ScreenShot
| Created | 2021.09.10 17:24 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 36 detected (malicious, high confidence, score, Remcos, confidence, Razy, Attribute, HighConfidence, Emotet, Outbreak, kcloud, Tnega, BScope, Injects, ai score=86, Generic@ML, RDML, lv00IVAK+STScp+QI22yaw, Static AI, Malicious PE, ZexaCO, byW@a8DwyUei, GdSda) | ||
| md5 | 09abff7fd37311b306d557540ecbb5c0 | ||
| sha256 | b67741cbd39464c7526c9cda83175c342aaba91fb990dd96d60083d028f00228 | ||
| ssdeep | 384:HX8bO2AEgXhjXsm4sm4sm4sm3BqjbW6Y33VjXjXjXV3VjXXjXO7OjXjQ4X4MjMc5:HXtwwCz12kkhycyrsR2vZ | ||
| imphash | f0cc030bb7973df4137d34f314ff314a | ||
| impfuzzy | 24:RKGkXSByR49e5998weoFAuBW1gREzXEEEG5mMLV4QwL:RKiyR4En98wewAu8rzU9GLV4QA | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
MSWSOCK.dll
0x403408 EnumProtocolsW
0x40340c GetAddressByNameW
0x403410 GetNameByTypeW
0x403414 GetServiceW
0x403418 GetTypeByNameW
0x40341c dn_expand
0x403420 getnetbyname
0x403424 inet_network
0x403428 s_perror
wsnmp32.dll
0x403430 None
0x403434 None
0x403438 None
0x40343c None
0x403440 None
0x403444 None
0x403448 None
0x40344c None
ODBC32.dll
0x403454 CollectODBCPerfData
0x403458 CursorLibLockDesc
0x40345c None
0x403460 None
0x403464 None
0x403468 None
0x40346c None
WINMM.dll
0x403474 joyGetNumDevs
0x403478 midiConnect
0x40347c midiInGetErrorTextW
0x403480 midiOutLongMsg
0x403484 mixerGetID
0x403488 waveOutGetErrorTextA
AVIFIL32.dll
0x403490 AVIFileCreateStreamA
0x403494 AVIStreamGetFrameOpen
0x403498 AVIStreamInfo
0x40349c AVIStreamTimeToSample
MSVFW32.dll
0x4034a4 ICInfo
MPR.dll
0x4034ac WNetConnectionDialog1W
0x4034b0 WNetEnumResourceW
0x4034b4 WNetGetProviderNameA
0x4034b8 WNetGetResourceInformationA
0x4034bc WNetGetUserA
KERNEL32.dll
0x4034c4 VirtualProtect
USER32.dll
0x4034cc GetDC
0x4034d0 GrayStringA
0x4034d4 MessageBoxA
EAT(Export Address Table) is none
MSWSOCK.dll
0x403408 EnumProtocolsW
0x40340c GetAddressByNameW
0x403410 GetNameByTypeW
0x403414 GetServiceW
0x403418 GetTypeByNameW
0x40341c dn_expand
0x403420 getnetbyname
0x403424 inet_network
0x403428 s_perror
wsnmp32.dll
0x403430 None
0x403434 None
0x403438 None
0x40343c None
0x403440 None
0x403444 None
0x403448 None
0x40344c None
ODBC32.dll
0x403454 CollectODBCPerfData
0x403458 CursorLibLockDesc
0x40345c None
0x403460 None
0x403464 None
0x403468 None
0x40346c None
WINMM.dll
0x403474 joyGetNumDevs
0x403478 midiConnect
0x40347c midiInGetErrorTextW
0x403480 midiOutLongMsg
0x403484 mixerGetID
0x403488 waveOutGetErrorTextA
AVIFIL32.dll
0x403490 AVIFileCreateStreamA
0x403494 AVIStreamGetFrameOpen
0x403498 AVIStreamInfo
0x40349c AVIStreamTimeToSample
MSVFW32.dll
0x4034a4 ICInfo
MPR.dll
0x4034ac WNetConnectionDialog1W
0x4034b0 WNetEnumResourceW
0x4034b4 WNetGetProviderNameA
0x4034b8 WNetGetResourceInformationA
0x4034bc WNetGetUserA
KERNEL32.dll
0x4034c4 VirtualProtect
USER32.dll
0x4034cc GetDC
0x4034d0 GrayStringA
0x4034d4 MessageBoxA
EAT(Export Address Table) is none