ScreenShot
| Created | 2021.09.04 14:11 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 48 detected (AIDetect, malware2, Hacktool, malicious, high confidence, DownLoader41, GenericKD, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, HMHX, PWSX, Obscure, CLASSIC, lahoa@0, Emotet, WinGo, Ranumbot, Minerva, fatuh, kcloud, Tnega, FormBook, VOZJFQ, score, MalPE, R440053, ai score=89, Convagent, Alig, Static AI, Malicious PE, HMIB, GdSda, susgen) | ||
| md5 | e2e2b1bd1df8d460c9b1d11097429d16 | ||
| sha256 | ca9d13706dad307a2021d1fa1683e46b5b9670b92ad0ee5e474cbea0620d6299 | ||
| ssdeep | 6144:qBIRwnGF/wPiDHwUT5ssghL4lvNqRzeCIj6l6+ky+NjKyOS/2qV4:DNwPiDHN57ghLuvMUj6Y+khhKfS/R4 | ||
| imphash | a5f1519af792c7c894446b2b7f883ca8 | ||
| impfuzzy | 48:CiIH6OjBUdeKHXyOZ+fcYtHaEGEUcv+6q:Tg1ExHXyY+fcYt6EGEUcv+6q | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 48 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41f000 GetCommandLineW
0x41f004 EnumResourceNamesW
0x41f008 GetNativeSystemInfo
0x41f00c lstrlenA
0x41f010 TlsGetValue
0x41f014 GetStringTypeA
0x41f018 InterlockedIncrement
0x41f01c GetQueuedCompletionStatus
0x41f020 ReadConsoleA
0x41f024 GetNamedPipeHandleStateA
0x41f028 GlobalLock
0x41f02c FreeEnvironmentStringsA
0x41f030 GetModuleHandleW
0x41f034 GetCurrentThread
0x41f038 GetPrivateProfileStringW
0x41f03c WriteFile
0x41f040 SetCommState
0x41f044 GlobalAlloc
0x41f048 LoadLibraryW
0x41f04c GetSystemWindowsDirectoryA
0x41f050 GetConsoleAliasExesLengthW
0x41f054 GlobalFlags
0x41f058 GetExitCodeProcess
0x41f05c IsDBCSLeadByte
0x41f060 ReadFile
0x41f064 GetNamedPipeHandleStateW
0x41f068 LCMapStringA
0x41f06c GetPrivateProfileIntW
0x41f070 InterlockedExchange
0x41f074 GetStartupInfoA
0x41f078 GetLastError
0x41f07c ReadConsoleOutputCharacterA
0x41f080 GetProcAddress
0x41f084 VirtualAlloc
0x41f088 CopyFileA
0x41f08c LoadLibraryA
0x41f090 GetFileType
0x41f094 SetCurrentDirectoryW
0x41f098 HeapWalk
0x41f09c FindAtomA
0x41f0a0 Process32NextW
0x41f0a4 EnumResourceNamesA
0x41f0a8 GetCPInfoExA
0x41f0ac SetThreadAffinityMask
0x41f0b0 FindAtomW
0x41f0b4 DeleteFileW
0x41f0b8 GetSystemTime
0x41f0bc CopyFileExA
0x41f0c0 InterlockedDecrement
0x41f0c4 Sleep
0x41f0c8 InitializeCriticalSection
0x41f0cc DeleteCriticalSection
0x41f0d0 EnterCriticalSection
0x41f0d4 LeaveCriticalSection
0x41f0d8 MultiByteToWideChar
0x41f0dc GetStartupInfoW
0x41f0e0 UnhandledExceptionFilter
0x41f0e4 SetUnhandledExceptionFilter
0x41f0e8 GetModuleFileNameW
0x41f0ec HeapValidate
0x41f0f0 IsBadReadPtr
0x41f0f4 RaiseException
0x41f0f8 RtlUnwind
0x41f0fc TerminateProcess
0x41f100 GetCurrentProcess
0x41f104 IsDebuggerPresent
0x41f108 GetACP
0x41f10c GetOEMCP
0x41f110 GetCPInfo
0x41f114 IsValidCodePage
0x41f118 TlsAlloc
0x41f11c TlsSetValue
0x41f120 GetCurrentThreadId
0x41f124 TlsFree
0x41f128 SetLastError
0x41f12c QueryPerformanceCounter
0x41f130 GetTickCount
0x41f134 GetCurrentProcessId
0x41f138 GetSystemTimeAsFileTime
0x41f13c ExitProcess
0x41f140 FreeEnvironmentStringsW
0x41f144 GetEnvironmentStringsW
0x41f148 SetHandleCount
0x41f14c GetStdHandle
0x41f150 HeapDestroy
0x41f154 HeapCreate
0x41f158 HeapFree
0x41f15c VirtualFree
0x41f160 GetModuleFileNameA
0x41f164 FlushFileBuffers
0x41f168 WideCharToMultiByte
0x41f16c GetConsoleCP
0x41f170 GetConsoleMode
0x41f174 DebugBreak
0x41f178 OutputDebugStringA
0x41f17c WriteConsoleW
0x41f180 OutputDebugStringW
0x41f184 HeapAlloc
0x41f188 HeapSize
0x41f18c HeapReAlloc
0x41f190 InitializeCriticalSectionAndSpinCount
0x41f194 LCMapStringW
0x41f198 GetStringTypeW
0x41f19c GetLocaleInfoA
0x41f1a0 SetStdHandle
0x41f1a4 WriteConsoleA
0x41f1a8 GetConsoleOutputCP
0x41f1ac SetFilePointer
0x41f1b0 CloseHandle
0x41f1b4 CreateFileA
EAT(Export Address Table) is none
KERNEL32.dll
0x41f000 GetCommandLineW
0x41f004 EnumResourceNamesW
0x41f008 GetNativeSystemInfo
0x41f00c lstrlenA
0x41f010 TlsGetValue
0x41f014 GetStringTypeA
0x41f018 InterlockedIncrement
0x41f01c GetQueuedCompletionStatus
0x41f020 ReadConsoleA
0x41f024 GetNamedPipeHandleStateA
0x41f028 GlobalLock
0x41f02c FreeEnvironmentStringsA
0x41f030 GetModuleHandleW
0x41f034 GetCurrentThread
0x41f038 GetPrivateProfileStringW
0x41f03c WriteFile
0x41f040 SetCommState
0x41f044 GlobalAlloc
0x41f048 LoadLibraryW
0x41f04c GetSystemWindowsDirectoryA
0x41f050 GetConsoleAliasExesLengthW
0x41f054 GlobalFlags
0x41f058 GetExitCodeProcess
0x41f05c IsDBCSLeadByte
0x41f060 ReadFile
0x41f064 GetNamedPipeHandleStateW
0x41f068 LCMapStringA
0x41f06c GetPrivateProfileIntW
0x41f070 InterlockedExchange
0x41f074 GetStartupInfoA
0x41f078 GetLastError
0x41f07c ReadConsoleOutputCharacterA
0x41f080 GetProcAddress
0x41f084 VirtualAlloc
0x41f088 CopyFileA
0x41f08c LoadLibraryA
0x41f090 GetFileType
0x41f094 SetCurrentDirectoryW
0x41f098 HeapWalk
0x41f09c FindAtomA
0x41f0a0 Process32NextW
0x41f0a4 EnumResourceNamesA
0x41f0a8 GetCPInfoExA
0x41f0ac SetThreadAffinityMask
0x41f0b0 FindAtomW
0x41f0b4 DeleteFileW
0x41f0b8 GetSystemTime
0x41f0bc CopyFileExA
0x41f0c0 InterlockedDecrement
0x41f0c4 Sleep
0x41f0c8 InitializeCriticalSection
0x41f0cc DeleteCriticalSection
0x41f0d0 EnterCriticalSection
0x41f0d4 LeaveCriticalSection
0x41f0d8 MultiByteToWideChar
0x41f0dc GetStartupInfoW
0x41f0e0 UnhandledExceptionFilter
0x41f0e4 SetUnhandledExceptionFilter
0x41f0e8 GetModuleFileNameW
0x41f0ec HeapValidate
0x41f0f0 IsBadReadPtr
0x41f0f4 RaiseException
0x41f0f8 RtlUnwind
0x41f0fc TerminateProcess
0x41f100 GetCurrentProcess
0x41f104 IsDebuggerPresent
0x41f108 GetACP
0x41f10c GetOEMCP
0x41f110 GetCPInfo
0x41f114 IsValidCodePage
0x41f118 TlsAlloc
0x41f11c TlsSetValue
0x41f120 GetCurrentThreadId
0x41f124 TlsFree
0x41f128 SetLastError
0x41f12c QueryPerformanceCounter
0x41f130 GetTickCount
0x41f134 GetCurrentProcessId
0x41f138 GetSystemTimeAsFileTime
0x41f13c ExitProcess
0x41f140 FreeEnvironmentStringsW
0x41f144 GetEnvironmentStringsW
0x41f148 SetHandleCount
0x41f14c GetStdHandle
0x41f150 HeapDestroy
0x41f154 HeapCreate
0x41f158 HeapFree
0x41f15c VirtualFree
0x41f160 GetModuleFileNameA
0x41f164 FlushFileBuffers
0x41f168 WideCharToMultiByte
0x41f16c GetConsoleCP
0x41f170 GetConsoleMode
0x41f174 DebugBreak
0x41f178 OutputDebugStringA
0x41f17c WriteConsoleW
0x41f180 OutputDebugStringW
0x41f184 HeapAlloc
0x41f188 HeapSize
0x41f18c HeapReAlloc
0x41f190 InitializeCriticalSectionAndSpinCount
0x41f194 LCMapStringW
0x41f198 GetStringTypeW
0x41f19c GetLocaleInfoA
0x41f1a0 SetStdHandle
0x41f1a4 WriteConsoleA
0x41f1a8 GetConsoleOutputCP
0x41f1ac SetFilePointer
0x41f1b0 CloseHandle
0x41f1b4 CreateFileA
EAT(Export Address Table) is none