Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.07.28 09:35	Machine	s1_win7_x6401
Filename	vbc.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	6	Behavior Score	8.8
ZERO API	file : malware
VT API (file)	30 detected (AIDetect, malware1, malicious, high confidence, Zusy, QUFK, Attribute, HighConfidence, EPVD, AveMaria, DownLoader40, Fareit, FCVN, AVeMariaRAT, score, ai score=80, Unsafe, ZelphiF, PKW@a0VMAsbi, GdSda)
md5	18e38eae3d407418b879271c9b5736bd
sha256	38ba862149962bc5a10825a2b818391624cda439fcb3f6212b75d84eeeb4f70c
ssdeep	12288:mDPmOzS2AO+GBDfNj/nNImvYGU3F4JDW6xpYMeAEGGQPN+BRKa:0eJ2Aq9p/nWmwG845W6xKMeWP
imphash	8334ffffda06cacb2b113ba9de8c078a
impfuzzy	192:oN3MSbuutxSUvK9two1XEp4EJLUKG1QjEPOQP:O3Btq9J6A19POQP

Network IP location

Signature (18cnts)

Level	Description
danger	File has been identified by 30 AntiVirus engines on VirusTotal as malicious
warning	Generates some ICMP traffic
watch	Allocates execute permission to another process indicative of possible code injection
watch	Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch	Manipulates memory of a non-child process indicative of process injection
watch	Network activity contains more than one unique useragent
watch	One or more of the buffers contains an embedded PE file
watch	Potential code injection by writing to the memory of another process
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	One or more potentially interesting buffers were extracted
notice	Performs some HTTP requests
notice	Sends data using the HTTP POST Method
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	The executable uses a known packer
info	The file contains an unknown PE resource name possibly indicative of a packer

Rules (4cnts)

Level	Name	Description	Collection
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (29cnts) ?

Request	ASN Co	IP4	Rule ?	ZERO ?
http://www.brightimewatches.com/bsk9/ whois	COGECO-PEER1	64.34.75.141	2990	mailcious
http://www.mycupofteainnovations.com/bsk9/ whois	AS-26496-GO-DADDY-COM-LLC	182.50.132.242	2987	mailcious
http://www.mycupofteainnovations.com/bsk9/?t8o4nPp=Si5ZJRft9DXQG2cDg3004meRUKMojHlA9AsgkzbvAOzWsE4N89OHu/2KBDAzoyeOENkp7ks8&jPj8q=Klh8 whois	AS-26496-GO-DADDY-COM-LLC	182.50.132.242	2987	mailcious
http://www.texttalktv.com/bsk9/?t8o4nPp=1ZhD0vtF2duhbIhiPjCtKCwSgB3qgGhCJxQx1JqwbXK1OmkrsYZcetPPHcWMEPEbw96IhHtQ&jPj8q=Klh8 whois	GOOGLE	34.102.136.180		clean
http://www.tombison.com/bsk9/ whois	AS-26496-GO-DADDY-COM-LLC	208.109.22.100		clean
http://www.tombison.com/bsk9/?t8o4nPp=ogtt1MRFxFLond3QItB5pQGTqAA1l5pj16H7SQAv8iWZ8sAVaMDbEFV2t+4JtDPR25+GXpiQ&jPj8q=Klh8 whois	AS-26496-GO-DADDY-COM-LLC	208.109.22.100		clean
http://www.brightimewatches.com/bsk9/?t8o4nPp=kaXVI8mGssjTav/La5mnkdXKeQWIgX/VfzBlfkVGxIFVCgMTzil3/n4Sv05bj+iGu4kpHiKs&jPj8q=Klh8 whois	COGECO-PEER1	64.34.75.141	2990	mailcious
http://www.designtechnician.com/bsk9/ whois	NATCOWEB	88.214.207.96		clean
http://www.designtechnician.com/bsk9/?t8o4nPp=TvVK73TRf5j6s1n7h7T5c3CBRbgVn1dkElf2PsyhDBWyU3z8P+JBq7DG4FpqoYni6N2IZF7Y&jPj8q=Klh8 whois	NATCOWEB	88.214.207.96		clean
http://www.ds-117.com/bsk9/ whois	GOOGLE	34.102.136.180		clean
http://www.ds-117.com/bsk9/?t8o4nPp=hooPU96Upk2pq/4iMoeF2F/+J701iyWmziTSNhhyumhkPjSDDokaN9dimgHfx2T3RL15aR4L&jPj8q=Klh8 whois	GOOGLE	34.102.136.180		clean
http://www.texttalktv.com/bsk9/ whois	GOOGLE	34.102.136.180		clean
https://cdn.discordapp.com/attachments/862558875870036001/869107915900989440/Mnwgrkqawpzldlsoxhgayuiojpposxx whois		162.159.134.233		clean
www.zc168sl.com whois				clean
www.texttalktv.com whois	GOOGLE	34.102.136.180		clean
www.mycupofteainnovations.com whois	AS-26496-GO-DADDY-COM-LLC	182.50.132.242		clean
www.tombison.com whois	AS-26496-GO-DADDY-COM-LLC	208.109.22.100		clean
www.brightimewatches.com whois	COGECO-PEER1	64.34.75.141		clean
www.designtechnician.com whois	NATCOWEB	88.214.207.96		clean
cdn.discordapp.com whois		162.159.129.233		malware
www.ds-117.com whois	GOOGLE	34.102.136.180		clean
www.kevops.xyz whois				clean
www.postyachtforsale.info whois				clean
162.159.134.233 whois		162.159.134.233		malware
64.34.75.141 whois	COGECO-PEER1	64.34.75.141		mailcious
34.102.136.180 whois	GOOGLE	34.102.136.180		mailcious
182.50.132.242 whois	AS-26496-GO-DADDY-COM-LLC	182.50.132.242		mailcious
88.214.207.96 whois	NATCOWEB	88.214.207.96		mailcious
208.109.22.100 whois	AS-26496-GO-DADDY-COM-LLC	208.109.22.100		clean

Suricata ids

PE API

IAT(Import Address Table) Library

oleaut32.dll
0x474848 SysFreeString
0x47484c SysReAllocStringLen
0x474850 SysAllocStringLen
advapi32.dll
0x474858 RegQueryValueExA
0x47485c RegOpenKeyExA
0x474860 RegCloseKey
user32.dll
0x474868 GetKeyboardType
0x47486c DestroyWindow
0x474870 LoadStringA
0x474874 MessageBoxA
0x474878 CharNextA
kernel32.dll
0x474880 GetACP
0x474884 Sleep
0x474888 VirtualFree
0x47488c VirtualAlloc
0x474890 GetCurrentThreadId
0x474894 InterlockedDecrement
0x474898 InterlockedIncrement
0x47489c VirtualQuery
0x4748a0 WideCharToMultiByte
0x4748a4 MultiByteToWideChar
0x4748a8 lstrlenA
0x4748ac lstrcpynA
0x4748b0 LoadLibraryExA
0x4748b4 GetThreadLocale
0x4748b8 GetStartupInfoA
0x4748bc GetProcAddress
0x4748c0 GetModuleHandleA
0x4748c4 GetModuleFileNameA
0x4748c8 GetLocaleInfoA
0x4748cc GetLastError
0x4748d0 GetCommandLineA
0x4748d4 FreeLibrary
0x4748d8 FindFirstFileA
0x4748dc FindClose
0x4748e0 ExitProcess
0x4748e4 CompareStringA
0x4748e8 WriteFile
0x4748ec UnhandledExceptionFilter
0x4748f0 SetFilePointer
0x4748f4 SetEndOfFile
0x4748f8 RtlUnwind
0x4748fc ReadFile
0x474900 RaiseException
0x474904 GetStdHandle
0x474908 GetFileSize
0x47490c GetFileType
0x474910 CreateFileA
0x474914 CloseHandle
kernel32.dll
0x47491c TlsSetValue
0x474920 TlsGetValue
0x474924 LocalAlloc
0x474928 GetModuleHandleA
user32.dll
0x474930 CreateWindowExA
0x474934 WindowFromPoint
0x474938 WaitMessage
0x47493c UpdateWindow
0x474940 UnregisterClassA
0x474944 UnhookWindowsHookEx
0x474948 TranslateMessage
0x47494c TranslateMDISysAccel
0x474950 TrackPopupMenu
0x474954 SystemParametersInfoA
0x474958 ShowWindow
0x47495c ShowScrollBar
0x474960 ShowOwnedPopups
0x474964 ShowCursor
0x474968 SetWindowsHookExA
0x47496c SetWindowTextA
0x474970 SetWindowPos
0x474974 SetWindowPlacement
0x474978 SetWindowLongW
0x47497c SetWindowLongA
0x474980 SetTimer
0x474984 SetScrollRange
0x474988 SetScrollPos
0x47498c SetScrollInfo
0x474990 SetRect
0x474994 SetPropA
0x474998 SetParent
0x47499c SetMenuItemInfoA
0x4749a0 SetMenu
0x4749a4 SetForegroundWindow
0x4749a8 SetFocus
0x4749ac SetCursor
0x4749b0 SetClassLongA
0x4749b4 SetCapture
0x4749b8 SetActiveWindow
0x4749bc SendMessageW
0x4749c0 SendMessageA
0x4749c4 ScrollWindow
0x4749c8 ScreenToClient
0x4749cc RemovePropA
0x4749d0 RemoveMenu
0x4749d4 ReleaseDC
0x4749d8 ReleaseCapture
0x4749dc RegisterWindowMessageA
0x4749e0 RegisterClipboardFormatA
0x4749e4 RegisterClassA
0x4749e8 RedrawWindow
0x4749ec PtInRect
0x4749f0 PostQuitMessage
0x4749f4 PostMessageA
0x4749f8 PeekMessageW
0x4749fc PeekMessageA
0x474a00 OffsetRect
0x474a04 OemToCharA
0x474a08 MsgWaitForMultipleObjects
0x474a0c MessageBoxA
0x474a10 MapWindowPoints
0x474a14 MapVirtualKeyA
0x474a18 LoadStringA
0x474a1c LoadKeyboardLayoutA
0x474a20 LoadImageA
0x474a24 LoadIconA
0x474a28 LoadCursorA
0x474a2c LoadBitmapA
0x474a30 KillTimer
0x474a34 IsZoomed
0x474a38 IsWindowVisible
0x474a3c IsWindowUnicode
0x474a40 IsWindowEnabled
0x474a44 IsWindow
0x474a48 IsRectEmpty
0x474a4c IsIconic
0x474a50 IsDialogMessageW
0x474a54 IsDialogMessageA
0x474a58 IsChild
0x474a5c InvalidateRect
0x474a60 IntersectRect
0x474a64 InsertMenuItemA
0x474a68 InsertMenuA
0x474a6c InflateRect
0x474a70 GetWindowThreadProcessId
0x474a74 GetWindowTextA
0x474a78 GetWindowRect
0x474a7c GetWindowPlacement
0x474a80 GetWindowLongW
0x474a84 GetWindowLongA
0x474a88 GetWindowDC
0x474a8c GetTopWindow
0x474a90 GetSystemMetrics
0x474a94 GetSystemMenu
0x474a98 GetSysColorBrush
0x474a9c GetSysColor
0x474aa0 GetSubMenu
0x474aa4 GetScrollRange
0x474aa8 GetScrollPos
0x474aac GetScrollInfo
0x474ab0 GetPropA
0x474ab4 GetParent
0x474ab8 GetWindow
0x474abc GetMessagePos
0x474ac0 GetMenuStringA
0x474ac4 GetMenuState
0x474ac8 GetMenuItemInfoA
0x474acc GetMenuItemID
0x474ad0 GetMenuItemCount
0x474ad4 GetMenu
0x474ad8 GetLastActivePopup
0x474adc GetKeyboardState
0x474ae0 GetKeyboardLayoutNameA
0x474ae4 GetKeyboardLayoutList
0x474ae8 GetKeyboardLayout
0x474aec GetKeyState
0x474af0 GetKeyNameTextA
0x474af4 GetIconInfo
0x474af8 GetForegroundWindow
0x474afc GetFocus
0x474b00 GetDesktopWindow
0x474b04 GetDCEx
0x474b08 GetDC
0x474b0c GetCursorPos
0x474b10 GetCursor
0x474b14 GetClipboardData
0x474b18 GetClientRect
0x474b1c GetClassLongA
0x474b20 GetClassInfoA
0x474b24 GetCapture
0x474b28 GetActiveWindow
0x474b2c FrameRect
0x474b30 FindWindowA
0x474b34 FillRect
0x474b38 EqualRect
0x474b3c EnumWindows
0x474b40 EnumThreadWindows
0x474b44 EnumChildWindows
0x474b48 EndPaint
0x474b4c EnableWindow
0x474b50 EnableScrollBar
0x474b54 EnableMenuItem
0x474b58 DrawTextA
0x474b5c DrawMenuBar
0x474b60 DrawIconEx
0x474b64 DrawIcon
0x474b68 DrawFrameControl
0x474b6c DrawEdge
0x474b70 DispatchMessageW
0x474b74 DispatchMessageA
0x474b78 DestroyWindow
0x474b7c DestroyMenu
0x474b80 DestroyIcon
0x474b84 DestroyCursor
0x474b88 DeleteMenu
0x474b8c DefWindowProcA
0x474b90 DefMDIChildProcA
0x474b94 DefFrameProcA
0x474b98 CreatePopupMenu
0x474b9c CreateMenu
0x474ba0 CreateIcon
0x474ba4 ClientToScreen
0x474ba8 CheckMenuItem
0x474bac ChangeDisplaySettingsA
0x474bb0 CallWindowProcA
0x474bb4 CallNextHookEx
0x474bb8 BeginPaint
0x474bbc CharNextA
0x474bc0 CharLowerBuffA
0x474bc4 CharLowerA
0x474bc8 CharToOemA
0x474bcc AdjustWindowRectEx
0x474bd0 ActivateKeyboardLayout
opengl32.dll
0x474bd8 wglMakeCurrent
0x474bdc wglDeleteContext
0x474be0 wglCreateContext
gdi32.dll
0x474be8 UnrealizeObject
0x474bec SwapBuffers
0x474bf0 StretchBlt
0x474bf4 SetWindowOrgEx
0x474bf8 SetWinMetaFileBits
0x474bfc SetViewportOrgEx
0x474c00 SetTextColor
0x474c04 SetStretchBltMode
0x474c08 SetROP2
0x474c0c SetPixelFormat
0x474c10 SetPixel
0x474c14 SetEnhMetaFileBits
0x474c18 SetDIBColorTable
0x474c1c SetBrushOrgEx
0x474c20 SetBkMode
0x474c24 SetBkColor
0x474c28 SelectPalette
0x474c2c SelectObject
0x474c30 SaveDC
0x474c34 RestoreDC
0x474c38 RectVisible
0x474c3c RealizePalette
0x474c40 PlayEnhMetaFile
0x474c44 PatBlt
0x474c48 MoveToEx
0x474c4c MaskBlt
0x474c50 LineTo
0x474c54 IntersectClipRect
0x474c58 GetWindowOrgEx
0x474c5c GetWinMetaFileBits
0x474c60 GetTextMetricsA
0x474c64 GetTextExtentPoint32A
0x474c68 GetSystemPaletteEntries
0x474c6c GetStockObject
0x474c70 GetRgnBox
0x474c74 GetPixel
0x474c78 GetPaletteEntries
0x474c7c GetObjectA
0x474c80 GetEnhMetaFilePaletteEntries
0x474c84 GetEnhMetaFileHeader
0x474c88 GetEnhMetaFileBits
0x474c8c GetDeviceCaps
0x474c90 GetDIBits
0x474c94 GetDIBColorTable
0x474c98 GetDCOrgEx
0x474c9c GetCurrentPositionEx
0x474ca0 GetClipBox
0x474ca4 GetBrushOrgEx
0x474ca8 GetBitmapBits
0x474cac GdiFlush
0x474cb0 ExcludeClipRect
0x474cb4 DeleteObject
0x474cb8 DeleteEnhMetaFile
0x474cbc DeleteDC
0x474cc0 CreateSolidBrush
0x474cc4 CreatePenIndirect
0x474cc8 CreatePalette
0x474ccc CreateHalftonePalette
0x474cd0 CreateFontIndirectA
0x474cd4 CreateDIBitmap
0x474cd8 CreateDIBSection
0x474cdc CreateCompatibleDC
0x474ce0 CreateCompatibleBitmap
0x474ce4 CreateBrushIndirect
0x474ce8 CreateBitmap
0x474cec CopyEnhMetaFileA
0x474cf0 ChoosePixelFormat
0x474cf4 BitBlt
version.dll
0x474cfc VerQueryValueA
0x474d00 GetFileVersionInfoSizeA
0x474d04 GetFileVersionInfoA
kernel32.dll
0x474d0c lstrcpyA
0x474d10 WriteFile
0x474d14 WaitForSingleObject
0x474d18 VirtualQuery
0x474d1c VirtualProtect
0x474d20 VirtualAlloc
0x474d24 SizeofResource
0x474d28 SetThreadLocale
0x474d2c SetFilePointer
0x474d30 SetEvent
0x474d34 SetErrorMode
0x474d38 SetEndOfFile
0x474d3c ResetEvent
0x474d40 ReadFile
0x474d44 MulDiv
0x474d48 LockResource
0x474d4c LoadResource
0x474d50 LoadLibraryA
0x474d54 LeaveCriticalSection
0x474d58 InitializeCriticalSection
0x474d5c GlobalFindAtomA
0x474d60 GlobalDeleteAtom
0x474d64 GlobalAddAtomA
0x474d68 GetVersionExA
0x474d6c GetVersion
0x474d70 GetTickCount
0x474d74 GetThreadLocale
0x474d78 GetStdHandle
0x474d7c GetProcAddress
0x474d80 GetModuleHandleA
0x474d84 GetModuleFileNameA
0x474d88 GetLocaleInfoA
0x474d8c GetLocalTime
0x474d90 GetLastError
0x474d94 GetFullPathNameA
0x474d98 GetFileAttributesA
0x474d9c GetDiskFreeSpaceA
0x474da0 GetDateFormatA
0x474da4 GetCurrentThreadId
0x474da8 GetCurrentProcessId
0x474dac GetCPInfo
0x474db0 FreeResource
0x474db4 InterlockedExchange
0x474db8 FreeLibrary
0x474dbc FormatMessageA
0x474dc0 FindResourceA
0x474dc4 EnumCalendarInfoA
0x474dc8 EnterCriticalSection
0x474dcc DeleteCriticalSection
0x474dd0 CreateThread
0x474dd4 CreateFileA
0x474dd8 CreateEventA
0x474ddc CompareStringA
0x474de0 CloseHandle
advapi32.dll
0x474de8 RegQueryValueExA
0x474dec RegOpenKeyExA
0x474df0 RegFlushKey
0x474df4 RegCloseKey
glu32.dll
0x474dfc gluPerspective
opengl32.dll
0x474e04 glViewport
0x474e08 glVertex3f
0x474e0c glTranslatef
0x474e10 glTexParameteri
0x474e14 glTexEnvi
0x474e18 glTexCoord2f
0x474e1c glShadeModel
0x474e20 glRotatef
0x474e24 glNormal3f
0x474e28 glNewList
0x474e2c glMatrixMode
0x474e30 glLoadIdentity
0x474e34 glHint
0x474e38 glGenLists
0x474e3c glEndList
0x474e40 glEnd
0x474e44 glEnable
0x474e48 glDepthFunc
0x474e4c glClearDepth
0x474e50 glClearColor
0x474e54 glClear
0x474e58 glCallList
0x474e5c glBegin
kernel32.dll
0x474e64 Sleep
oleaut32.dll
0x474e6c SafeArrayPtrOfIndex
0x474e70 SafeArrayGetUBound
0x474e74 SafeArrayGetLBound
0x474e78 SafeArrayCreate
0x474e7c VariantChangeType
0x474e80 VariantCopy
0x474e84 VariantClear
0x474e88 VariantInit
opengl32.dll
0x474e90 glBindTexture
0x474e94 glGenTextures
glu32.dll
0x474e9c gluBuild2DMipmaps
comctl32.dll
0x474ea4 _TrackMouseEvent
0x474ea8 ImageList_SetIconSize
0x474eac ImageList_GetIconSize
0x474eb0 ImageList_Write
0x474eb4 ImageList_Read
0x474eb8 ImageList_DragShowNolock
0x474ebc ImageList_DragMove
0x474ec0 ImageList_DragLeave
0x474ec4 ImageList_DragEnter
0x474ec8 ImageList_EndDrag
0x474ecc ImageList_BeginDrag
0x474ed0 ImageList_Remove
0x474ed4 ImageList_DrawEx
0x474ed8 ImageList_Draw
0x474edc ImageList_GetBkColor
0x474ee0 ImageList_SetBkColor
0x474ee4 ImageList_Add
0x474ee8 ImageList_GetImageCount
0x474eec ImageList_Destroy
0x474ef0 ImageList_Create
opengl32.dll
0x474ef8 glBindTexture

EAT(Export Address Table) is none

Report - vbc.exe

Signature (18cnts)

Rules (4cnts)

Network (29cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure