ScreenShot
| Created | 2021.07.09 10:27 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 34 detected (AIDetect, malware1, malicious, high confidence, Unsafe, Save, confidence, 100%, ZexaF, tuW@aK@@x7dG, Attribute, HighConfidence, Kryptik, HLQL, Graftor, PWSX, R + Troj, ai score=84, kcloud, Caynamer, score, BScope, Wacatac, Fareit, Auto, Static AI, Malicious PE, GenKryptik, FHII, susgen, QVM10) | ||
| md5 | ead27a4a9505a3008c0e7c93f92c4a16 | ||
| sha256 | 74498a0a179b34e0d1e4c278deb7563129cb30363094d50b3c4f579a6a967b62 | ||
| ssdeep | 6144:o/19Es1p0QJUMCnjy+QpxxKSuYarh8qbPRt68WV7:o/QwJUMCnjyJz6rWmRk8Y | ||
| imphash | 1dbe12a9786ef158bb6f891492426c2a | ||
| impfuzzy | 48:aCKbxPkb8AO6UJVJ9OS+fcft2MaEGAtlnlGX++D:m6lOZVJ9j+fcftKEGAtllGX5 | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| watch | Tries to unhook Windows functions monitored by Cuckoo |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Raccoon_Stealer_1_Zero | Raccoon Stealer | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x438000 GetFileSize
0x438004 SetFilePointer
0x438008 GetConsoleAliasesLengthW
0x43800c TlsGetValue
0x438010 GetConsoleAliasExesA
0x438014 SetLocalTime
0x438018 CommConfigDialogA
0x43801c GetProcessIoCounters
0x438020 FreeLibrary
0x438024 InterlockedDecrement
0x438028 ZombifyActCtx
0x43802c GetNamedPipeHandleStateA
0x438030 GlobalLock
0x438034 SetComputerNameW
0x438038 GetComputerNameW
0x43803c CreateDirectoryExA
0x438040 GetTickCount
0x438044 CreateNamedPipeW
0x438048 GetPrivateProfileStringW
0x43804c WriteFileGather
0x438050 SetProcessPriorityBoost
0x438054 GetSystemDirectoryW
0x438058 GetConsoleMode
0x43805c SetCommConfig
0x438060 SizeofResource
0x438064 GetSystemWow64DirectoryW
0x438068 SetSystemTimeAdjustment
0x43806c GetSystemWindowsDirectoryA
0x438070 GetVersionExW
0x438074 InterlockedPopEntrySList
0x438078 GlobalFlags
0x43807c ReadFile
0x438080 GetBinaryTypeW
0x438084 GetOverlappedResult
0x438088 CompareStringW
0x43808c ExitThread
0x438090 lstrlenW
0x438094 GetStartupInfoW
0x438098 VerifyVersionInfoW
0x43809c CreateDirectoryA
0x4380a0 SetCurrentDirectoryA
0x4380a4 GetCurrentDirectoryW
0x4380a8 ReadConsoleOutputCharacterA
0x4380ac GetProcessHeaps
0x4380b0 WriteProfileSectionA
0x4380b4 SetStdHandle
0x4380b8 FreeUserPhysicalPages
0x4380bc SearchPathA
0x4380c0 GetAtomNameA
0x4380c4 LoadLibraryA
0x4380c8 Process32FirstW
0x4380cc LocalAlloc
0x4380d0 SetCalendarInfoW
0x4380d4 SetConsoleCtrlHandler
0x4380d8 VirtualLock
0x4380dc SetConsoleWindowInfo
0x4380e0 GetTapeParameters
0x4380e4 WriteProfileStringA
0x4380e8 WTSGetActiveConsoleSessionId
0x4380ec SetConsoleTitleW
0x4380f0 GetModuleHandleA
0x4380f4 GetProcessShutdownParameters
0x4380f8 QueryMemoryResourceNotification
0x4380fc FreeEnvironmentStringsW
0x438100 RequestWakeupLatency
0x438104 VirtualProtect
0x438108 GetCPInfoExA
0x43810c FindAtomW
0x438110 GetWindowsDirectoryW
0x438114 GetVersion
0x438118 GetVolumeNameForVolumeMountPointW
0x43811c GetCurrentProcessId
0x438120 FindActCtxSectionStringW
0x438124 GetProfileSectionW
0x438128 LCMapStringW
0x43812c CopyFileExA
0x438130 DeleteFileA
0x438134 InterlockedIncrement
0x438138 Sleep
0x43813c InitializeCriticalSection
0x438140 DeleteCriticalSection
0x438144 EnterCriticalSection
0x438148 LeaveCriticalSection
0x43814c TerminateProcess
0x438150 GetCurrentProcess
0x438154 UnhandledExceptionFilter
0x438158 SetUnhandledExceptionFilter
0x43815c IsDebuggerPresent
0x438160 GetModuleFileNameW
0x438164 GetCommandLineA
0x438168 GetStartupInfoA
0x43816c HeapValidate
0x438170 IsBadReadPtr
0x438174 RaiseException
0x438178 RtlUnwind
0x43817c GetProcAddress
0x438180 GetModuleHandleW
0x438184 TlsAlloc
0x438188 TlsSetValue
0x43818c GetCurrentThreadId
0x438190 TlsFree
0x438194 SetLastError
0x438198 GetLastError
0x43819c GetACP
0x4381a0 GetOEMCP
0x4381a4 GetCPInfo
0x4381a8 IsValidCodePage
0x4381ac DebugBreak
0x4381b0 GetStdHandle
0x4381b4 WriteFile
0x4381b8 OutputDebugStringA
0x4381bc WriteConsoleW
0x4381c0 GetFileType
0x4381c4 OutputDebugStringW
0x4381c8 ExitProcess
0x4381cc LoadLibraryW
0x4381d0 QueryPerformanceCounter
0x4381d4 GetSystemTimeAsFileTime
0x4381d8 GetModuleFileNameA
0x4381dc FreeEnvironmentStringsA
0x4381e0 GetEnvironmentStrings
0x4381e4 WideCharToMultiByte
0x4381e8 GetEnvironmentStringsW
0x4381ec SetHandleCount
0x4381f0 HeapDestroy
0x4381f4 HeapCreate
0x4381f8 HeapFree
0x4381fc VirtualFree
0x438200 FlushFileBuffers
0x438204 GetConsoleCP
0x438208 HeapAlloc
0x43820c HeapSize
0x438210 HeapReAlloc
0x438214 VirtualAlloc
0x438218 MultiByteToWideChar
0x43821c GetStringTypeA
0x438220 GetStringTypeW
0x438224 GetLocaleInfoA
0x438228 LCMapStringA
0x43822c InitializeCriticalSectionAndSpinCount
0x438230 WriteConsoleA
0x438234 GetConsoleOutputCP
0x438238 CloseHandle
0x43823c CreateFileA
USER32.dll
0x438244 GetComboBoxInfo
0x438248 GetCursorInfo
EAT(Export Address Table) Library
0x436192 _hockey@4
0x436189 _kimonu_Lalacer_cuf@8
KERNEL32.dll
0x438000 GetFileSize
0x438004 SetFilePointer
0x438008 GetConsoleAliasesLengthW
0x43800c TlsGetValue
0x438010 GetConsoleAliasExesA
0x438014 SetLocalTime
0x438018 CommConfigDialogA
0x43801c GetProcessIoCounters
0x438020 FreeLibrary
0x438024 InterlockedDecrement
0x438028 ZombifyActCtx
0x43802c GetNamedPipeHandleStateA
0x438030 GlobalLock
0x438034 SetComputerNameW
0x438038 GetComputerNameW
0x43803c CreateDirectoryExA
0x438040 GetTickCount
0x438044 CreateNamedPipeW
0x438048 GetPrivateProfileStringW
0x43804c WriteFileGather
0x438050 SetProcessPriorityBoost
0x438054 GetSystemDirectoryW
0x438058 GetConsoleMode
0x43805c SetCommConfig
0x438060 SizeofResource
0x438064 GetSystemWow64DirectoryW
0x438068 SetSystemTimeAdjustment
0x43806c GetSystemWindowsDirectoryA
0x438070 GetVersionExW
0x438074 InterlockedPopEntrySList
0x438078 GlobalFlags
0x43807c ReadFile
0x438080 GetBinaryTypeW
0x438084 GetOverlappedResult
0x438088 CompareStringW
0x43808c ExitThread
0x438090 lstrlenW
0x438094 GetStartupInfoW
0x438098 VerifyVersionInfoW
0x43809c CreateDirectoryA
0x4380a0 SetCurrentDirectoryA
0x4380a4 GetCurrentDirectoryW
0x4380a8 ReadConsoleOutputCharacterA
0x4380ac GetProcessHeaps
0x4380b0 WriteProfileSectionA
0x4380b4 SetStdHandle
0x4380b8 FreeUserPhysicalPages
0x4380bc SearchPathA
0x4380c0 GetAtomNameA
0x4380c4 LoadLibraryA
0x4380c8 Process32FirstW
0x4380cc LocalAlloc
0x4380d0 SetCalendarInfoW
0x4380d4 SetConsoleCtrlHandler
0x4380d8 VirtualLock
0x4380dc SetConsoleWindowInfo
0x4380e0 GetTapeParameters
0x4380e4 WriteProfileStringA
0x4380e8 WTSGetActiveConsoleSessionId
0x4380ec SetConsoleTitleW
0x4380f0 GetModuleHandleA
0x4380f4 GetProcessShutdownParameters
0x4380f8 QueryMemoryResourceNotification
0x4380fc FreeEnvironmentStringsW
0x438100 RequestWakeupLatency
0x438104 VirtualProtect
0x438108 GetCPInfoExA
0x43810c FindAtomW
0x438110 GetWindowsDirectoryW
0x438114 GetVersion
0x438118 GetVolumeNameForVolumeMountPointW
0x43811c GetCurrentProcessId
0x438120 FindActCtxSectionStringW
0x438124 GetProfileSectionW
0x438128 LCMapStringW
0x43812c CopyFileExA
0x438130 DeleteFileA
0x438134 InterlockedIncrement
0x438138 Sleep
0x43813c InitializeCriticalSection
0x438140 DeleteCriticalSection
0x438144 EnterCriticalSection
0x438148 LeaveCriticalSection
0x43814c TerminateProcess
0x438150 GetCurrentProcess
0x438154 UnhandledExceptionFilter
0x438158 SetUnhandledExceptionFilter
0x43815c IsDebuggerPresent
0x438160 GetModuleFileNameW
0x438164 GetCommandLineA
0x438168 GetStartupInfoA
0x43816c HeapValidate
0x438170 IsBadReadPtr
0x438174 RaiseException
0x438178 RtlUnwind
0x43817c GetProcAddress
0x438180 GetModuleHandleW
0x438184 TlsAlloc
0x438188 TlsSetValue
0x43818c GetCurrentThreadId
0x438190 TlsFree
0x438194 SetLastError
0x438198 GetLastError
0x43819c GetACP
0x4381a0 GetOEMCP
0x4381a4 GetCPInfo
0x4381a8 IsValidCodePage
0x4381ac DebugBreak
0x4381b0 GetStdHandle
0x4381b4 WriteFile
0x4381b8 OutputDebugStringA
0x4381bc WriteConsoleW
0x4381c0 GetFileType
0x4381c4 OutputDebugStringW
0x4381c8 ExitProcess
0x4381cc LoadLibraryW
0x4381d0 QueryPerformanceCounter
0x4381d4 GetSystemTimeAsFileTime
0x4381d8 GetModuleFileNameA
0x4381dc FreeEnvironmentStringsA
0x4381e0 GetEnvironmentStrings
0x4381e4 WideCharToMultiByte
0x4381e8 GetEnvironmentStringsW
0x4381ec SetHandleCount
0x4381f0 HeapDestroy
0x4381f4 HeapCreate
0x4381f8 HeapFree
0x4381fc VirtualFree
0x438200 FlushFileBuffers
0x438204 GetConsoleCP
0x438208 HeapAlloc
0x43820c HeapSize
0x438210 HeapReAlloc
0x438214 VirtualAlloc
0x438218 MultiByteToWideChar
0x43821c GetStringTypeA
0x438220 GetStringTypeW
0x438224 GetLocaleInfoA
0x438228 LCMapStringA
0x43822c InitializeCriticalSectionAndSpinCount
0x438230 WriteConsoleA
0x438234 GetConsoleOutputCP
0x438238 CloseHandle
0x43823c CreateFileA
USER32.dll
0x438244 GetComboBoxInfo
0x438248 GetCursorInfo
EAT(Export Address Table) Library
0x436192 _hockey@4
0x436189 _kimonu_Lalacer_cuf@8