ScreenShot
| Created | 2021.09.01 07:39 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 39 detected (AIDetect, malware2, malicious, high confidence, Fragtor, Unsafe, Save, Hacktool, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, HMHD, FileRepMetagen, Static AI, Malicious PE, Azorult, score, MalPE, R439497, Artemis, ai score=84, BScope, Blocker, CLASSIC, GenKryptik, FJUH, ZexaF, qq0@amMlyoaG, susgen) | ||
| md5 | 94db0490bbaf3752ea87c1785513dccb | ||
| sha256 | 99de69831f2ae92832201028176727cc4f140246f0ee00ce795e51584e2bc8c1 | ||
| ssdeep | 6144:HzLfg3tObV9jGB7oLEASigFVg8uNsIY6xA:HzbICoKLEAohB | ||
| imphash | 41ae3a1dcdcc3462598a2d3012d6e252 | ||
| impfuzzy | 24:e9bG2Sl8u9EI4k1ZruqfuDaqkbRKQb8zm2zO+6dx+cjtrlFTZKJ3zlORyvuTmjMv:J1JrNNb8CfJdx+cjtfT4zRu/A5U | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418000 CreateTimerQueue
0x418004 GetDefaultCommConfigW
0x418008 EndUpdateResourceW
0x41800c InterlockedIncrement
0x418010 SetEnvironmentVariableW
0x418014 GetEnvironmentStringsW
0x418018 AddConsoleAliasW
0x41801c EnumCalendarInfoExW
0x418020 GetConsoleTitleA
0x418024 ReadConsoleW
0x418028 WriteFile
0x41802c GetUserDefaultLangID
0x418030 GetEnvironmentStrings
0x418034 GlobalAlloc
0x418038 SetVolumeMountPointA
0x41803c GetSystemWindowsDirectoryA
0x418040 WriteConsoleOutputA
0x418044 lstrcpynW
0x418048 HeapReAlloc
0x41804c HeapQueryInformation
0x418050 GetModuleFileNameW
0x418054 GetACP
0x418058 LCMapStringA
0x41805c GetProcAddress
0x418060 GetComputerNameExW
0x418064 FreeUserPhysicalPages
0x418068 EnterCriticalSection
0x41806c VerLanguageNameW
0x418070 GetLocalTime
0x418074 LoadLibraryA
0x418078 WaitForMultipleObjects
0x41807c VirtualProtect
0x418080 PeekConsoleInputA
0x418084 GetCPInfoExA
0x418088 GetVersionExA
0x41808c ReadConsoleInputW
0x418090 GetVersion
0x418094 DeleteTimerQueueTimer
0x418098 GetCurrentProcessId
0x41809c FindNextVolumeA
0x4180a0 CreateThread
0x4180a4 CreateFileA
0x4180a8 PulseEvent
0x4180ac VerifyVersionInfoA
0x4180b0 GetCommandLineW
0x4180b4 SetStdHandle
0x4180b8 SetFilePointer
0x4180bc WideCharToMultiByte
0x4180c0 InterlockedDecrement
0x4180c4 InterlockedExchange
0x4180c8 MultiByteToWideChar
0x4180cc Sleep
0x4180d0 InitializeCriticalSection
0x4180d4 DeleteCriticalSection
0x4180d8 LeaveCriticalSection
0x4180dc UnhandledExceptionFilter
0x4180e0 SetUnhandledExceptionFilter
0x4180e4 GetLastError
0x4180e8 HeapFree
0x4180ec TerminateProcess
0x4180f0 GetCurrentProcess
0x4180f4 IsDebuggerPresent
0x4180f8 GetModuleHandleW
0x4180fc ExitProcess
0x418100 GetStartupInfoW
0x418104 GetCPInfo
0x418108 RtlUnwind
0x41810c LCMapStringW
0x418110 GetStringTypeW
0x418114 GetStdHandle
0x418118 GetModuleFileNameA
0x41811c HeapAlloc
0x418120 HeapCreate
0x418124 VirtualFree
0x418128 VirtualAlloc
0x41812c TlsGetValue
0x418130 TlsAlloc
0x418134 TlsSetValue
0x418138 TlsFree
0x41813c SetLastError
0x418140 GetCurrentThreadId
0x418144 InitializeCriticalSectionAndSpinCount
0x418148 FreeEnvironmentStringsW
0x41814c SetHandleCount
0x418150 GetFileType
0x418154 GetStartupInfoA
0x418158 QueryPerformanceCounter
0x41815c GetTickCount
0x418160 GetSystemTimeAsFileTime
0x418164 GetStringTypeA
0x418168 HeapSize
0x41816c GetOEMCP
0x418170 IsValidCodePage
0x418174 GetLocaleInfoA
0x418178 GetConsoleCP
0x41817c GetConsoleMode
0x418180 FlushFileBuffers
0x418184 CloseHandle
0x418188 WriteConsoleA
0x41818c GetConsoleOutputCP
0x418190 WriteConsoleW
USER32.dll
0x418198 ScreenToClient
0x41819c RealGetWindowClassA
EAT(Export Address Table) is none
KERNEL32.dll
0x418000 CreateTimerQueue
0x418004 GetDefaultCommConfigW
0x418008 EndUpdateResourceW
0x41800c InterlockedIncrement
0x418010 SetEnvironmentVariableW
0x418014 GetEnvironmentStringsW
0x418018 AddConsoleAliasW
0x41801c EnumCalendarInfoExW
0x418020 GetConsoleTitleA
0x418024 ReadConsoleW
0x418028 WriteFile
0x41802c GetUserDefaultLangID
0x418030 GetEnvironmentStrings
0x418034 GlobalAlloc
0x418038 SetVolumeMountPointA
0x41803c GetSystemWindowsDirectoryA
0x418040 WriteConsoleOutputA
0x418044 lstrcpynW
0x418048 HeapReAlloc
0x41804c HeapQueryInformation
0x418050 GetModuleFileNameW
0x418054 GetACP
0x418058 LCMapStringA
0x41805c GetProcAddress
0x418060 GetComputerNameExW
0x418064 FreeUserPhysicalPages
0x418068 EnterCriticalSection
0x41806c VerLanguageNameW
0x418070 GetLocalTime
0x418074 LoadLibraryA
0x418078 WaitForMultipleObjects
0x41807c VirtualProtect
0x418080 PeekConsoleInputA
0x418084 GetCPInfoExA
0x418088 GetVersionExA
0x41808c ReadConsoleInputW
0x418090 GetVersion
0x418094 DeleteTimerQueueTimer
0x418098 GetCurrentProcessId
0x41809c FindNextVolumeA
0x4180a0 CreateThread
0x4180a4 CreateFileA
0x4180a8 PulseEvent
0x4180ac VerifyVersionInfoA
0x4180b0 GetCommandLineW
0x4180b4 SetStdHandle
0x4180b8 SetFilePointer
0x4180bc WideCharToMultiByte
0x4180c0 InterlockedDecrement
0x4180c4 InterlockedExchange
0x4180c8 MultiByteToWideChar
0x4180cc Sleep
0x4180d0 InitializeCriticalSection
0x4180d4 DeleteCriticalSection
0x4180d8 LeaveCriticalSection
0x4180dc UnhandledExceptionFilter
0x4180e0 SetUnhandledExceptionFilter
0x4180e4 GetLastError
0x4180e8 HeapFree
0x4180ec TerminateProcess
0x4180f0 GetCurrentProcess
0x4180f4 IsDebuggerPresent
0x4180f8 GetModuleHandleW
0x4180fc ExitProcess
0x418100 GetStartupInfoW
0x418104 GetCPInfo
0x418108 RtlUnwind
0x41810c LCMapStringW
0x418110 GetStringTypeW
0x418114 GetStdHandle
0x418118 GetModuleFileNameA
0x41811c HeapAlloc
0x418120 HeapCreate
0x418124 VirtualFree
0x418128 VirtualAlloc
0x41812c TlsGetValue
0x418130 TlsAlloc
0x418134 TlsSetValue
0x418138 TlsFree
0x41813c SetLastError
0x418140 GetCurrentThreadId
0x418144 InitializeCriticalSectionAndSpinCount
0x418148 FreeEnvironmentStringsW
0x41814c SetHandleCount
0x418150 GetFileType
0x418154 GetStartupInfoA
0x418158 QueryPerformanceCounter
0x41815c GetTickCount
0x418160 GetSystemTimeAsFileTime
0x418164 GetStringTypeA
0x418168 HeapSize
0x41816c GetOEMCP
0x418170 IsValidCodePage
0x418174 GetLocaleInfoA
0x418178 GetConsoleCP
0x41817c GetConsoleMode
0x418180 FlushFileBuffers
0x418184 CloseHandle
0x418188 WriteConsoleA
0x41818c GetConsoleOutputCP
0x418190 WriteConsoleW
USER32.dll
0x418198 ScreenToClient
0x41819c RealGetWindowClassA
EAT(Export Address Table) is none