ScreenShot
| Created | 2021.09.03 09:22 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (Unsafe, malicious, confidence, 100%, Attribute, HighConfidence, tpvr, kcloud, Formbook, score, Static AI, Suspicious PE, ZexaF, nuW@aixJHJli, susgen) | ||
| md5 | 2f66472775a1d52a7aa5c54e4f50160b | ||
| sha256 | bf31b12fa0ba232eb07eed27f004f9c34695ecc3eb4a5270b89f8abb519a059b | ||
| ssdeep | 6144:DgEfD/i1lkemVTt+ASZNaEz2lsS+QwyqquVy:pmet+fNi+0+ | ||
| imphash | a7b457d95a61ac70fd2b86bfae649b5a | ||
| impfuzzy | 48:i2TB3S1jtYG5c+ppXb34DTeKRJnq89fj/gaxzU/hdk6vijY:XS1jtYG5c+ppXb3iHZUJODk | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
SHLWAPI.dll
0x42d174 SHRegDeleteUSValueW
0x42d178 PathCombineA
0x42d17c PathGetDriveNumberW
0x42d180 StrToIntW
KERNEL32.dll
0x42d014 VirtualProtect
0x42d018 CreateFileW
0x42d01c SetFilePointerEx
0x42d020 GetConsoleMode
0x42d024 GetConsoleOutputCP
0x42d028 FlushFileBuffers
0x42d02c HeapReAlloc
0x42d030 HeapSize
0x42d034 GetProcessHeap
0x42d038 CloseHandle
0x42d03c GetStringTypeW
0x42d040 GetFileType
0x42d044 SetStdHandle
0x42d048 FreeEnvironmentStringsW
0x42d04c GetEnvironmentStringsW
0x42d050 WriteConsoleW
0x42d054 DecodePointer
0x42d058 WideCharToMultiByte
0x42d05c MultiByteToWideChar
0x42d060 LCMapStringW
0x42d064 GetCommandLineW
0x42d068 GetCommandLineA
0x42d06c GetCPInfo
0x42d070 GetOEMCP
0x42d074 GetACP
0x42d078 IsValidCodePage
0x42d07c FindNextFileW
0x42d080 FindFirstFileExW
0x42d084 FindClose
0x42d088 HeapAlloc
0x42d08c HeapFree
0x42d090 GetModuleHandleExW
0x42d094 QueryPerformanceCounter
0x42d098 GetCurrentProcessId
0x42d09c GetCurrentThreadId
0x42d0a0 GetSystemTimeAsFileTime
0x42d0a4 InitializeSListHead
0x42d0a8 IsDebuggerPresent
0x42d0ac UnhandledExceptionFilter
0x42d0b0 SetUnhandledExceptionFilter
0x42d0b4 GetStartupInfoW
0x42d0b8 IsProcessorFeaturePresent
0x42d0bc GetModuleHandleW
0x42d0c0 GetCurrentProcess
0x42d0c4 TerminateProcess
0x42d0c8 RaiseException
0x42d0cc RtlUnwind
0x42d0d0 GetLastError
0x42d0d4 SetLastError
0x42d0d8 EnterCriticalSection
0x42d0dc LeaveCriticalSection
0x42d0e0 DeleteCriticalSection
0x42d0e4 InitializeCriticalSectionAndSpinCount
0x42d0e8 TlsAlloc
0x42d0ec TlsGetValue
0x42d0f0 TlsSetValue
0x42d0f4 TlsFree
0x42d0f8 FreeLibrary
0x42d0fc GetProcAddress
0x42d100 LoadLibraryExW
0x42d104 GetStdHandle
0x42d108 WriteFile
0x42d10c GetModuleFileNameW
0x42d110 ExitProcess
RESUTILS.dll
0x42d158 ResUtilAddUnknownProperties
0x42d15c ResUtilGetResourceDependency
0x42d160 ResUtilFindDwordProperty
0x42d164 ClusWorkerTerminate
0x42d168 ResUtilGetDwordValue
0x42d16c ResUtilGetProperty
ODBC32.dll
0x42d140 None
0x42d144 None
0x42d148 None
0x42d14c None
0x42d150 CursorLibTransact
USER32.dll
0x42d188 ToUnicodeEx
0x42d18c GetWindowModuleFileNameW
0x42d190 ClipCursor
0x42d194 MessageBoxW
0x42d198 EditWndProc
0x42d19c GetKeyboardLayoutList
MSACM32.dll
0x42d118 acmDriverID
0x42d11c acmFilterTagEnumA
0x42d120 acmFormatSuggest
0x42d124 acmFilterDetailsA
0x42d128 acmFilterEnumW
AVIFIL32.dll
0x42d000 AVISaveVW
0x42d004 EditStreamSetInfo
0x42d008 AVIPutFileOnClipboard
0x42d00c AVIFileOpenW
MSVFW32.dll
0x42d130 DrawDibStart
0x42d134 DrawDibSetPalette
0x42d138 ICGetDisplayFormat
WINMM.dll
0x42d1a4 waveOutSetPitch
0x42d1a8 mmioSetInfo
0x42d1ac mmioGetInfo
0x42d1b0 midiOutShortMsg
0x42d1b4 waveInClose
0x42d1b8 mmTaskSignal
0x42d1bc midiInGetDevCapsW
0x42d1c0 mmioDescend
0x42d1c4 mixerGetNumDevs
0x42d1c8 DriverCallback
0x42d1cc midiOutGetID
EAT(Export Address Table) is none
SHLWAPI.dll
0x42d174 SHRegDeleteUSValueW
0x42d178 PathCombineA
0x42d17c PathGetDriveNumberW
0x42d180 StrToIntW
KERNEL32.dll
0x42d014 VirtualProtect
0x42d018 CreateFileW
0x42d01c SetFilePointerEx
0x42d020 GetConsoleMode
0x42d024 GetConsoleOutputCP
0x42d028 FlushFileBuffers
0x42d02c HeapReAlloc
0x42d030 HeapSize
0x42d034 GetProcessHeap
0x42d038 CloseHandle
0x42d03c GetStringTypeW
0x42d040 GetFileType
0x42d044 SetStdHandle
0x42d048 FreeEnvironmentStringsW
0x42d04c GetEnvironmentStringsW
0x42d050 WriteConsoleW
0x42d054 DecodePointer
0x42d058 WideCharToMultiByte
0x42d05c MultiByteToWideChar
0x42d060 LCMapStringW
0x42d064 GetCommandLineW
0x42d068 GetCommandLineA
0x42d06c GetCPInfo
0x42d070 GetOEMCP
0x42d074 GetACP
0x42d078 IsValidCodePage
0x42d07c FindNextFileW
0x42d080 FindFirstFileExW
0x42d084 FindClose
0x42d088 HeapAlloc
0x42d08c HeapFree
0x42d090 GetModuleHandleExW
0x42d094 QueryPerformanceCounter
0x42d098 GetCurrentProcessId
0x42d09c GetCurrentThreadId
0x42d0a0 GetSystemTimeAsFileTime
0x42d0a4 InitializeSListHead
0x42d0a8 IsDebuggerPresent
0x42d0ac UnhandledExceptionFilter
0x42d0b0 SetUnhandledExceptionFilter
0x42d0b4 GetStartupInfoW
0x42d0b8 IsProcessorFeaturePresent
0x42d0bc GetModuleHandleW
0x42d0c0 GetCurrentProcess
0x42d0c4 TerminateProcess
0x42d0c8 RaiseException
0x42d0cc RtlUnwind
0x42d0d0 GetLastError
0x42d0d4 SetLastError
0x42d0d8 EnterCriticalSection
0x42d0dc LeaveCriticalSection
0x42d0e0 DeleteCriticalSection
0x42d0e4 InitializeCriticalSectionAndSpinCount
0x42d0e8 TlsAlloc
0x42d0ec TlsGetValue
0x42d0f0 TlsSetValue
0x42d0f4 TlsFree
0x42d0f8 FreeLibrary
0x42d0fc GetProcAddress
0x42d100 LoadLibraryExW
0x42d104 GetStdHandle
0x42d108 WriteFile
0x42d10c GetModuleFileNameW
0x42d110 ExitProcess
RESUTILS.dll
0x42d158 ResUtilAddUnknownProperties
0x42d15c ResUtilGetResourceDependency
0x42d160 ResUtilFindDwordProperty
0x42d164 ClusWorkerTerminate
0x42d168 ResUtilGetDwordValue
0x42d16c ResUtilGetProperty
ODBC32.dll
0x42d140 None
0x42d144 None
0x42d148 None
0x42d14c None
0x42d150 CursorLibTransact
USER32.dll
0x42d188 ToUnicodeEx
0x42d18c GetWindowModuleFileNameW
0x42d190 ClipCursor
0x42d194 MessageBoxW
0x42d198 EditWndProc
0x42d19c GetKeyboardLayoutList
MSACM32.dll
0x42d118 acmDriverID
0x42d11c acmFilterTagEnumA
0x42d120 acmFormatSuggest
0x42d124 acmFilterDetailsA
0x42d128 acmFilterEnumW
AVIFIL32.dll
0x42d000 AVISaveVW
0x42d004 EditStreamSetInfo
0x42d008 AVIPutFileOnClipboard
0x42d00c AVIFileOpenW
MSVFW32.dll
0x42d130 DrawDibStart
0x42d134 DrawDibSetPalette
0x42d138 ICGetDisplayFormat
WINMM.dll
0x42d1a4 waveOutSetPitch
0x42d1a8 mmioSetInfo
0x42d1ac mmioGetInfo
0x42d1b0 midiOutShortMsg
0x42d1b4 waveInClose
0x42d1b8 mmTaskSignal
0x42d1bc midiInGetDevCapsW
0x42d1c0 mmioDescend
0x42d1c4 mixerGetNumDevs
0x42d1c8 DriverCallback
0x42d1cc midiOutGetID
EAT(Export Address Table) is none