Report - vbc.exe

Malicious Library PE File OS Processor Check PE32
ScreenShot
Created 2021.09.03 08:56 Machine s1_win7_x6402
Filename vbc.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
9
Behavior Score
1.4
ZERO API file : malware
VT API (file) 26 detected (Injects, Unsafe, malicious, confidence, Kryptik, Eldorado, Attribute, HighConfidence, MalwareX, Auto, Generic ML PUA, DownLoader41, Artemis, tpvr, Phonzy, Generic@ML, RDML, paW4E4mb6EjZmbyqbtNTBA, Static AI, Suspicious PE, Score, ZexaF, muW@aS3A)
md5 094922de5b4450aa3323088f17176cc8
sha256 0f9b5aec4138fe2a2ee2ae9f2a5283d531eae6e9d7946e3fe43a339a5b8d687b
ssdeep 6144:4gEfD/i1lkemVTt+ASZNaEz2p8/BgASaj:2met+fNXB9
imphash a7b457d95a61ac70fd2b86bfae649b5a
impfuzzy 48:i2TB3S1jtYG5c+ppXb34DTeKRJnq89fj/gaxzU/hdk6vijY:XS1jtYG5c+ppXb3iHZUJODk
  Network IP location

Signature (3cnts)

Level Description
warning File has been identified by 26 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
img.neko.airforce US DIGITALOCEAN-ASN 167.172.239.151 mailcious
167.172.239.151 US DIGITALOCEAN-ASN 167.172.239.151 mailcious

Suricata ids

PE API

IAT(Import Address Table) Library

SHLWAPI.dll
 0x42d174 SHRegDeleteUSValueW
 0x42d178 PathCombineA
 0x42d17c PathGetDriveNumberW
 0x42d180 StrToIntW
KERNEL32.dll
 0x42d014 VirtualProtect
 0x42d018 CreateFileW
 0x42d01c SetFilePointerEx
 0x42d020 GetConsoleMode
 0x42d024 GetConsoleOutputCP
 0x42d028 FlushFileBuffers
 0x42d02c HeapReAlloc
 0x42d030 HeapSize
 0x42d034 GetProcessHeap
 0x42d038 CloseHandle
 0x42d03c GetStringTypeW
 0x42d040 GetFileType
 0x42d044 SetStdHandle
 0x42d048 FreeEnvironmentStringsW
 0x42d04c GetEnvironmentStringsW
 0x42d050 WriteConsoleW
 0x42d054 DecodePointer
 0x42d058 WideCharToMultiByte
 0x42d05c MultiByteToWideChar
 0x42d060 LCMapStringW
 0x42d064 GetCommandLineW
 0x42d068 GetCommandLineA
 0x42d06c GetCPInfo
 0x42d070 GetOEMCP
 0x42d074 GetACP
 0x42d078 IsValidCodePage
 0x42d07c FindNextFileW
 0x42d080 FindFirstFileExW
 0x42d084 FindClose
 0x42d088 HeapAlloc
 0x42d08c HeapFree
 0x42d090 GetModuleHandleExW
 0x42d094 QueryPerformanceCounter
 0x42d098 GetCurrentProcessId
 0x42d09c GetCurrentThreadId
 0x42d0a0 GetSystemTimeAsFileTime
 0x42d0a4 InitializeSListHead
 0x42d0a8 IsDebuggerPresent
 0x42d0ac UnhandledExceptionFilter
 0x42d0b0 SetUnhandledExceptionFilter
 0x42d0b4 GetStartupInfoW
 0x42d0b8 IsProcessorFeaturePresent
 0x42d0bc GetModuleHandleW
 0x42d0c0 GetCurrentProcess
 0x42d0c4 TerminateProcess
 0x42d0c8 RaiseException
 0x42d0cc RtlUnwind
 0x42d0d0 GetLastError
 0x42d0d4 SetLastError
 0x42d0d8 EnterCriticalSection
 0x42d0dc LeaveCriticalSection
 0x42d0e0 DeleteCriticalSection
 0x42d0e4 InitializeCriticalSectionAndSpinCount
 0x42d0e8 TlsAlloc
 0x42d0ec TlsGetValue
 0x42d0f0 TlsSetValue
 0x42d0f4 TlsFree
 0x42d0f8 FreeLibrary
 0x42d0fc GetProcAddress
 0x42d100 LoadLibraryExW
 0x42d104 GetStdHandle
 0x42d108 WriteFile
 0x42d10c GetModuleFileNameW
 0x42d110 ExitProcess
RESUTILS.dll
 0x42d158 ResUtilAddUnknownProperties
 0x42d15c ResUtilGetResourceDependency
 0x42d160 ResUtilFindDwordProperty
 0x42d164 ClusWorkerTerminate
 0x42d168 ResUtilGetDwordValue
 0x42d16c ResUtilGetProperty
ODBC32.dll
 0x42d140 None
 0x42d144 None
 0x42d148 None
 0x42d14c None
 0x42d150 CursorLibTransact
USER32.dll
 0x42d188 ToUnicodeEx
 0x42d18c GetWindowModuleFileNameW
 0x42d190 ClipCursor
 0x42d194 MessageBoxW
 0x42d198 EditWndProc
 0x42d19c GetKeyboardLayoutList
MSACM32.dll
 0x42d118 acmDriverID
 0x42d11c acmFilterTagEnumA
 0x42d120 acmFormatSuggest
 0x42d124 acmFilterDetailsA
 0x42d128 acmFilterEnumW
AVIFIL32.dll
 0x42d000 AVISaveVW
 0x42d004 EditStreamSetInfo
 0x42d008 AVIPutFileOnClipboard
 0x42d00c AVIFileOpenW
MSVFW32.dll
 0x42d130 DrawDibStart
 0x42d134 DrawDibSetPalette
 0x42d138 ICGetDisplayFormat
WINMM.dll
 0x42d1a4 waveOutSetPitch
 0x42d1a8 mmioSetInfo
 0x42d1ac mmioGetInfo
 0x42d1b0 midiOutShortMsg
 0x42d1b4 waveInClose
 0x42d1b8 mmTaskSignal
 0x42d1bc midiInGetDevCapsW
 0x42d1c0 mmioDescend
 0x42d1c4 mixerGetNumDevs
 0x42d1c8 DriverCallback
 0x42d1cc midiOutGetID

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure