ScreenShot
| Created | 2021.08.18 11:41 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 25 detected (malicious, high confidence, Razy, Artemis, Unsafe, Eldorado, Kryptik, HMCV, Noon, FileRepMetagen, CLASSIC, DownLoader41, kcloud, score, ZexaF, CCZ@am@wUAni, ai score=80, BScope, QVM20) | ||
| md5 | e52bb3fd16b1b414bfef8462c4091b3b | ||
| sha256 | 33bfe1bb962c7e2fb6653cad9a0826c87931d2faa8c1d05f8d2ff4a7dfa339ce | ||
| ssdeep | 6144:EdzkwTata6GOw94Jl/e5I7wjmzCcOeHt6OOwAHT+pATwyElL5DbyGowb1U3V8r61:WPT0m4G5I7wjmn6KHp8wVLBy3US18xSL | ||
| imphash | e9aef503b3e4a8eb831af674be5da9e3 | ||
| impfuzzy | 48:UfXXORCt79/x3on1YoHzhrOolshYsRgR4Q9GjuNsR/d3:gX+Ct75Wn1YOhrOolshuYd3 | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Terminates another process |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x4370d0 CloseHandle
0x4370d4 CompareStringW
0x4370d8 CopyFileW
0x4370dc CreateDirectoryW
0x4370e0 CreateFileW
0x4370e4 CreateHardLinkW
0x4370e8 CreateProcessW
0x4370ec CreateSymbolicLinkW
0x4370f0 DecodePointer
0x4370f4 DeleteCriticalSection
0x4370f8 DeleteFileW
0x4370fc DuplicateHandle
0x437100 EnterCriticalSection
0x437104 ExitProcess
0x437108 ExpandEnvironmentStringsW
0x43710c FileTimeToLocalFileTime
0x437110 FileTimeToSystemTime
0x437114 FillConsoleOutputAttribute
0x437118 FillConsoleOutputCharacterW
0x43711c FindClose
0x437120 FindFirstFileExW
0x437124 FindFirstFileW
0x437128 FindNextFileW
0x43712c FlushFileBuffers
0x437130 FormatMessageW
0x437134 FreeEnvironmentStringsW
0x437138 FreeLibrary
0x43713c GetACP
0x437140 GetCPInfo
0x437144 GetCommandLineA
0x437148 GetCommandLineW
0x43714c GetConsoleCP
0x437150 GetConsoleMode
0x437154 GetConsoleOutputCP
0x437158 GetConsoleScreenBufferInfo
0x43715c GetCurrentDirectoryW
0x437160 GetCurrentProcess
0x437164 GetCurrentProcessId
0x437168 GetCurrentThreadId
0x43716c GetDateFormatW
0x437170 GetDiskFreeSpaceExW
0x437174 GetEnvironmentStringsW
0x437178 GetEnvironmentVariableW
0x43717c GetExitCodeProcess
0x437180 GetFileAttributesExW
0x437184 GetFileAttributesW
0x437188 GetFileInformationByHandle
0x43718c GetFileType
0x437190 GetFullPathNameW
0x437194 GetLastError
0x437198 GetLocalTime
0x43719c GetModuleFileNameW
0x4371a0 GetModuleHandleExW
0x4371a4 GetModuleHandleW
0x4371a8 GetOEMCP
0x4371ac GetProcAddress
0x4371b0 GetProcessHeap
0x4371b4 GetShortPathNameW
0x4371b8 GetStartupInfoW
0x4371bc GetStdHandle
0x4371c0 GetStringTypeW
0x4371c4 GetSystemDirectoryW
0x4371c8 GetSystemTimeAsFileTime
0x4371cc GetTempFileNameW
0x4371d0 GetTempPathW
0x4371d4 GetTimeFormatW
0x4371d8 GetVolumeInformationW
0x4371dc GetWindowsDirectoryW
0x4371e0 HeapAlloc
0x4371e4 HeapFree
0x4371e8 HeapReAlloc
0x4371ec HeapSize
0x4371f0 InitializeCriticalSectionAndSpinCount
0x4371f4 InitializeSListHead
0x4371f8 IsDebuggerPresent
0x4371fc IsProcessorFeaturePresent
0x437200 IsValidCodePage
0x437204 LCMapStringW
0x437208 LeaveCriticalSection
0x43720c LoadLibraryExW
0x437210 LocalAlloc
0x437214 LocalFree
0x437218 MoveFileExW
0x43721c MoveFileW
0x437220 MultiByteToWideChar
0x437224 QueryPerformanceCounter
0x437228 RaiseException
0x43722c ReadConsoleW
0x437230 ReadFile
0x437234 RemoveDirectoryW
0x437238 RtlUnwind
0x43723c SearchPathW
0x437240 SetConsoleCursorPosition
0x437244 SetConsoleMode
0x437248 SetConsoleTextAttribute
0x43724c SetConsoleTitleW
0x437250 SetCurrentDirectoryW
0x437254 SetEnvironmentVariableW
0x437258 SetFileAttributesW
0x43725c SetFilePointer
0x437260 SetFilePointerEx
0x437264 SetLastError
0x437268 SetStdHandle
0x43726c SetUnhandledExceptionFilter
0x437270 SetVolumeLabelW
0x437274 TerminateProcess
0x437278 TlsAlloc
0x43727c TlsFree
0x437280 TlsGetValue
0x437284 TlsSetValue
0x437288 UnhandledExceptionFilter
0x43728c WaitForSingleObject
0x437290 WideCharToMultiByte
0x437294 WriteConsoleW
0x437298 WriteFile
0x43729c lstrcatW
0x4372a0 lstrcmpW
0x4372a4 lstrcmpiW
0x4372a8 lstrcpyW
0x4372ac lstrcpynW
0x4372b0 lstrlenW
USER32.dll
0x4372b8 CharNextExA
0x4372bc CharUpperBuffW
0x4372c0 GetDC
0x4372c4 GrayStringA
0x4372c8 IsCharAlphaNumericW
0x4372cc IsCharAlphaW
0x4372d0 LoadStringW
0x4372d4 MessageBoxA
0x4372d8 wsprintfW
SHELL32.dll
0x4372e0 FindExecutableW
0x4372e4 SHFileOperationW
0x4372e8 SHGetFileInfoW
ADVAPI32.dll
0x4372f0 GetFileSecurityW
0x4372f4 GetSecurityDescriptorOwner
0x4372f8 LookupAccountSidW
0x4372fc RegCloseKey
0x437300 RegCreateKeyExW
0x437304 RegDeleteKeyW
0x437308 RegEnumKeyExW
0x43730c RegOpenKeyExW
0x437310 RegQueryValueExW
0x437314 RegSetValueExW
EAT(Export Address Table) is none
KERNEL32.dll
0x4370d0 CloseHandle
0x4370d4 CompareStringW
0x4370d8 CopyFileW
0x4370dc CreateDirectoryW
0x4370e0 CreateFileW
0x4370e4 CreateHardLinkW
0x4370e8 CreateProcessW
0x4370ec CreateSymbolicLinkW
0x4370f0 DecodePointer
0x4370f4 DeleteCriticalSection
0x4370f8 DeleteFileW
0x4370fc DuplicateHandle
0x437100 EnterCriticalSection
0x437104 ExitProcess
0x437108 ExpandEnvironmentStringsW
0x43710c FileTimeToLocalFileTime
0x437110 FileTimeToSystemTime
0x437114 FillConsoleOutputAttribute
0x437118 FillConsoleOutputCharacterW
0x43711c FindClose
0x437120 FindFirstFileExW
0x437124 FindFirstFileW
0x437128 FindNextFileW
0x43712c FlushFileBuffers
0x437130 FormatMessageW
0x437134 FreeEnvironmentStringsW
0x437138 FreeLibrary
0x43713c GetACP
0x437140 GetCPInfo
0x437144 GetCommandLineA
0x437148 GetCommandLineW
0x43714c GetConsoleCP
0x437150 GetConsoleMode
0x437154 GetConsoleOutputCP
0x437158 GetConsoleScreenBufferInfo
0x43715c GetCurrentDirectoryW
0x437160 GetCurrentProcess
0x437164 GetCurrentProcessId
0x437168 GetCurrentThreadId
0x43716c GetDateFormatW
0x437170 GetDiskFreeSpaceExW
0x437174 GetEnvironmentStringsW
0x437178 GetEnvironmentVariableW
0x43717c GetExitCodeProcess
0x437180 GetFileAttributesExW
0x437184 GetFileAttributesW
0x437188 GetFileInformationByHandle
0x43718c GetFileType
0x437190 GetFullPathNameW
0x437194 GetLastError
0x437198 GetLocalTime
0x43719c GetModuleFileNameW
0x4371a0 GetModuleHandleExW
0x4371a4 GetModuleHandleW
0x4371a8 GetOEMCP
0x4371ac GetProcAddress
0x4371b0 GetProcessHeap
0x4371b4 GetShortPathNameW
0x4371b8 GetStartupInfoW
0x4371bc GetStdHandle
0x4371c0 GetStringTypeW
0x4371c4 GetSystemDirectoryW
0x4371c8 GetSystemTimeAsFileTime
0x4371cc GetTempFileNameW
0x4371d0 GetTempPathW
0x4371d4 GetTimeFormatW
0x4371d8 GetVolumeInformationW
0x4371dc GetWindowsDirectoryW
0x4371e0 HeapAlloc
0x4371e4 HeapFree
0x4371e8 HeapReAlloc
0x4371ec HeapSize
0x4371f0 InitializeCriticalSectionAndSpinCount
0x4371f4 InitializeSListHead
0x4371f8 IsDebuggerPresent
0x4371fc IsProcessorFeaturePresent
0x437200 IsValidCodePage
0x437204 LCMapStringW
0x437208 LeaveCriticalSection
0x43720c LoadLibraryExW
0x437210 LocalAlloc
0x437214 LocalFree
0x437218 MoveFileExW
0x43721c MoveFileW
0x437220 MultiByteToWideChar
0x437224 QueryPerformanceCounter
0x437228 RaiseException
0x43722c ReadConsoleW
0x437230 ReadFile
0x437234 RemoveDirectoryW
0x437238 RtlUnwind
0x43723c SearchPathW
0x437240 SetConsoleCursorPosition
0x437244 SetConsoleMode
0x437248 SetConsoleTextAttribute
0x43724c SetConsoleTitleW
0x437250 SetCurrentDirectoryW
0x437254 SetEnvironmentVariableW
0x437258 SetFileAttributesW
0x43725c SetFilePointer
0x437260 SetFilePointerEx
0x437264 SetLastError
0x437268 SetStdHandle
0x43726c SetUnhandledExceptionFilter
0x437270 SetVolumeLabelW
0x437274 TerminateProcess
0x437278 TlsAlloc
0x43727c TlsFree
0x437280 TlsGetValue
0x437284 TlsSetValue
0x437288 UnhandledExceptionFilter
0x43728c WaitForSingleObject
0x437290 WideCharToMultiByte
0x437294 WriteConsoleW
0x437298 WriteFile
0x43729c lstrcatW
0x4372a0 lstrcmpW
0x4372a4 lstrcmpiW
0x4372a8 lstrcpyW
0x4372ac lstrcpynW
0x4372b0 lstrlenW
USER32.dll
0x4372b8 CharNextExA
0x4372bc CharUpperBuffW
0x4372c0 GetDC
0x4372c4 GrayStringA
0x4372c8 IsCharAlphaNumericW
0x4372cc IsCharAlphaW
0x4372d0 LoadStringW
0x4372d4 MessageBoxA
0x4372d8 wsprintfW
SHELL32.dll
0x4372e0 FindExecutableW
0x4372e4 SHFileOperationW
0x4372e8 SHGetFileInfoW
ADVAPI32.dll
0x4372f0 GetFileSecurityW
0x4372f4 GetSecurityDescriptorOwner
0x4372f8 LookupAccountSidW
0x4372fc RegCloseKey
0x437300 RegCreateKeyExW
0x437304 RegDeleteKeyW
0x437308 RegEnumKeyExW
0x43730c RegOpenKeyExW
0x437310 RegQueryValueExW
0x437314 RegSetValueExW
EAT(Export Address Table) is none