ScreenShot
| Created | 2021.09.17 09:56 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetect, malware1, malicious, high confidence, GenericKD, Unsafe, Save, Glupteba, Kryptik, Eldorado, HMLI, Androm, CrypterX, R + Troj, Krypt, Emotet, bbqu, STOP, se25773, LWDS3H, score, CoinMiner, R441292, ai score=80, Sabsik, CLASSIC, Static AI, Malicious PE, susgen, GenericKDZ, ZexaF, nq0@aOimXxjG, GdSda, confidence, 100%) | ||
| md5 | be72c9c102de48a6b9158380af41e609 | ||
| sha256 | 282371a6cd19af1c0b076d80d1a34e0b5920427cfa998bc34f68c6d6d2601c08 | ||
| ssdeep | 3072:oLwDxFgIET9jdYFwPiaXV8PbinKt21nLhYnlu5opOQsWvGj170IClhRS:DDMvYFWXV8EKSQpZGj1AIClhR | ||
| imphash | 1f1778a50f9b54ca062656e19d05039f | ||
| impfuzzy | 24:dZZZyxOdawDYeOeV90YbPGOrOovLtM/J3JKUdYXpiyv6v8OTAjMbl9PuvRE:dZZZWOdaNRaZZa0tCBQpbIfzuK | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x421010 GetCurrentProcess
0x421014 GetSystemWindowsDirectoryW
0x421018 GetUserDefaultLCID
0x42101c GetSystemDefaultLCID
0x421020 ReadConsoleW
0x421024 GetEnvironmentStrings
0x421028 GetLocaleInfoW
0x42102c LeaveCriticalSection
0x421030 FindNextVolumeW
0x421034 WriteConsoleW
0x421038 GetModuleFileNameW
0x42103c GetACP
0x421040 VerifyVersionInfoW
0x421044 InterlockedExchange
0x421048 Module32First
0x42104c GetProcAddress
0x421050 EnterCriticalSection
0x421054 PrepareTape
0x421058 ResetEvent
0x42105c GetAtomNameA
0x421060 LocalAlloc
0x421064 SetConsoleTitleW
0x421068 GetModuleHandleA
0x42106c GetCurrentProcessId
0x421070 AddConsoleAliasA
0x421074 FindActCtxSectionStringW
0x421078 GetSystemTime
0x42107c GetProfileSectionW
0x421080 GetLocaleInfoA
0x421084 FindActCtxSectionGuid
0x421088 GetConsoleOutputCP
0x42108c GetCommandLineW
0x421090 HeapAlloc
0x421094 GetCommandLineA
0x421098 GetStartupInfoA
0x42109c TerminateProcess
0x4210a0 UnhandledExceptionFilter
0x4210a4 SetUnhandledExceptionFilter
0x4210a8 IsDebuggerPresent
0x4210ac GetModuleHandleW
0x4210b0 TlsGetValue
0x4210b4 TlsAlloc
0x4210b8 TlsSetValue
0x4210bc TlsFree
0x4210c0 InterlockedIncrement
0x4210c4 SetLastError
0x4210c8 GetCurrentThreadId
0x4210cc GetLastError
0x4210d0 InterlockedDecrement
0x4210d4 DeleteCriticalSection
0x4210d8 HeapFree
0x4210dc VirtualFree
0x4210e0 VirtualAlloc
0x4210e4 HeapReAlloc
0x4210e8 HeapCreate
0x4210ec Sleep
0x4210f0 ExitProcess
0x4210f4 WriteFile
0x4210f8 GetStdHandle
0x4210fc GetModuleFileNameA
0x421100 HeapSize
0x421104 RtlUnwind
0x421108 SetHandleCount
0x42110c GetFileType
0x421110 SetFilePointer
0x421114 CloseHandle
0x421118 FreeEnvironmentStringsA
0x42111c FreeEnvironmentStringsW
0x421120 WideCharToMultiByte
0x421124 GetEnvironmentStringsW
0x421128 QueryPerformanceCounter
0x42112c GetTickCount
0x421130 GetSystemTimeAsFileTime
0x421134 GetConsoleCP
0x421138 GetConsoleMode
0x42113c GetCPInfo
0x421140 GetOEMCP
0x421144 IsValidCodePage
0x421148 InitializeCriticalSectionAndSpinCount
0x42114c LoadLibraryA
0x421150 CreateFileA
0x421154 RaiseException
0x421158 SetStdHandle
0x42115c FlushFileBuffers
0x421160 WriteConsoleA
0x421164 MultiByteToWideChar
0x421168 LCMapStringA
0x42116c LCMapStringW
0x421170 GetStringTypeA
0x421174 GetStringTypeW
0x421178 SetEndOfFile
0x42117c GetProcessHeap
0x421180 ReadFile
GDI32.dll
0x421008 GetCharWidthFloatA
ADVAPI32.dll
0x421000 BackupEventLogA
EAT(Export Address Table) Library
0x401000 @GetAnotherVice@12
KERNEL32.dll
0x421010 GetCurrentProcess
0x421014 GetSystemWindowsDirectoryW
0x421018 GetUserDefaultLCID
0x42101c GetSystemDefaultLCID
0x421020 ReadConsoleW
0x421024 GetEnvironmentStrings
0x421028 GetLocaleInfoW
0x42102c LeaveCriticalSection
0x421030 FindNextVolumeW
0x421034 WriteConsoleW
0x421038 GetModuleFileNameW
0x42103c GetACP
0x421040 VerifyVersionInfoW
0x421044 InterlockedExchange
0x421048 Module32First
0x42104c GetProcAddress
0x421050 EnterCriticalSection
0x421054 PrepareTape
0x421058 ResetEvent
0x42105c GetAtomNameA
0x421060 LocalAlloc
0x421064 SetConsoleTitleW
0x421068 GetModuleHandleA
0x42106c GetCurrentProcessId
0x421070 AddConsoleAliasA
0x421074 FindActCtxSectionStringW
0x421078 GetSystemTime
0x42107c GetProfileSectionW
0x421080 GetLocaleInfoA
0x421084 FindActCtxSectionGuid
0x421088 GetConsoleOutputCP
0x42108c GetCommandLineW
0x421090 HeapAlloc
0x421094 GetCommandLineA
0x421098 GetStartupInfoA
0x42109c TerminateProcess
0x4210a0 UnhandledExceptionFilter
0x4210a4 SetUnhandledExceptionFilter
0x4210a8 IsDebuggerPresent
0x4210ac GetModuleHandleW
0x4210b0 TlsGetValue
0x4210b4 TlsAlloc
0x4210b8 TlsSetValue
0x4210bc TlsFree
0x4210c0 InterlockedIncrement
0x4210c4 SetLastError
0x4210c8 GetCurrentThreadId
0x4210cc GetLastError
0x4210d0 InterlockedDecrement
0x4210d4 DeleteCriticalSection
0x4210d8 HeapFree
0x4210dc VirtualFree
0x4210e0 VirtualAlloc
0x4210e4 HeapReAlloc
0x4210e8 HeapCreate
0x4210ec Sleep
0x4210f0 ExitProcess
0x4210f4 WriteFile
0x4210f8 GetStdHandle
0x4210fc GetModuleFileNameA
0x421100 HeapSize
0x421104 RtlUnwind
0x421108 SetHandleCount
0x42110c GetFileType
0x421110 SetFilePointer
0x421114 CloseHandle
0x421118 FreeEnvironmentStringsA
0x42111c FreeEnvironmentStringsW
0x421120 WideCharToMultiByte
0x421124 GetEnvironmentStringsW
0x421128 QueryPerformanceCounter
0x42112c GetTickCount
0x421130 GetSystemTimeAsFileTime
0x421134 GetConsoleCP
0x421138 GetConsoleMode
0x42113c GetCPInfo
0x421140 GetOEMCP
0x421144 IsValidCodePage
0x421148 InitializeCriticalSectionAndSpinCount
0x42114c LoadLibraryA
0x421150 CreateFileA
0x421154 RaiseException
0x421158 SetStdHandle
0x42115c FlushFileBuffers
0x421160 WriteConsoleA
0x421164 MultiByteToWideChar
0x421168 LCMapStringA
0x42116c LCMapStringW
0x421170 GetStringTypeA
0x421174 GetStringTypeW
0x421178 SetEndOfFile
0x42117c GetProcessHeap
0x421180 ReadFile
GDI32.dll
0x421008 GetCharWidthFloatA
ADVAPI32.dll
0x421000 BackupEventLogA
EAT(Export Address Table) Library
0x401000 @GetAnotherVice@12