ScreenShot
| Created | 2021.10.01 09:33 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, ZexaF, pq0@aeKvtalO, Kryptik, Eldorado, Attribute, HighConfidence, Generic@ML, RDML, MhTLCn4kNzPIYAQx0f8JnA, Emotet, UrSnif, StopCrypt, score, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | a0251851e3f228572dd892e7005d5126 | ||
| sha256 | 2b0adb1ba45e7ea11b27618151f3a185ce653c81235ab523dce4292403f99ac0 | ||
| ssdeep | 3072:ySwNkENqCtq7vgNw+N3MGTE715yyrcPI1ZewDVoe5RHZFS4sz:ySJENqCt0vgNtyFqccPI1noe5R+ | ||
| imphash | ca5041463b2dd933d009ca1aebe1423c | ||
| impfuzzy | 24:ypec0ZajpoOovFvKOdv/DoFpO+IFylV2+fjlRt2M+uJqJ36yvEFQOTl5l9wjMlMT:yKZAcy4f+Y6w+f/t2M+wKjcTaT | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x420000 GetLocaleInfoA
0x420004 MapUserPhysicalPages
0x420008 LoadResource
0x42000c HeapAlloc
0x420010 EndUpdateResourceW
0x420014 InterlockedDecrement
0x420018 GetCurrentProcess
0x42001c GetEnvironmentStringsW
0x420020 GetUserDefaultLCID
0x420024 WaitForSingleObject
0x420028 AddConsoleAliasW
0x42002c SetEvent
0x420030 GetCommandLineA
0x420034 CreateActCtxW
0x420038 GlobalAlloc
0x42003c ReadFileScatter
0x420040 LeaveCriticalSection
0x420044 FindNextVolumeW
0x420048 GetFileAttributesW
0x42004c WriteConsoleW
0x420050 GetDevicePowerState
0x420054 GetProcAddress
0x420058 VerLanguageNameA
0x42005c RemoveDirectoryA
0x420060 PrepareTape
0x420064 GetProcessId
0x420068 EnumResourceTypesW
0x42006c GetModuleFileNameA
0x420070 GetModuleHandleA
0x420074 ReleaseMutex
0x420078 LocalSize
0x42007c FindFirstVolumeW
0x420080 GetCurrentProcessId
0x420084 FindNextVolumeA
0x420088 lstrcpyW
0x42008c CreateFileA
0x420090 CloseHandle
0x420094 InterlockedIncrement
0x420098 Sleep
0x42009c InitializeCriticalSection
0x4200a0 DeleteCriticalSection
0x4200a4 EnterCriticalSection
0x4200a8 GetLastError
0x4200ac HeapFree
0x4200b0 TerminateProcess
0x4200b4 UnhandledExceptionFilter
0x4200b8 SetUnhandledExceptionFilter
0x4200bc IsDebuggerPresent
0x4200c0 GetStartupInfoA
0x4200c4 RtlUnwind
0x4200c8 RaiseException
0x4200cc LCMapStringA
0x4200d0 WideCharToMultiByte
0x4200d4 MultiByteToWideChar
0x4200d8 LCMapStringW
0x4200dc GetCPInfo
0x4200e0 HeapCreate
0x4200e4 VirtualFree
0x4200e8 VirtualAlloc
0x4200ec HeapReAlloc
0x4200f0 GetModuleHandleW
0x4200f4 ExitProcess
0x4200f8 WriteFile
0x4200fc GetStdHandle
0x420100 TlsGetValue
0x420104 TlsAlloc
0x420108 TlsSetValue
0x42010c TlsFree
0x420110 SetLastError
0x420114 GetCurrentThreadId
0x420118 SetHandleCount
0x42011c GetFileType
0x420120 SetFilePointer
0x420124 FreeEnvironmentStringsA
0x420128 GetEnvironmentStrings
0x42012c FreeEnvironmentStringsW
0x420130 QueryPerformanceCounter
0x420134 GetTickCount
0x420138 GetSystemTimeAsFileTime
0x42013c HeapSize
0x420140 GetACP
0x420144 GetOEMCP
0x420148 IsValidCodePage
0x42014c EnumSystemLocalesA
0x420150 IsValidLocale
0x420154 GetStringTypeA
0x420158 GetStringTypeW
0x42015c InitializeCriticalSectionAndSpinCount
0x420160 LoadLibraryA
0x420164 SetStdHandle
0x420168 GetConsoleCP
0x42016c GetConsoleMode
0x420170 FlushFileBuffers
0x420174 GetLocaleInfoW
0x420178 WriteConsoleA
0x42017c GetConsoleOutputCP
USER32.dll
0x420184 SetCursorPos
EAT(Export Address Table) Library
0x401645 @SetFirstVice@8
0x401650 @SetViceVariants@12
KERNEL32.dll
0x420000 GetLocaleInfoA
0x420004 MapUserPhysicalPages
0x420008 LoadResource
0x42000c HeapAlloc
0x420010 EndUpdateResourceW
0x420014 InterlockedDecrement
0x420018 GetCurrentProcess
0x42001c GetEnvironmentStringsW
0x420020 GetUserDefaultLCID
0x420024 WaitForSingleObject
0x420028 AddConsoleAliasW
0x42002c SetEvent
0x420030 GetCommandLineA
0x420034 CreateActCtxW
0x420038 GlobalAlloc
0x42003c ReadFileScatter
0x420040 LeaveCriticalSection
0x420044 FindNextVolumeW
0x420048 GetFileAttributesW
0x42004c WriteConsoleW
0x420050 GetDevicePowerState
0x420054 GetProcAddress
0x420058 VerLanguageNameA
0x42005c RemoveDirectoryA
0x420060 PrepareTape
0x420064 GetProcessId
0x420068 EnumResourceTypesW
0x42006c GetModuleFileNameA
0x420070 GetModuleHandleA
0x420074 ReleaseMutex
0x420078 LocalSize
0x42007c FindFirstVolumeW
0x420080 GetCurrentProcessId
0x420084 FindNextVolumeA
0x420088 lstrcpyW
0x42008c CreateFileA
0x420090 CloseHandle
0x420094 InterlockedIncrement
0x420098 Sleep
0x42009c InitializeCriticalSection
0x4200a0 DeleteCriticalSection
0x4200a4 EnterCriticalSection
0x4200a8 GetLastError
0x4200ac HeapFree
0x4200b0 TerminateProcess
0x4200b4 UnhandledExceptionFilter
0x4200b8 SetUnhandledExceptionFilter
0x4200bc IsDebuggerPresent
0x4200c0 GetStartupInfoA
0x4200c4 RtlUnwind
0x4200c8 RaiseException
0x4200cc LCMapStringA
0x4200d0 WideCharToMultiByte
0x4200d4 MultiByteToWideChar
0x4200d8 LCMapStringW
0x4200dc GetCPInfo
0x4200e0 HeapCreate
0x4200e4 VirtualFree
0x4200e8 VirtualAlloc
0x4200ec HeapReAlloc
0x4200f0 GetModuleHandleW
0x4200f4 ExitProcess
0x4200f8 WriteFile
0x4200fc GetStdHandle
0x420100 TlsGetValue
0x420104 TlsAlloc
0x420108 TlsSetValue
0x42010c TlsFree
0x420110 SetLastError
0x420114 GetCurrentThreadId
0x420118 SetHandleCount
0x42011c GetFileType
0x420120 SetFilePointer
0x420124 FreeEnvironmentStringsA
0x420128 GetEnvironmentStrings
0x42012c FreeEnvironmentStringsW
0x420130 QueryPerformanceCounter
0x420134 GetTickCount
0x420138 GetSystemTimeAsFileTime
0x42013c HeapSize
0x420140 GetACP
0x420144 GetOEMCP
0x420148 IsValidCodePage
0x42014c EnumSystemLocalesA
0x420150 IsValidLocale
0x420154 GetStringTypeA
0x420158 GetStringTypeW
0x42015c InitializeCriticalSectionAndSpinCount
0x420160 LoadLibraryA
0x420164 SetStdHandle
0x420168 GetConsoleCP
0x42016c GetConsoleMode
0x420170 FlushFileBuffers
0x420174 GetLocaleInfoW
0x420178 WriteConsoleA
0x42017c GetConsoleOutputCP
USER32.dll
0x420184 SetCursorPos
EAT(Export Address Table) Library
0x401645 @SetFirstVice@8
0x401650 @SetViceVariants@12