ScreenShot
| Created | 2021.10.01 09:26 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 28 detected (Jorik, m7pK, malicious, high confidence, Unsafe, Save, confidence, ZexaF, puW@aK, w@YkO, Eldorado, Attribute, HighConfidence, Kryptik, HMRO, CLASSIC, Sabsik, score, BScope, Static AI, Suspicious PE, HMRM) | ||
| md5 | 18e6b6c1a6f3f7aaa2be58edaa8c1121 | ||
| sha256 | 137db6baaee41625a255900d2e76eb3c42575398bf06b92e2a0ef50a40305cc1 | ||
| ssdeep | 3072:vTOpv191RkD/Xa4BtPoQD0aLC7yDzbatkOzXn907k8BzMBpY8hLV3LJE:vTiv8D/XTPoQzmkuwg88hLX | ||
| imphash | 1f41e0ca4ea9e1d12338209135b5bab4 | ||
| impfuzzy | 48:XydaO5JQSXcdbQFvOlqvxtTV8PK9LaTcEa3r:XyzPhXcZQFvUwxtTV8PQOTcEa3r | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x419008 lstrlenA
0x41900c CopyFileExW
0x419010 FreeLibrary
0x419014 InterlockedIncrement
0x419018 GetQueuedCompletionStatus
0x41901c GetCommState
0x419020 GetProfileStringW
0x419024 CallNamedPipeW
0x419028 GetNumberFormatA
0x41902c FindResourceExA
0x419030 GlobalAlloc
0x419034 GetPrivateProfileIntA
0x419038 GetSystemDirectoryW
0x41903c SetFileShortNameW
0x419040 GetVolumeInformationA
0x419044 LoadLibraryW
0x419048 GetSystemWow64DirectoryW
0x41904c GetSystemWindowsDirectoryA
0x419050 HeapDestroy
0x419054 GetBinaryTypeA
0x419058 GetCompressedFileSizeA
0x41905c CreateActCtxA
0x419060 GetStartupInfoW
0x419064 GetThreadContext
0x419068 SetThreadLocale
0x41906c GetStdHandle
0x419070 GetCPInfoExW
0x419074 GetLastError
0x419078 SetLastError
0x41907c GetProcAddress
0x419080 CreateNamedPipeA
0x419084 SearchPathA
0x419088 LoadLibraryA
0x41908c CreateSemaphoreW
0x419090 FindAtomA
0x419094 SetSystemTime
0x419098 GetModuleFileNameA
0x41909c FindNextFileA
0x4190a0 CreateIoCompletionPort
0x4190a4 FindFirstChangeNotificationA
0x4190a8 HeapSetInformation
0x4190ac FreeEnvironmentStringsW
0x4190b0 GetCurrentDirectoryA
0x4190b4 TerminateJobObject
0x4190b8 FindAtomW
0x4190bc UnregisterWaitEx
0x4190c0 DeleteFileA
0x4190c4 LCMapStringA
0x4190c8 GetCommandLineW
0x4190cc CloseHandle
0x4190d0 CreateFileW
0x4190d4 InterlockedDecrement
0x4190d8 DecodePointer
0x4190dc GetModuleHandleW
0x4190e0 ExitProcess
0x4190e4 TerminateProcess
0x4190e8 GetCurrentProcess
0x4190ec UnhandledExceptionFilter
0x4190f0 SetUnhandledExceptionFilter
0x4190f4 IsDebuggerPresent
0x4190f8 EncodePointer
0x4190fc GetModuleFileNameW
0x419100 WriteFile
0x419104 QueryPerformanceCounter
0x419108 GetTickCount
0x41910c GetCurrentThreadId
0x419110 GetCurrentProcessId
0x419114 GetSystemTimeAsFileTime
0x419118 GetEnvironmentStringsW
0x41911c SetHandleCount
0x419120 InitializeCriticalSectionAndSpinCount
0x419124 GetFileType
0x419128 DeleteCriticalSection
0x41912c HeapValidate
0x419130 IsBadReadPtr
0x419134 TlsAlloc
0x419138 TlsGetValue
0x41913c TlsSetValue
0x419140 TlsFree
0x419144 HeapCreate
0x419148 GetACP
0x41914c GetOEMCP
0x419150 GetCPInfo
0x419154 IsValidCodePage
0x419158 EnterCriticalSection
0x41915c LeaveCriticalSection
0x419160 HeapAlloc
0x419164 HeapReAlloc
0x419168 HeapSize
0x41916c HeapQueryInformation
0x419170 HeapFree
0x419174 RtlUnwind
0x419178 WideCharToMultiByte
0x41917c LCMapStringW
0x419180 MultiByteToWideChar
0x419184 GetStringTypeW
0x419188 OutputDebugStringA
0x41918c WriteConsoleW
0x419190 OutputDebugStringW
0x419194 IsProcessorFeaturePresent
0x419198 SetFilePointer
0x41919c GetConsoleCP
0x4191a0 GetConsoleMode
0x4191a4 RaiseException
0x4191a8 SetStdHandle
0x4191ac FlushFileBuffers
ADVAPI32.dll
0x419000 AbortSystemShutdownA
WINHTTP.dll
0x4191b4 WinHttpOpen
EAT(Export Address Table) is none
KERNEL32.dll
0x419008 lstrlenA
0x41900c CopyFileExW
0x419010 FreeLibrary
0x419014 InterlockedIncrement
0x419018 GetQueuedCompletionStatus
0x41901c GetCommState
0x419020 GetProfileStringW
0x419024 CallNamedPipeW
0x419028 GetNumberFormatA
0x41902c FindResourceExA
0x419030 GlobalAlloc
0x419034 GetPrivateProfileIntA
0x419038 GetSystemDirectoryW
0x41903c SetFileShortNameW
0x419040 GetVolumeInformationA
0x419044 LoadLibraryW
0x419048 GetSystemWow64DirectoryW
0x41904c GetSystemWindowsDirectoryA
0x419050 HeapDestroy
0x419054 GetBinaryTypeA
0x419058 GetCompressedFileSizeA
0x41905c CreateActCtxA
0x419060 GetStartupInfoW
0x419064 GetThreadContext
0x419068 SetThreadLocale
0x41906c GetStdHandle
0x419070 GetCPInfoExW
0x419074 GetLastError
0x419078 SetLastError
0x41907c GetProcAddress
0x419080 CreateNamedPipeA
0x419084 SearchPathA
0x419088 LoadLibraryA
0x41908c CreateSemaphoreW
0x419090 FindAtomA
0x419094 SetSystemTime
0x419098 GetModuleFileNameA
0x41909c FindNextFileA
0x4190a0 CreateIoCompletionPort
0x4190a4 FindFirstChangeNotificationA
0x4190a8 HeapSetInformation
0x4190ac FreeEnvironmentStringsW
0x4190b0 GetCurrentDirectoryA
0x4190b4 TerminateJobObject
0x4190b8 FindAtomW
0x4190bc UnregisterWaitEx
0x4190c0 DeleteFileA
0x4190c4 LCMapStringA
0x4190c8 GetCommandLineW
0x4190cc CloseHandle
0x4190d0 CreateFileW
0x4190d4 InterlockedDecrement
0x4190d8 DecodePointer
0x4190dc GetModuleHandleW
0x4190e0 ExitProcess
0x4190e4 TerminateProcess
0x4190e8 GetCurrentProcess
0x4190ec UnhandledExceptionFilter
0x4190f0 SetUnhandledExceptionFilter
0x4190f4 IsDebuggerPresent
0x4190f8 EncodePointer
0x4190fc GetModuleFileNameW
0x419100 WriteFile
0x419104 QueryPerformanceCounter
0x419108 GetTickCount
0x41910c GetCurrentThreadId
0x419110 GetCurrentProcessId
0x419114 GetSystemTimeAsFileTime
0x419118 GetEnvironmentStringsW
0x41911c SetHandleCount
0x419120 InitializeCriticalSectionAndSpinCount
0x419124 GetFileType
0x419128 DeleteCriticalSection
0x41912c HeapValidate
0x419130 IsBadReadPtr
0x419134 TlsAlloc
0x419138 TlsGetValue
0x41913c TlsSetValue
0x419140 TlsFree
0x419144 HeapCreate
0x419148 GetACP
0x41914c GetOEMCP
0x419150 GetCPInfo
0x419154 IsValidCodePage
0x419158 EnterCriticalSection
0x41915c LeaveCriticalSection
0x419160 HeapAlloc
0x419164 HeapReAlloc
0x419168 HeapSize
0x41916c HeapQueryInformation
0x419170 HeapFree
0x419174 RtlUnwind
0x419178 WideCharToMultiByte
0x41917c LCMapStringW
0x419180 MultiByteToWideChar
0x419184 GetStringTypeW
0x419188 OutputDebugStringA
0x41918c WriteConsoleW
0x419190 OutputDebugStringW
0x419194 IsProcessorFeaturePresent
0x419198 SetFilePointer
0x41919c GetConsoleCP
0x4191a0 GetConsoleMode
0x4191a4 RaiseException
0x4191a8 SetStdHandle
0x4191ac FlushFileBuffers
ADVAPI32.dll
0x419000 AbortSystemShutdownA
WINHTTP.dll
0x4191b4 WinHttpOpen
EAT(Export Address Table) is none