ScreenShot
| Created | 2021.09.23 09:19 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | |||
| md5 | 78655ced01a57dc43915294cc1e5d887 | ||
| sha256 | 743c70dfe6a3c6ac792aaebdab51152694b391cee6d81d6b9f7932bff13db9a4 | ||
| ssdeep | 3072:rE5Irk9Ej2q9zh/v1VQGZKq1+jAAJ492K15+80gwhX:rrj2m1/vnQM9m80g | ||
| imphash | b423274974f58a1d1a63a5242c6dcf99 | ||
| impfuzzy | 24:Qd4BrjrZWbOov26dv8e5DoYYvmur5rAKG1tD2wA+yvEFQh/J3vT42l9wjMynNp1G:ldZWqfUDYOIr3G1tSPH5vc2enhG | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41e008 GetLocaleInfoA
0x41e00c LoadResource
0x41e010 EndUpdateResourceW
0x41e014 InterlockedDecrement
0x41e018 GlobalSize
0x41e01c GetEnvironmentStringsW
0x41e020 WaitForSingleObject
0x41e024 SetEvent
0x41e028 GetSystemDefaultLCID
0x41e02c ReadConsoleW
0x41e030 FindActCtxSectionStringA
0x41e034 GetCommandLineA
0x41e038 GlobalAlloc
0x41e03c LeaveCriticalSection
0x41e040 GetModuleFileNameW
0x41e044 GetDevicePowerState
0x41e048 ReleaseSemaphore
0x41e04c GetConsoleOutputCP
0x41e050 GetProcAddress
0x41e054 VerLanguageNameA
0x41e058 EnterCriticalSection
0x41e05c WriteConsoleA
0x41e060 GetProcessId
0x41e064 LockResource
0x41e068 BeginUpdateResourceA
0x41e06c GlobalGetAtomNameW
0x41e070 SetSystemTime
0x41e074 EnumResourceTypesW
0x41e078 GetModuleFileNameA
0x41e07c GetModuleHandleA
0x41e080 EraseTape
0x41e084 FindFirstVolumeW
0x41e088 AddConsoleAliasA
0x41e08c lstrcpyA
0x41e090 GetSystemDefaultLangID
0x41e094 HeapAlloc
0x41e098 GetLastError
0x41e09c HeapReAlloc
0x41e0a0 GetStartupInfoA
0x41e0a4 RaiseException
0x41e0a8 RtlUnwind
0x41e0ac TerminateProcess
0x41e0b0 GetCurrentProcess
0x41e0b4 UnhandledExceptionFilter
0x41e0b8 SetUnhandledExceptionFilter
0x41e0bc IsDebuggerPresent
0x41e0c0 HeapFree
0x41e0c4 DeleteCriticalSection
0x41e0c8 VirtualFree
0x41e0cc VirtualAlloc
0x41e0d0 HeapCreate
0x41e0d4 GetModuleHandleW
0x41e0d8 Sleep
0x41e0dc ExitProcess
0x41e0e0 WriteFile
0x41e0e4 GetStdHandle
0x41e0e8 SetHandleCount
0x41e0ec GetFileType
0x41e0f0 SetFilePointer
0x41e0f4 FreeEnvironmentStringsA
0x41e0f8 GetEnvironmentStrings
0x41e0fc FreeEnvironmentStringsW
0x41e100 WideCharToMultiByte
0x41e104 TlsGetValue
0x41e108 TlsAlloc
0x41e10c TlsSetValue
0x41e110 TlsFree
0x41e114 InterlockedIncrement
0x41e118 SetLastError
0x41e11c GetCurrentThreadId
0x41e120 QueryPerformanceCounter
0x41e124 GetTickCount
0x41e128 GetCurrentProcessId
0x41e12c GetSystemTimeAsFileTime
0x41e130 InitializeCriticalSectionAndSpinCount
0x41e134 LoadLibraryA
0x41e138 SetStdHandle
0x41e13c GetConsoleCP
0x41e140 GetConsoleMode
0x41e144 FlushFileBuffers
0x41e148 HeapSize
0x41e14c GetCPInfo
0x41e150 GetACP
0x41e154 GetOEMCP
0x41e158 IsValidCodePage
0x41e15c WriteConsoleW
0x41e160 MultiByteToWideChar
0x41e164 LCMapStringA
0x41e168 LCMapStringW
0x41e16c GetStringTypeA
0x41e170 GetStringTypeW
0x41e174 CloseHandle
0x41e178 CreateFileA
USER32.dll
0x41e180 RealChildWindowFromPoint
GDI32.dll
0x41e000 GetCharWidth32A
EAT(Export Address Table) is none
KERNEL32.dll
0x41e008 GetLocaleInfoA
0x41e00c LoadResource
0x41e010 EndUpdateResourceW
0x41e014 InterlockedDecrement
0x41e018 GlobalSize
0x41e01c GetEnvironmentStringsW
0x41e020 WaitForSingleObject
0x41e024 SetEvent
0x41e028 GetSystemDefaultLCID
0x41e02c ReadConsoleW
0x41e030 FindActCtxSectionStringA
0x41e034 GetCommandLineA
0x41e038 GlobalAlloc
0x41e03c LeaveCriticalSection
0x41e040 GetModuleFileNameW
0x41e044 GetDevicePowerState
0x41e048 ReleaseSemaphore
0x41e04c GetConsoleOutputCP
0x41e050 GetProcAddress
0x41e054 VerLanguageNameA
0x41e058 EnterCriticalSection
0x41e05c WriteConsoleA
0x41e060 GetProcessId
0x41e064 LockResource
0x41e068 BeginUpdateResourceA
0x41e06c GlobalGetAtomNameW
0x41e070 SetSystemTime
0x41e074 EnumResourceTypesW
0x41e078 GetModuleFileNameA
0x41e07c GetModuleHandleA
0x41e080 EraseTape
0x41e084 FindFirstVolumeW
0x41e088 AddConsoleAliasA
0x41e08c lstrcpyA
0x41e090 GetSystemDefaultLangID
0x41e094 HeapAlloc
0x41e098 GetLastError
0x41e09c HeapReAlloc
0x41e0a0 GetStartupInfoA
0x41e0a4 RaiseException
0x41e0a8 RtlUnwind
0x41e0ac TerminateProcess
0x41e0b0 GetCurrentProcess
0x41e0b4 UnhandledExceptionFilter
0x41e0b8 SetUnhandledExceptionFilter
0x41e0bc IsDebuggerPresent
0x41e0c0 HeapFree
0x41e0c4 DeleteCriticalSection
0x41e0c8 VirtualFree
0x41e0cc VirtualAlloc
0x41e0d0 HeapCreate
0x41e0d4 GetModuleHandleW
0x41e0d8 Sleep
0x41e0dc ExitProcess
0x41e0e0 WriteFile
0x41e0e4 GetStdHandle
0x41e0e8 SetHandleCount
0x41e0ec GetFileType
0x41e0f0 SetFilePointer
0x41e0f4 FreeEnvironmentStringsA
0x41e0f8 GetEnvironmentStrings
0x41e0fc FreeEnvironmentStringsW
0x41e100 WideCharToMultiByte
0x41e104 TlsGetValue
0x41e108 TlsAlloc
0x41e10c TlsSetValue
0x41e110 TlsFree
0x41e114 InterlockedIncrement
0x41e118 SetLastError
0x41e11c GetCurrentThreadId
0x41e120 QueryPerformanceCounter
0x41e124 GetTickCount
0x41e128 GetCurrentProcessId
0x41e12c GetSystemTimeAsFileTime
0x41e130 InitializeCriticalSectionAndSpinCount
0x41e134 LoadLibraryA
0x41e138 SetStdHandle
0x41e13c GetConsoleCP
0x41e140 GetConsoleMode
0x41e144 FlushFileBuffers
0x41e148 HeapSize
0x41e14c GetCPInfo
0x41e150 GetACP
0x41e154 GetOEMCP
0x41e158 IsValidCodePage
0x41e15c WriteConsoleW
0x41e160 MultiByteToWideChar
0x41e164 LCMapStringA
0x41e168 LCMapStringW
0x41e16c GetStringTypeA
0x41e170 GetStringTypeW
0x41e174 CloseHandle
0x41e178 CreateFileA
USER32.dll
0x41e180 RealChildWindowFromPoint
GDI32.dll
0x41e000 GetCharWidth32A
EAT(Export Address Table) is none