ScreenShot
| Created | 2021.08.23 19:18 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (Androm, Malicious, score, Artemis, Save, Attribute, HighConfidence, GenKryptik, FJKE, PWSX, ZPACK, Gen2, Phonzy, AgentTesla, R002H07HN21, Kryptik, CLASSIC, Static AI, Suspicious PE, confidence, 100%) | ||
| md5 | 162c0de193b3ba1d3f873bb06a8bdd60 | ||
| sha256 | 672bfd2ee1ff418a1d0a969c4a8e548a359a389f31c12a720feb7b821975f8a5 | ||
| ssdeep | 12288:3g8tD+p1h79i/DdVedE5fJD7uwkWPs6BJirF2kMsBtJ:3gwVDdcE5fJ02mAsBv | ||
| imphash | bf08a978649b718b66012803a6d17e5b | ||
| impfuzzy | 24:SOTExjC/rZDo2euMMUgS1jtq6bJnc+plvCREOovDguZHuqu93vFZcyWPukTFwkgm:FdDusS1jtq6lc+pId3FZD0u2/gmr | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Terminates another process |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x440000 GetStdHandle
0x440004 GetCommandLineW
0x440008 WriteFile
0x44000c GetLastError
0x440010 HeapAlloc
0x440014 HeapFree
0x440018 GetProcessHeap
0x44001c WaitForSingleObject
0x440020 GetCurrentProcess
0x440024 ExitProcess
0x440028 GetExitCodeProcess
0x44002c CreateProcessW
0x440030 GetWindowsDirectoryW
0x440034 IsWow64Process
0x440038 FreeLibrary
0x44003c GetModuleHandleW
0x440040 GetProcAddress
0x440044 LoadLibraryExW
0x440048 LoadLibraryA
0x44004c LocalFree
0x440050 GetBinaryTypeW
0x440054 lstrlenW
0x440058 WideCharToMultiByte
0x44005c EnumTimeFormatsW
0x440060 GetConsoleOutputCP
0x440064 WriteConsoleW
0x440068 CloseHandle
0x44006c CreateFileW
0x440070 SetFilePointerEx
0x440074 GetConsoleMode
0x440078 GetConsoleCP
0x44007c FlushFileBuffers
0x440080 HeapReAlloc
0x440084 QueryPerformanceCounter
0x440088 GetCurrentProcessId
0x44008c GetCurrentThreadId
0x440090 GetSystemTimeAsFileTime
0x440094 InitializeSListHead
0x440098 IsDebuggerPresent
0x44009c UnhandledExceptionFilter
0x4400a0 SetUnhandledExceptionFilter
0x4400a4 GetStartupInfoW
0x4400a8 IsProcessorFeaturePresent
0x4400ac TerminateProcess
0x4400b0 InterlockedPushEntrySList
0x4400b4 InterlockedFlushSList
0x4400b8 RtlUnwind
0x4400bc SetLastError
0x4400c0 EnterCriticalSection
0x4400c4 LeaveCriticalSection
0x4400c8 DeleteCriticalSection
0x4400cc InitializeCriticalSectionAndSpinCount
0x4400d0 TlsAlloc
0x4400d4 TlsGetValue
0x4400d8 TlsSetValue
0x4400dc TlsFree
0x4400e0 EncodePointer
0x4400e4 RaiseException
0x4400e8 GetModuleFileNameW
0x4400ec GetModuleFileNameA
0x4400f0 MultiByteToWideChar
0x4400f4 GetModuleHandleExW
0x4400f8 GetCommandLineA
0x4400fc GetACP
0x440100 GetCurrentThread
0x440104 FindClose
0x440108 FindFirstFileExA
0x44010c FindFirstFileExW
0x440110 FindNextFileA
0x440114 FindNextFileW
0x440118 IsValidCodePage
0x44011c GetOEMCP
0x440120 GetCPInfo
0x440124 GetEnvironmentStringsW
0x440128 FreeEnvironmentStringsW
0x44012c SetEnvironmentVariableA
0x440130 SetEnvironmentVariableW
0x440134 SetStdHandle
0x440138 GetFileType
0x44013c GetStringTypeW
0x440140 GetLocaleInfoW
0x440144 IsValidLocale
0x440148 GetUserDefaultLCID
0x44014c EnumSystemLocalesW
0x440150 OutputDebugStringA
0x440154 OutputDebugStringW
0x440158 GetDateFormatW
0x44015c GetTimeFormatW
0x440160 CompareStringW
0x440164 LCMapStringW
0x440168 SetConsoleCtrlHandler
0x44016c HeapSize
0x440170 DecodePointer
USER32.dll
0x440178 MessageBoxW
0x44017c LoadStringW
ole32.dll
0x440184 OleInitialize
0x440188 OleUninitialize
EAT(Export Address Table) is none
KERNEL32.dll
0x440000 GetStdHandle
0x440004 GetCommandLineW
0x440008 WriteFile
0x44000c GetLastError
0x440010 HeapAlloc
0x440014 HeapFree
0x440018 GetProcessHeap
0x44001c WaitForSingleObject
0x440020 GetCurrentProcess
0x440024 ExitProcess
0x440028 GetExitCodeProcess
0x44002c CreateProcessW
0x440030 GetWindowsDirectoryW
0x440034 IsWow64Process
0x440038 FreeLibrary
0x44003c GetModuleHandleW
0x440040 GetProcAddress
0x440044 LoadLibraryExW
0x440048 LoadLibraryA
0x44004c LocalFree
0x440050 GetBinaryTypeW
0x440054 lstrlenW
0x440058 WideCharToMultiByte
0x44005c EnumTimeFormatsW
0x440060 GetConsoleOutputCP
0x440064 WriteConsoleW
0x440068 CloseHandle
0x44006c CreateFileW
0x440070 SetFilePointerEx
0x440074 GetConsoleMode
0x440078 GetConsoleCP
0x44007c FlushFileBuffers
0x440080 HeapReAlloc
0x440084 QueryPerformanceCounter
0x440088 GetCurrentProcessId
0x44008c GetCurrentThreadId
0x440090 GetSystemTimeAsFileTime
0x440094 InitializeSListHead
0x440098 IsDebuggerPresent
0x44009c UnhandledExceptionFilter
0x4400a0 SetUnhandledExceptionFilter
0x4400a4 GetStartupInfoW
0x4400a8 IsProcessorFeaturePresent
0x4400ac TerminateProcess
0x4400b0 InterlockedPushEntrySList
0x4400b4 InterlockedFlushSList
0x4400b8 RtlUnwind
0x4400bc SetLastError
0x4400c0 EnterCriticalSection
0x4400c4 LeaveCriticalSection
0x4400c8 DeleteCriticalSection
0x4400cc InitializeCriticalSectionAndSpinCount
0x4400d0 TlsAlloc
0x4400d4 TlsGetValue
0x4400d8 TlsSetValue
0x4400dc TlsFree
0x4400e0 EncodePointer
0x4400e4 RaiseException
0x4400e8 GetModuleFileNameW
0x4400ec GetModuleFileNameA
0x4400f0 MultiByteToWideChar
0x4400f4 GetModuleHandleExW
0x4400f8 GetCommandLineA
0x4400fc GetACP
0x440100 GetCurrentThread
0x440104 FindClose
0x440108 FindFirstFileExA
0x44010c FindFirstFileExW
0x440110 FindNextFileA
0x440114 FindNextFileW
0x440118 IsValidCodePage
0x44011c GetOEMCP
0x440120 GetCPInfo
0x440124 GetEnvironmentStringsW
0x440128 FreeEnvironmentStringsW
0x44012c SetEnvironmentVariableA
0x440130 SetEnvironmentVariableW
0x440134 SetStdHandle
0x440138 GetFileType
0x44013c GetStringTypeW
0x440140 GetLocaleInfoW
0x440144 IsValidLocale
0x440148 GetUserDefaultLCID
0x44014c EnumSystemLocalesW
0x440150 OutputDebugStringA
0x440154 OutputDebugStringW
0x440158 GetDateFormatW
0x44015c GetTimeFormatW
0x440160 CompareStringW
0x440164 LCMapStringW
0x440168 SetConsoleCtrlHandler
0x44016c HeapSize
0x440170 DecodePointer
USER32.dll
0x440178 MessageBoxW
0x44017c LoadStringW
ole32.dll
0x440184 OleInitialize
0x440188 OleUninitialize
EAT(Export Address Table) is none