Report - ZeroBOX

ScreenShot

Info
Location map


Created	2021.08.17 10:01	Machine	s1_win7_x6402
Filename	vbc.exe
Type	PE32 executable (GUI) Intel 80386, for MS Windows
AI Score	8	Behavior Score	3.8
ZERO API	file : malware
VT API (file)	45 detected (AIDetect, malware2, Remcos, malicious, high confidence, Banker1, GenericKD, ZelphiF, ZGX@aqrmlhfi, Delf, EZVQ, Attribute, HighConfidence, EPYM, RATX, Hroz, whmsn, Fareit, Static AI, Malicious PE, Unsafe, Score, 100%, ai score=83, WL4XDQ, GenericRXAA, R06CH07HG21, Generic@ML, RDML, GAkzn9YQV6JqBROYqbS6Qg, Outbreak, susgen, confidence, HwUBTlsA)
md5	2e11cb22fcff3e1fbf803fea30380e75
sha256	fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
ssdeep	12288:WhxUck0fyI/Xv94r0umLKC+pvbIAsrxPz+o8wccO:WhGdkF4r0uvnDIFpP6
imphash	1abe4551dd4f8ef04deab38d0027e326
impfuzzy	192:P3hnf1sT1/ibuuaxSUvK9y3oaqEho7CPbOQw5:P3J1sGaq9/OPbOQk

Network IP location

Signature (9cnts)

Level	Description
danger	File has been identified by 45 AntiVirus engines on VirusTotal as malicious
watch	Network activity contains more than one unique useragent
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Performs some HTTP requests
notice	The binary likely contains encrypted or compressed data indicative of a packer
info	One or more processes crashed
info	The executable contains unknown PE section names indicative of a packer (could be a false positive)
info	The executable uses a known packer
info	The file contains an unknown PE resource name possibly indicative of a packer

Rules (4cnts)

Level	Name	Description	Collection
watch	Malicious_Library_Zero	Malicious_Library	binaries (upload)
watch	UPX_Zero	UPX packed file	binaries (upload)
info	IsPE32	(no description)	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (upload)

Network (3cnts) ?

Request	IP4	ZERO ?
https://cdn.discordapp.com/attachments/872498603363536989/876731431555059753/Zmlkqojaxmhcbtpljtjnfjssfmlwqrp whois	162.159.129.233	clean
cdn.discordapp.com whois	162.159.133.233	malware
162.159.129.233 whois	162.159.129.233	malware

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
0x48b154 DeleteCriticalSection
0x48b158 LeaveCriticalSection
0x48b15c EnterCriticalSection
0x48b160 InitializeCriticalSection
0x48b164 VirtualFree
0x48b168 VirtualAlloc
0x48b16c LocalFree
0x48b170 LocalAlloc
0x48b174 GetVersion
0x48b178 GetCurrentThreadId
0x48b17c InterlockedDecrement
0x48b180 InterlockedIncrement
0x48b184 VirtualQuery
0x48b188 WideCharToMultiByte
0x48b18c MultiByteToWideChar
0x48b190 lstrlenA
0x48b194 lstrcpynA
0x48b198 LoadLibraryExA
0x48b19c GetThreadLocale
0x48b1a0 GetStartupInfoA
0x48b1a4 GetProcAddress
0x48b1a8 GetModuleHandleA
0x48b1ac GetModuleFileNameA
0x48b1b0 GetLocaleInfoA
0x48b1b4 GetLastError
0x48b1b8 GetCommandLineA
0x48b1bc FreeLibrary
0x48b1c0 FindFirstFileA
0x48b1c4 FindClose
0x48b1c8 ExitProcess
0x48b1cc WriteFile
0x48b1d0 UnhandledExceptionFilter
0x48b1d4 SetFilePointer
0x48b1d8 SetEndOfFile
0x48b1dc RtlUnwind
0x48b1e0 ReadFile
0x48b1e4 RaiseException
0x48b1e8 GetStdHandle
0x48b1ec GetFileSize
0x48b1f0 GetFileType
0x48b1f4 CreateFileA
0x48b1f8 CloseHandle
user32.dll
0x48b200 GetKeyboardType
0x48b204 LoadStringA
0x48b208 MessageBoxA
0x48b20c CharNextA
advapi32.dll
0x48b214 RegQueryValueExA
0x48b218 RegOpenKeyExA
0x48b21c RegCloseKey
oleaut32.dll
0x48b224 SysFreeString
0x48b228 SysReAllocStringLen
0x48b22c SysAllocStringLen
kernel32.dll
0x48b234 TlsSetValue
0x48b238 TlsGetValue
0x48b23c LocalAlloc
0x48b240 GetModuleHandleA
advapi32.dll
0x48b248 RegQueryValueExA
0x48b24c RegOpenKeyExA
0x48b250 RegCloseKey
kernel32.dll
0x48b258 lstrcpyA
0x48b25c WriteFile
0x48b260 WaitForSingleObject
0x48b264 VirtualQuery
0x48b268 VirtualProtect
0x48b26c VirtualAlloc
0x48b270 Sleep
0x48b274 SizeofResource
0x48b278 SetThreadLocale
0x48b27c SetFilePointer
0x48b280 SetEvent
0x48b284 SetErrorMode
0x48b288 SetEndOfFile
0x48b28c ResetEvent
0x48b290 ReadFile
0x48b294 MultiByteToWideChar
0x48b298 MulDiv
0x48b29c LockResource
0x48b2a0 LoadResource
0x48b2a4 LoadLibraryA
0x48b2a8 LeaveCriticalSection
0x48b2ac InitializeCriticalSection
0x48b2b0 GlobalUnlock
0x48b2b4 GlobalSize
0x48b2b8 GlobalReAlloc
0x48b2bc GlobalHandle
0x48b2c0 GlobalLock
0x48b2c4 GlobalFree
0x48b2c8 GlobalFindAtomA
0x48b2cc GlobalDeleteAtom
0x48b2d0 GlobalAlloc
0x48b2d4 GlobalAddAtomA
0x48b2d8 GetVersionExA
0x48b2dc GetVersion
0x48b2e0 GetUserDefaultLCID
0x48b2e4 GetTickCount
0x48b2e8 GetThreadLocale
0x48b2ec GetSystemInfo
0x48b2f0 GetStringTypeExA
0x48b2f4 GetStdHandle
0x48b2f8 GetProcAddress
0x48b2fc GetModuleHandleA
0x48b300 GetModuleFileNameA
0x48b304 GetLocaleInfoA
0x48b308 GetLocalTime
0x48b30c GetLastError
0x48b310 GetFullPathNameA
0x48b314 GetDiskFreeSpaceA
0x48b318 GetDateFormatA
0x48b31c GetCurrentThreadId
0x48b320 GetCurrentProcessId
0x48b324 GetComputerNameA
0x48b328 GetCPInfo
0x48b32c GetACP
0x48b330 FreeResource
0x48b334 InterlockedExchange
0x48b338 FreeLibrary
0x48b33c FormatMessageA
0x48b340 FindResourceA
0x48b344 FindFirstFileA
0x48b348 FindClose
0x48b34c FileTimeToLocalFileTime
0x48b350 FileTimeToDosDateTime
0x48b354 EnumCalendarInfoA
0x48b358 EnterCriticalSection
0x48b35c DeleteFileA
0x48b360 DeleteCriticalSection
0x48b364 CreateThread
0x48b368 CreateFileA
0x48b36c CreateEventA
0x48b370 CompareStringA
0x48b374 CloseHandle
version.dll
0x48b37c VerQueryValueA
0x48b380 GetFileVersionInfoSizeA
0x48b384 GetFileVersionInfoA
gdi32.dll
0x48b38c UnrealizeObject
0x48b390 StretchBlt
0x48b394 SetWindowOrgEx
0x48b398 SetWinMetaFileBits
0x48b39c SetViewportOrgEx
0x48b3a0 SetTextColor
0x48b3a4 SetStretchBltMode
0x48b3a8 SetROP2
0x48b3ac SetPixel
0x48b3b0 SetEnhMetaFileBits
0x48b3b4 SetDIBColorTable
0x48b3b8 SetBrushOrgEx
0x48b3bc SetBkMode
0x48b3c0 SetBkColor
0x48b3c4 SelectPalette
0x48b3c8 SelectObject
0x48b3cc SaveDC
0x48b3d0 RestoreDC
0x48b3d4 Rectangle
0x48b3d8 RectVisible
0x48b3dc RealizePalette
0x48b3e0 Polyline
0x48b3e4 Polygon
0x48b3e8 PlayEnhMetaFile
0x48b3ec PatBlt
0x48b3f0 MoveToEx
0x48b3f4 MaskBlt
0x48b3f8 LineTo
0x48b3fc IntersectClipRect
0x48b400 GetWindowOrgEx
0x48b404 GetWinMetaFileBits
0x48b408 GetTextMetricsA
0x48b40c GetTextExtentPointA
0x48b410 GetTextExtentPoint32A
0x48b414 GetSystemPaletteEntries
0x48b418 GetStockObject
0x48b41c GetPixel
0x48b420 GetPaletteEntries
0x48b424 GetObjectA
0x48b428 GetEnhMetaFilePaletteEntries
0x48b42c GetEnhMetaFileHeader
0x48b430 GetEnhMetaFileDescriptionA
0x48b434 GetEnhMetaFileBits
0x48b438 GetDeviceCaps
0x48b43c GetDIBits
0x48b440 GetDIBColorTable
0x48b444 GetDCOrgEx
0x48b448 GetCurrentPositionEx
0x48b44c GetClipBox
0x48b450 GetBrushOrgEx
0x48b454 GetBitmapBits
0x48b458 GdiFlush
0x48b45c ExcludeClipRect
0x48b460 DeleteObject
0x48b464 DeleteEnhMetaFile
0x48b468 DeleteDC
0x48b46c CreateSolidBrush
0x48b470 CreatePenIndirect
0x48b474 CreatePalette
0x48b478 CreateHalftonePalette
0x48b47c CreateFontIndirectA
0x48b480 CreateEnhMetaFileA
0x48b484 CreateDIBitmap
0x48b488 CreateDIBSection
0x48b48c CreateCompatibleDC
0x48b490 CreateCompatibleBitmap
0x48b494 CreateBrushIndirect
0x48b498 CreateBitmap
0x48b49c CopyEnhMetaFileA
0x48b4a0 CloseEnhMetaFile
0x48b4a4 BitBlt
user32.dll
0x48b4ac CreateWindowExA
0x48b4b0 WindowFromPoint
0x48b4b4 WinHelpA
0x48b4b8 WaitMessage
0x48b4bc UpdateWindow
0x48b4c0 UnregisterClassA
0x48b4c4 UnhookWindowsHookEx
0x48b4c8 TranslateMessage
0x48b4cc TranslateMDISysAccel
0x48b4d0 TrackPopupMenu
0x48b4d4 SystemParametersInfoA
0x48b4d8 ShowWindow
0x48b4dc ShowScrollBar
0x48b4e0 ShowOwnedPopups
0x48b4e4 ShowCursor
0x48b4e8 ShowCaret
0x48b4ec SetWindowsHookExA
0x48b4f0 SetWindowTextA
0x48b4f4 SetWindowPos
0x48b4f8 SetWindowPlacement
0x48b4fc SetWindowLongA
0x48b500 SetTimer
0x48b504 SetScrollRange
0x48b508 SetScrollPos
0x48b50c SetScrollInfo
0x48b510 SetRect
0x48b514 SetPropA
0x48b518 SetParent
0x48b51c SetMenuItemInfoA
0x48b520 SetMenu
0x48b524 SetForegroundWindow
0x48b528 SetFocus
0x48b52c SetCursor
0x48b530 SetClipboardData
0x48b534 SetClassLongA
0x48b538 SetCapture
0x48b53c SetActiveWindow
0x48b540 SendMessageA
0x48b544 ScrollWindow
0x48b548 ScreenToClient
0x48b54c RemovePropA
0x48b550 RemoveMenu
0x48b554 ReleaseDC
0x48b558 ReleaseCapture
0x48b55c RegisterWindowMessageA
0x48b560 RegisterClipboardFormatA
0x48b564 RegisterClassA
0x48b568 RedrawWindow
0x48b56c PtInRect
0x48b570 PostQuitMessage
0x48b574 PostMessageA
0x48b578 PeekMessageA
0x48b57c OpenClipboard
0x48b580 OffsetRect
0x48b584 OemToCharA
0x48b588 MessageBoxA
0x48b58c MessageBeep
0x48b590 MapWindowPoints
0x48b594 MapVirtualKeyA
0x48b598 LoadStringA
0x48b59c LoadKeyboardLayoutA
0x48b5a0 LoadIconA
0x48b5a4 LoadCursorA
0x48b5a8 LoadBitmapA
0x48b5ac KillTimer
0x48b5b0 IsZoomed
0x48b5b4 IsWindowVisible
0x48b5b8 IsWindowEnabled
0x48b5bc IsWindow
0x48b5c0 IsRectEmpty
0x48b5c4 IsIconic
0x48b5c8 IsDialogMessageA
0x48b5cc IsChild
0x48b5d0 InvalidateRect
0x48b5d4 IntersectRect
0x48b5d8 InsertMenuItemA
0x48b5dc InsertMenuA
0x48b5e0 InflateRect
0x48b5e4 HideCaret
0x48b5e8 GetWindowThreadProcessId
0x48b5ec GetWindowTextA
0x48b5f0 GetWindowRect
0x48b5f4 GetWindowPlacement
0x48b5f8 GetWindowLongA
0x48b5fc GetWindowDC
0x48b600 GetTopWindow
0x48b604 GetSystemMetrics
0x48b608 GetSystemMenu
0x48b60c GetSysColorBrush
0x48b610 GetSysColor
0x48b614 GetSubMenu
0x48b618 GetScrollRange
0x48b61c GetScrollPos
0x48b620 GetScrollInfo
0x48b624 GetPropA
0x48b628 GetParent
0x48b62c GetWindow
0x48b630 GetMessageTime
0x48b634 GetMenuStringA
0x48b638 GetMenuState
0x48b63c GetMenuItemInfoA
0x48b640 GetMenuItemID
0x48b644 GetMenuItemCount
0x48b648 GetMenu
0x48b64c GetLastActivePopup
0x48b650 GetKeyboardState
0x48b654 GetKeyboardLayoutList
0x48b658 GetKeyboardLayout
0x48b65c GetKeyState
0x48b660 GetKeyNameTextA
0x48b664 GetIconInfo
0x48b668 GetForegroundWindow
0x48b66c GetFocus
0x48b670 GetDesktopWindow
0x48b674 GetDCEx
0x48b678 GetDC
0x48b67c GetCursorPos
0x48b680 GetCursor
0x48b684 GetClipboardData
0x48b688 GetClientRect
0x48b68c GetClassNameA
0x48b690 GetClassInfoA
0x48b694 GetCapture
0x48b698 GetActiveWindow
0x48b69c FrameRect
0x48b6a0 FindWindowA
0x48b6a4 FillRect
0x48b6a8 EqualRect
0x48b6ac EnumWindows
0x48b6b0 EnumThreadWindows
0x48b6b4 EndPaint
0x48b6b8 EnableWindow
0x48b6bc EnableScrollBar
0x48b6c0 EnableMenuItem
0x48b6c4 EmptyClipboard
0x48b6c8 DrawTextA
0x48b6cc DrawStateA
0x48b6d0 DrawMenuBar
0x48b6d4 DrawIconEx
0x48b6d8 DrawIcon
0x48b6dc DrawFrameControl
0x48b6e0 DrawFocusRect
0x48b6e4 DrawEdge
0x48b6e8 DispatchMessageA
0x48b6ec DestroyWindow
0x48b6f0 DestroyMenu
0x48b6f4 DestroyIcon
0x48b6f8 DestroyCursor
0x48b6fc DeleteMenu
0x48b700 DefWindowProcA
0x48b704 DefMDIChildProcA
0x48b708 DefFrameProcA
0x48b70c CreatePopupMenu
0x48b710 CreateMenu
0x48b714 CreateIcon
0x48b718 CloseClipboard
0x48b71c ClientToScreen
0x48b720 CheckMenuItem
0x48b724 CallWindowProcA
0x48b728 CallNextHookEx
0x48b72c BeginPaint
0x48b730 CharNextA
0x48b734 CharLowerBuffA
0x48b738 CharLowerA
0x48b73c CharUpperBuffA
0x48b740 CharToOemA
0x48b744 AdjustWindowRectEx
0x48b748 ActivateKeyboardLayout
kernel32.dll
0x48b750 Sleep
oleaut32.dll
0x48b758 SafeArrayPtrOfIndex
0x48b75c SafeArrayPutElement
0x48b760 SafeArrayGetElement
0x48b764 SafeArrayUnaccessData
0x48b768 SafeArrayAccessData
0x48b76c SafeArrayGetUBound
0x48b770 SafeArrayGetLBound
0x48b774 SafeArrayCreate
0x48b778 VariantChangeType
0x48b77c VariantCopyInd
0x48b780 VariantCopy
0x48b784 VariantClear
0x48b788 VariantInit
ole32.dll
0x48b790 CreateStreamOnHGlobal
0x48b794 IsAccelerator
0x48b798 OleDraw
0x48b79c OleSetMenuDescriptor
0x48b7a0 CoTaskMemFree
0x48b7a4 ProgIDFromCLSID
0x48b7a8 StringFromCLSID
0x48b7ac CoCreateInstance
0x48b7b0 CoGetClassObject
0x48b7b4 CoUninitialize
0x48b7b8 CoInitialize
0x48b7bc IsEqualGUID
oleaut32.dll
0x48b7c4 GetErrorInfo
0x48b7c8 GetActiveObject
0x48b7cc SysFreeString
comctl32.dll
0x48b7d4 ImageList_SetIconSize
0x48b7d8 ImageList_GetIconSize
0x48b7dc ImageList_Write
0x48b7e0 ImageList_Read
0x48b7e4 ImageList_GetDragImage
0x48b7e8 ImageList_DragShowNolock
0x48b7ec ImageList_SetDragCursorImage
0x48b7f0 ImageList_DragMove
0x48b7f4 ImageList_DragLeave
0x48b7f8 ImageList_DragEnter
0x48b7fc ImageList_EndDrag
0x48b800 ImageList_BeginDrag
0x48b804 ImageList_Remove
0x48b808 ImageList_DrawEx
0x48b80c ImageList_Replace
0x48b810 ImageList_Draw
0x48b814 ImageList_GetBkColor
0x48b818 ImageList_SetBkColor
0x48b81c ImageList_ReplaceIcon
0x48b820 ImageList_Add
0x48b824 ImageList_SetImageCount
0x48b828 ImageList_GetImageCount
0x48b82c ImageList_Destroy
0x48b830 ImageList_Create
winmm.dll
0x48b838 sndPlaySoundA

EAT(Export Address Table) is none

Report - vbc.exe

Signature (9cnts)

Rules (4cnts)

Network (3cnts) ?

Suricata ids

PE API

Similarity measure (PE file only) - Checking for service failure