ScreenShot
| Created | 2021.09.23 09:04 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 50 detected (AIDetect, malware2, Malicious, high confidence, Fragtor, Unsafe, Save, StopCrypt, ZexaF, mq0@aORskhoG, Kryptik, Eldorado, Attribute, HighConfidence, HMMI, Androm, MalwareX, CLASSIC, Lockbit, A + Troj, Krypt, bbsk, LokiBot, tztsf, ASMalwS, kcloud, STOP, se35367, score, MalPE, R441518, ai score=100, R06CH0CIG21, Fareit, Auto, Static AI, Malicious PE, GdSda, confidence, 100%) | ||
| md5 | 7d61098bd6413d9eaa84abca69c207b9 | ||
| sha256 | 51e4e8ce104c598529d82164820861312b26cb75de0271e0e9917a153116416d | ||
| ssdeep | 3072:NMyLh+c3a2Fwo6qwBxpBEoxNO5kY1WOaHudC3mS:qyL33HFwosbBvHY1WOaHudL | ||
| imphash | a0a666636aca5f36444e237f86f70507 | ||
| impfuzzy | 24:Qlb6c0Zajp7Qrzwse5DYeOLhb0nAxOltgdYE7/J3Jpiyv4OT43jMFl9Puv9:YgZOQrzpRLhEltgrVLbpckzuV | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 50 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x421000 GetLocaleInfoA
0x421004 LoadResource
0x421008 FindActCtxSectionGuid
0x42100c ReadConsoleA
0x421010 InterlockedDecrement
0x421014 GetCurrentProcess
0x421018 GetEnvironmentStringsW
0x42101c GetUserDefaultLCID
0x421020 WaitForSingleObject
0x421024 AddConsoleAliasW
0x421028 FindActCtxSectionStringA
0x42102c GetUserDefaultLangID
0x421030 InitializeCriticalSection
0x421034 ReadConsoleInputA
0x421038 GetSystemWindowsDirectoryA
0x42103c PulseEvent
0x421040 VerifyVersionInfoA
0x421044 WriteConsoleW
0x421048 GetModuleFileNameW
0x42104c ReleaseSemaphore
0x421050 GetConsoleOutputCP
0x421054 GetProcAddress
0x421058 EnterCriticalSection
0x42105c PrepareTape
0x421060 OpenMutexA
0x421064 LocalAlloc
0x421068 GlobalGetAtomNameW
0x42106c WaitForMultipleObjects
0x421070 SetSystemTime
0x421074 GetModuleFileNameA
0x421078 SetConsoleTitleW
0x42107c GetModuleHandleA
0x421080 FindFirstVolumeA
0x421084 GetProfileSectionW
0x421088 LeaveCriticalSection
0x42108c GetCommandLineW
0x421090 HeapAlloc
0x421094 GetStartupInfoW
0x421098 TerminateProcess
0x42109c UnhandledExceptionFilter
0x4210a0 SetUnhandledExceptionFilter
0x4210a4 IsDebuggerPresent
0x4210a8 DeleteCriticalSection
0x4210ac HeapFree
0x4210b0 VirtualFree
0x4210b4 VirtualAlloc
0x4210b8 HeapReAlloc
0x4210bc HeapCreate
0x4210c0 GetModuleHandleW
0x4210c4 Sleep
0x4210c8 ExitProcess
0x4210cc WriteFile
0x4210d0 GetStdHandle
0x4210d4 TlsGetValue
0x4210d8 TlsAlloc
0x4210dc TlsSetValue
0x4210e0 TlsFree
0x4210e4 InterlockedIncrement
0x4210e8 SetLastError
0x4210ec GetCurrentThreadId
0x4210f0 GetLastError
0x4210f4 HeapSize
0x4210f8 RtlUnwind
0x4210fc SetHandleCount
0x421100 GetFileType
0x421104 GetStartupInfoA
0x421108 SetFilePointer
0x42110c CloseHandle
0x421110 FreeEnvironmentStringsW
0x421114 QueryPerformanceCounter
0x421118 GetTickCount
0x42111c GetCurrentProcessId
0x421120 GetSystemTimeAsFileTime
0x421124 WideCharToMultiByte
0x421128 GetConsoleCP
0x42112c GetConsoleMode
0x421130 GetCPInfo
0x421134 GetACP
0x421138 GetOEMCP
0x42113c IsValidCodePage
0x421140 InitializeCriticalSectionAndSpinCount
0x421144 LoadLibraryA
0x421148 CreateFileA
0x42114c RaiseException
0x421150 SetStdHandle
0x421154 FlushFileBuffers
0x421158 WriteConsoleA
0x42115c MultiByteToWideChar
0x421160 LCMapStringA
0x421164 LCMapStringW
0x421168 GetStringTypeA
0x42116c GetStringTypeW
0x421170 SetEndOfFile
0x421174 GetProcessHeap
0x421178 ReadFile
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12
KERNEL32.dll
0x421000 GetLocaleInfoA
0x421004 LoadResource
0x421008 FindActCtxSectionGuid
0x42100c ReadConsoleA
0x421010 InterlockedDecrement
0x421014 GetCurrentProcess
0x421018 GetEnvironmentStringsW
0x42101c GetUserDefaultLCID
0x421020 WaitForSingleObject
0x421024 AddConsoleAliasW
0x421028 FindActCtxSectionStringA
0x42102c GetUserDefaultLangID
0x421030 InitializeCriticalSection
0x421034 ReadConsoleInputA
0x421038 GetSystemWindowsDirectoryA
0x42103c PulseEvent
0x421040 VerifyVersionInfoA
0x421044 WriteConsoleW
0x421048 GetModuleFileNameW
0x42104c ReleaseSemaphore
0x421050 GetConsoleOutputCP
0x421054 GetProcAddress
0x421058 EnterCriticalSection
0x42105c PrepareTape
0x421060 OpenMutexA
0x421064 LocalAlloc
0x421068 GlobalGetAtomNameW
0x42106c WaitForMultipleObjects
0x421070 SetSystemTime
0x421074 GetModuleFileNameA
0x421078 SetConsoleTitleW
0x42107c GetModuleHandleA
0x421080 FindFirstVolumeA
0x421084 GetProfileSectionW
0x421088 LeaveCriticalSection
0x42108c GetCommandLineW
0x421090 HeapAlloc
0x421094 GetStartupInfoW
0x421098 TerminateProcess
0x42109c UnhandledExceptionFilter
0x4210a0 SetUnhandledExceptionFilter
0x4210a4 IsDebuggerPresent
0x4210a8 DeleteCriticalSection
0x4210ac HeapFree
0x4210b0 VirtualFree
0x4210b4 VirtualAlloc
0x4210b8 HeapReAlloc
0x4210bc HeapCreate
0x4210c0 GetModuleHandleW
0x4210c4 Sleep
0x4210c8 ExitProcess
0x4210cc WriteFile
0x4210d0 GetStdHandle
0x4210d4 TlsGetValue
0x4210d8 TlsAlloc
0x4210dc TlsSetValue
0x4210e0 TlsFree
0x4210e4 InterlockedIncrement
0x4210e8 SetLastError
0x4210ec GetCurrentThreadId
0x4210f0 GetLastError
0x4210f4 HeapSize
0x4210f8 RtlUnwind
0x4210fc SetHandleCount
0x421100 GetFileType
0x421104 GetStartupInfoA
0x421108 SetFilePointer
0x42110c CloseHandle
0x421110 FreeEnvironmentStringsW
0x421114 QueryPerformanceCounter
0x421118 GetTickCount
0x42111c GetCurrentProcessId
0x421120 GetSystemTimeAsFileTime
0x421124 WideCharToMultiByte
0x421128 GetConsoleCP
0x42112c GetConsoleMode
0x421130 GetCPInfo
0x421134 GetACP
0x421138 GetOEMCP
0x42113c IsValidCodePage
0x421140 InitializeCriticalSectionAndSpinCount
0x421144 LoadLibraryA
0x421148 CreateFileA
0x42114c RaiseException
0x421150 SetStdHandle
0x421154 FlushFileBuffers
0x421158 WriteConsoleA
0x42115c MultiByteToWideChar
0x421160 LCMapStringA
0x421164 LCMapStringW
0x421168 GetStringTypeA
0x42116c GetStringTypeW
0x421170 SetEndOfFile
0x421174 GetProcessHeap
0x421178 ReadFile
EAT(Export Address Table) Library
0x401000 @SetViceVariants@12