x43918c GetCommandLineA
0x439190 GetStartupInfoA
0x439194 HeapValidate
0x439198 IsBadReadPtr
0x43919c RaiseException
0x4391a0 RtlUnwind
0x4391a4 GetLastError
0x4391a8 GetFileType
0x4391ac WriteFile
0x4391b0 WideCharToMultiByte
0x4391b4 GetConsoleCP
0x4391b8 GetProcAddress
0x4391bc TlsAlloc
0x4391c0 TlsSetValue
0x4391c4 GetCurrentThreadId
0x4391c8 TlsFree
0x4391cc SetLastError
0x4391d0 GetACP
0x4391d4 GetOEMCP
0x4391d8 GetCPInfo
0x4391dc IsValidCodePage
0x4391e0 DebugBreak
0x4391e4 GetStdHandle
0x4391e8 OutputDebugStringA
0x4391ec WriteConsoleW
0x4391f0 OutputDebugStringW
0x4391f4 ExitProcess
0x4391f8 QueryPerformanceCounter
0x4391fc GetTickCount
0x439200 GetCurrentProcessId
0x439204 GetSystemTimeAsFileTime
0x439208 GetModuleFileNameA
0x43920c FreeEnvironmentStringsA
0x439210 GetEnvironmentStrings
0x439214 GetEnvironmentStringsW
0x439218 SetHandleCount
0x43921c HeapDestroy
0x439220 HeapCreate
0x439224 HeapFree
0x439228 VirtualFree
0x43922c FlushFileBuffers
0x439230 HeapAlloc
0x439234 HeapSize
0x439238 HeapReAlloc
0x43923c VirtualAlloc
0x439240 MultiByteToWideChar
0x439244 GetStringTypeA
0x439248 GetStringTypeW
0x43924c GetLocaleInfoA
0x439250 InitializeCriticalSectionAndSpinCount
0x439254 WriteConsoleA
0x439258 GetConsoleOutputCP
0x43925c SetFilePointer
0x439260 LCMapStringW
0x439264 CreateFileA
0x439268 CloseHandle
USER32.dll
0x439270 GetCursorInfo
0x439274 GetMessageTime
EAT(Export Address Table) Library
0x430530 _hockey@4
0x430520 _hyppo@4
KERNEL32.dll
0x439000 GetComputerNameA
0x439004 WritePrivateProfileStructA
0x439008 GetConsoleAliasesLengthW
0x43900c CopyFileExW
0x439010 TlsGetValue
0x439014 CommConfigDialogA
0x439018 GetDefaultCommConfigW
0x43901c FindResourceExW
0x439020 GetProcessIoCounters
0x439024 MapUserPhysicalPages
0x439028 FreeLibrary
0x43902c CallNamedPipeA
0x439030 GetCommState
0x439034 InterlockedDecrement
0x439038 ZombifyActCtx
0x43903c ScrollConsoleScreenBufferW
0x439040 GetSystemWindowsDirectoryW
0x439044 GetNamedPipeHandleStateA
0x439048 GlobalLock
0x43904c SetConsoleScreenBufferSize
0x439050 WriteConsoleInputA
0x439054 SetComputerNameW
0x439058 CreateDirectoryExA
0x43905c GetModuleHandleW
0x439060 CreateNamedPipeW
0x439064 GetPrivateProfileStringW
0x439068 WriteFileGather
0x43906c SetProcessPriorityBoost
0x439070 GetSystemDirectoryW
0x439074 LoadLibraryW
0x439078 GetConsoleMode
0x43907c SetCommConfig
0x439080 SizeofResource
0x439084 GetSystemWow64DirectoryW
0x439088 GetSystemTimeAdjustment
0x43908c InterlockedPopEntrySList
0x439090 GlobalFlags
0x439094 GetBinaryTypeA
0x439098 ReadFile
0x43909c GetBinaryTypeW
0x4390a0 GetOverlappedResult
0x4390a4 CompareStringW
0x4390a8 ExitThread
0x4390ac lstrlenW
0x4390b0 GetStartupInfoW
0x4390b4 LCMapStringA
0x4390b8 VerifyVersionInfoW
0x4390bc CreateDirectoryA
0x4390c0 GetProfileIntA
0x4390c4 GetFileSizeEx
0x4390c8 SetCurrentDirectoryA
0x4390cc SetThreadLocale
0x4390d0 GetCPInfoExW
0x4390d4 OpenMutexW
0x4390d8 GetCurrentDirectoryW
0x4390dc ReadConsoleOutputCharacterA
0x4390e0 GetProcessHeaps
0x4390e4 SetVolumeLabelW
0x4390e8 WriteProfileSectionA
0x4390ec SetStdHandle
0x4390f0 SearchPathA
0x4390f4 GetLocalTime
0x4390f8 GetAtomNameA
0x4390fc LoadLibraryA
0x439100 LocalAlloc
0x439104 SetCalendarInfoW
0x439108 SetConsoleCtrlHandler
0x43910c SetConsoleWindowInfo
0x439110 GetTapeParameters
0x439114 WTSGetActiveConsoleSessionId
0x439118 SetConsoleTitleW
0x43911c GetProcessShutdownParameters
0x439120 CreateMutexA
0x439124 FreeEnvironmentStringsW
0x439128 RequestWakeupLatency
0x43912c VirtualProtect
0x439130 GetCPInfoExA
0x439134 GetVersionExA
0x439138 FindAtomW
0x43913c GetWindowsDirectoryW
0x439140 GetVersion
0x439144 GetVolumeNameForVolumeMountPointW
0x439148 DeleteFileW
0x43914c FindActCtxSectionStringW
0x439150 GetProfileSectionW
0x439154 CommConfigDialogW
0x439158 GetModuleHandleA
0x43915c InterlockedIncrement
0x439160 Sleep
0x439164 InitializeCriticalSection
0x439168 DeleteCriticalSection
0x43916c EnterCriticalSection
0x439170 LeaveCriticalSection
0x439174 TerminateProcess
0x439178 GetCurrentProcess
0x43917c UnhandledExceptionFilter
0x439180 SetUnhandledExceptionFilter
0x439184 IsDebuggerPresent
0x439188 GetModuleFileNameW
0x43918c GetCommandLineA
0x439190 GetStartupInfoA
0x439194 HeapValidate
0x439198 IsBadReadPtr
0x43919c RaiseException
0x4391a0 RtlUnwind
0x4391a4 GetLastError
0x4391a8 GetFileType
0x4391ac WriteFile
0x4391b0 WideCharToMultiByte
0x4391b4 GetConsoleCP
0x4391b8 GetProcAddress
0x4391bc TlsAlloc
0x4391c0 TlsSetValue
0x4391c4 GetCurrentThreadId
0x4391c8 TlsFree
0x4391cc SetLastError
0x4391d0 GetACP
0x4391d4 GetOEMCP
0x4391d8 GetCPInfo
0x4391dc IsValidCodePage
0x4391e0 DebugBreak
0x4391e4 GetStdHandle
0x4391e8 OutputDebugStringA
0x4391ec WriteConsoleW
0x4391f0 OutputDebugStringW
0x4391f4 ExitProcess
0x4391f8 QueryPerformanceCounter
0x4391fc GetTickCount
0x439200 GetCurrentProcessId
0x439204 GetSystemTimeAsFileTime
0x439208 GetModuleFileNameA
0x43920c FreeEnvironmentStringsA
0x439210 GetEnvironmentStrings
0x439214 GetEnvironmentStringsW
0x439218 SetHandleCount
0x43921c HeapDestroy
0x439220 HeapCreate
0x439224 HeapFree
0x439228 VirtualFree
0x43922c FlushFileBuffers
0x439230 HeapAlloc
0x439234 HeapSize
0x439238 HeapReAlloc
0x43923c VirtualAlloc
0x439240 MultiByteToWideChar
0x439244 GetStringTypeA
0x439248 GetStringTypeW
0x43924c GetLocaleInfoA
0x439250 InitializeCriticalSectionAndSpinCount
0x439254 WriteConsoleA
0x439258 GetConsoleOutputCP
0x43925c SetFilePointer
0x439260 LCMapStringW
0x439264 CreateFileA
0x439268 CloseHandle
USER32.dll
0x439270 GetCursorInfo
0x439274 GetMessageTime
EAT(Export Address Table) Library
0x430530 _hockey@4
0x430520 _hyppo@4