ScreenShot
| Created | 2021.09.28 14:01 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 43 detected (Androm, malicious, high confidence, GenericKD, Save, Obfuscated, ZexaF, kq0@aKRVCbjO, Kryptik, Eldorado, Attribute, HighConfidence, HMPX, Filerepmalware, CLASSIC, Malware@#34bes1uph19ad, Emotet, LokiBot, hvbsa, kcloud, Racealer, score, SmokeLoader, R442914, ai score=100, R002H0CIR21, Static AI, Malicious PE, HMPU, Genetic, confidence, 100%) | ||
| md5 | 99a3a6cca4b9fb67453930f721dfd151 | ||
| sha256 | 8680641d5644828bf4ed6bb714bf7fc8a018748e912b56745875e471e136c953 | ||
| ssdeep | 1536:PJwDItYBZDv8wsPuGNTePomiGfDO/f/6J1kODV8Q5XBA26P5V+N5Z1i2pplF/9PB:PA6YB5JKNq3iYO/X6r8HP5Vy7A2F0O | ||
| imphash | 1193224d221249fb1dfab2aba14a315c | ||
| impfuzzy | 24:PqewOovrN+sdv/DHFJOrab2vylbFPRv9GtdklMVv8TJ3IjT4zlLHjMn09n3p+:Pb/Q8a+rIr9Gtd1WMczdNn5+ | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x418010 MapUserPhysicalPages
0x418014 UpdateResourceA
0x418018 InterlockedIncrement
0x41801c SetEvent
0x418020 OpenSemaphoreA
0x418024 GetSystemTimeAsFileTime
0x418028 GetCommandLineA
0x41802c WriteFileGather
0x418030 CreateActCtxW
0x418034 EnumResourceTypesA
0x418038 GetEnvironmentStrings
0x41803c GlobalAlloc
0x418040 SizeofResource
0x418044 LeaveCriticalSection
0x418048 GetFileAttributesA
0x41804c FindNextVolumeW
0x418050 GetLocaleInfoA
0x418054 GetDevicePowerState
0x418058 GetProcAddress
0x41805c HeapSize
0x418060 VerLanguageNameA
0x418064 RemoveDirectoryA
0x418068 GlobalGetAtomNameA
0x41806c PrepareTape
0x418070 WriteConsoleA
0x418074 GetProcessId
0x418078 WaitForMultipleObjects
0x41807c GetModuleFileNameA
0x418080 GetModuleHandleA
0x418084 ReleaseMutex
0x418088 EndUpdateResourceA
0x41808c FindFirstVolumeW
0x418090 AddConsoleAliasA
0x418094 lstrcpyW
0x418098 ReadFile
0x41809c HeapReAlloc
0x4180a0 GetLastError
0x4180a4 HeapAlloc
0x4180a8 GetStartupInfoA
0x4180ac SetHandleCount
0x4180b0 GetStdHandle
0x4180b4 GetFileType
0x4180b8 DeleteCriticalSection
0x4180bc SetFilePointer
0x4180c0 TerminateProcess
0x4180c4 GetCurrentProcess
0x4180c8 UnhandledExceptionFilter
0x4180cc SetUnhandledExceptionFilter
0x4180d0 IsDebuggerPresent
0x4180d4 EnterCriticalSection
0x4180d8 HeapCreate
0x4180dc VirtualFree
0x4180e0 HeapFree
0x4180e4 VirtualAlloc
0x4180e8 GetModuleHandleW
0x4180ec Sleep
0x4180f0 ExitProcess
0x4180f4 WriteFile
0x4180f8 FreeEnvironmentStringsA
0x4180fc FreeEnvironmentStringsW
0x418100 WideCharToMultiByte
0x418104 GetEnvironmentStringsW
0x418108 TlsGetValue
0x41810c TlsAlloc
0x418110 TlsSetValue
0x418114 TlsFree
0x418118 SetLastError
0x41811c GetCurrentThreadId
0x418120 InterlockedDecrement
0x418124 QueryPerformanceCounter
0x418128 GetTickCount
0x41812c GetCurrentProcessId
0x418130 InitializeCriticalSectionAndSpinCount
0x418134 SetStdHandle
0x418138 RtlUnwind
0x41813c GetConsoleCP
0x418140 GetConsoleMode
0x418144 FlushFileBuffers
0x418148 LoadLibraryA
0x41814c GetCPInfo
0x418150 GetACP
0x418154 GetOEMCP
0x418158 IsValidCodePage
0x41815c GetConsoleOutputCP
0x418160 WriteConsoleW
0x418164 MultiByteToWideChar
0x418168 LCMapStringA
0x41816c LCMapStringW
0x418170 GetStringTypeA
0x418174 GetStringTypeW
0x418178 CloseHandle
0x41817c CreateFileA
USER32.dll
0x418184 GetCursorPos
GDI32.dll
0x418008 GetCharWidthFloatA
ADVAPI32.dll
0x418000 DeregisterEventSource
EAT(Export Address Table) Library
0x401000 @SetFirstEverVice@8
KERNEL32.dll
0x418010 MapUserPhysicalPages
0x418014 UpdateResourceA
0x418018 InterlockedIncrement
0x41801c SetEvent
0x418020 OpenSemaphoreA
0x418024 GetSystemTimeAsFileTime
0x418028 GetCommandLineA
0x41802c WriteFileGather
0x418030 CreateActCtxW
0x418034 EnumResourceTypesA
0x418038 GetEnvironmentStrings
0x41803c GlobalAlloc
0x418040 SizeofResource
0x418044 LeaveCriticalSection
0x418048 GetFileAttributesA
0x41804c FindNextVolumeW
0x418050 GetLocaleInfoA
0x418054 GetDevicePowerState
0x418058 GetProcAddress
0x41805c HeapSize
0x418060 VerLanguageNameA
0x418064 RemoveDirectoryA
0x418068 GlobalGetAtomNameA
0x41806c PrepareTape
0x418070 WriteConsoleA
0x418074 GetProcessId
0x418078 WaitForMultipleObjects
0x41807c GetModuleFileNameA
0x418080 GetModuleHandleA
0x418084 ReleaseMutex
0x418088 EndUpdateResourceA
0x41808c FindFirstVolumeW
0x418090 AddConsoleAliasA
0x418094 lstrcpyW
0x418098 ReadFile
0x41809c HeapReAlloc
0x4180a0 GetLastError
0x4180a4 HeapAlloc
0x4180a8 GetStartupInfoA
0x4180ac SetHandleCount
0x4180b0 GetStdHandle
0x4180b4 GetFileType
0x4180b8 DeleteCriticalSection
0x4180bc SetFilePointer
0x4180c0 TerminateProcess
0x4180c4 GetCurrentProcess
0x4180c8 UnhandledExceptionFilter
0x4180cc SetUnhandledExceptionFilter
0x4180d0 IsDebuggerPresent
0x4180d4 EnterCriticalSection
0x4180d8 HeapCreate
0x4180dc VirtualFree
0x4180e0 HeapFree
0x4180e4 VirtualAlloc
0x4180e8 GetModuleHandleW
0x4180ec Sleep
0x4180f0 ExitProcess
0x4180f4 WriteFile
0x4180f8 FreeEnvironmentStringsA
0x4180fc FreeEnvironmentStringsW
0x418100 WideCharToMultiByte
0x418104 GetEnvironmentStringsW
0x418108 TlsGetValue
0x41810c TlsAlloc
0x418110 TlsSetValue
0x418114 TlsFree
0x418118 SetLastError
0x41811c GetCurrentThreadId
0x418120 InterlockedDecrement
0x418124 QueryPerformanceCounter
0x418128 GetTickCount
0x41812c GetCurrentProcessId
0x418130 InitializeCriticalSectionAndSpinCount
0x418134 SetStdHandle
0x418138 RtlUnwind
0x41813c GetConsoleCP
0x418140 GetConsoleMode
0x418144 FlushFileBuffers
0x418148 LoadLibraryA
0x41814c GetCPInfo
0x418150 GetACP
0x418154 GetOEMCP
0x418158 IsValidCodePage
0x41815c GetConsoleOutputCP
0x418160 WriteConsoleW
0x418164 MultiByteToWideChar
0x418168 LCMapStringA
0x41816c LCMapStringW
0x418170 GetStringTypeA
0x418174 GetStringTypeW
0x418178 CloseHandle
0x41817c CreateFileA
USER32.dll
0x418184 GetCursorPos
GDI32.dll
0x418008 GetCharWidthFloatA
ADVAPI32.dll
0x418000 DeregisterEventSource
EAT(Export Address Table) Library
0x401000 @SetFirstEverVice@8