ScreenShot
| Created | 2021.10.01 18:23 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 32 detected (Androm, malicious, high confidence, DownLoader42, Ulise, Stop, Unsafe, Save, ZexaF, Au0@aOI3L0oO, Attribute, HighConfidence, Kryptik, HMRV, FileRepMalware, ai score=89, Tnega, score, BeamWinHTTP, R443544, CLASSIC, Static AI, Malicious PE, confidence) | ||
| md5 | e679e225d76dff7f96af4a858a89d492 | ||
| sha256 | 5cc657ed35428b9d26ddfb7c9097039971d263ce605cf712b0179c73fc802ec4 | ||
| ssdeep | 6144:/Nmvwy0zRUgE/hwXwzF+EKaEUmdWOcp6dIuFPObzc9VNL:/woXzRUzwXwzF+haEh0gIuxObzc9VZ | ||
| imphash | 8476831dcd3ec87a4c86e61ca01b35a0 | ||
| impfuzzy | 48:CkaQaOGpTsoNd7G/O/xtfQAcxK9La5cyr:o4enNNG/wxtfQAcxQO5cyr | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 32 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41a000 GetCommandLineW
0x41a004 GetThreadContext
0x41a008 lstrlenA
0x41a00c InterlockedIncrement
0x41a010 GetQueuedCompletionStatus
0x41a014 GetCommState
0x41a018 GetSystemWindowsDirectoryW
0x41a01c GetProfileStringW
0x41a020 SetConsoleScreenBufferSize
0x41a024 CallNamedPipeW
0x41a028 FreeEnvironmentStringsA
0x41a02c SetTapeParameters
0x41a030 CreateNamedPipeW
0x41a034 GetCompressedFileSizeW
0x41a038 CreateActCtxW
0x41a03c FindResourceExA
0x41a040 GlobalAlloc
0x41a044 GetPrivateProfileIntA
0x41a048 GetSystemDirectoryW
0x41a04c SetFileShortNameW
0x41a050 LoadLibraryW
0x41a054 GetSystemWow64DirectoryW
0x41a058 HeapDestroy
0x41a05c CreateSemaphoreA
0x41a060 GetBinaryTypeA
0x41a064 QueryInformationJobObject
0x41a068 GetStartupInfoW
0x41a06c LCMapStringA
0x41a070 GetLastError
0x41a074 SetLastError
0x41a078 GetProcAddress
0x41a07c CreateNamedPipeA
0x41a080 SetStdHandle
0x41a084 SearchPathA
0x41a088 GetNumberFormatW
0x41a08c FindAtomA
0x41a090 GetModuleFileNameA
0x41a094 FindNextFileA
0x41a098 CreateIoCompletionPort
0x41a09c FindFirstChangeNotificationA
0x41a0a0 HeapSetInformation
0x41a0a4 GetCurrentDirectoryA
0x41a0a8 OutputDebugStringA
0x41a0ac GetCPInfoExA
0x41a0b0 FindAtomW
0x41a0b4 DeleteFileW
0x41a0b8 GetSystemTime
0x41a0bc CopyFileExA
0x41a0c0 InterlockedDecrement
0x41a0c4 DecodePointer
0x41a0c8 GetModuleHandleW
0x41a0cc ExitProcess
0x41a0d0 TerminateProcess
0x41a0d4 GetCurrentProcess
0x41a0d8 UnhandledExceptionFilter
0x41a0dc SetUnhandledExceptionFilter
0x41a0e0 IsDebuggerPresent
0x41a0e4 EncodePointer
0x41a0e8 GetModuleFileNameW
0x41a0ec WriteFile
0x41a0f0 GetStdHandle
0x41a0f4 RtlUnwind
0x41a0f8 GetACP
0x41a0fc GetOEMCP
0x41a100 GetCPInfo
0x41a104 IsValidCodePage
0x41a108 TlsAlloc
0x41a10c TlsGetValue
0x41a110 TlsSetValue
0x41a114 GetCurrentThreadId
0x41a118 TlsFree
0x41a11c QueryPerformanceCounter
0x41a120 GetTickCount
0x41a124 GetCurrentProcessId
0x41a128 GetSystemTimeAsFileTime
0x41a12c FreeEnvironmentStringsW
0x41a130 GetEnvironmentStringsW
0x41a134 SetHandleCount
0x41a138 InitializeCriticalSectionAndSpinCount
0x41a13c GetFileType
0x41a140 DeleteCriticalSection
0x41a144 HeapValidate
0x41a148 IsBadReadPtr
0x41a14c HeapCreate
0x41a150 EnterCriticalSection
0x41a154 LeaveCriticalSection
0x41a158 SetFilePointer
0x41a15c WideCharToMultiByte
0x41a160 GetConsoleCP
0x41a164 GetConsoleMode
0x41a168 WriteConsoleW
0x41a16c OutputDebugStringW
0x41a170 GetStringTypeW
0x41a174 MultiByteToWideChar
0x41a178 LCMapStringW
0x41a17c HeapAlloc
0x41a180 HeapReAlloc
0x41a184 HeapSize
0x41a188 HeapQueryInformation
0x41a18c HeapFree
0x41a190 IsProcessorFeaturePresent
0x41a194 RaiseException
0x41a198 CreateFileW
0x41a19c CloseHandle
0x41a1a0 FlushFileBuffers
EAT(Export Address Table) is none
KERNEL32.dll
0x41a000 GetCommandLineW
0x41a004 GetThreadContext
0x41a008 lstrlenA
0x41a00c InterlockedIncrement
0x41a010 GetQueuedCompletionStatus
0x41a014 GetCommState
0x41a018 GetSystemWindowsDirectoryW
0x41a01c GetProfileStringW
0x41a020 SetConsoleScreenBufferSize
0x41a024 CallNamedPipeW
0x41a028 FreeEnvironmentStringsA
0x41a02c SetTapeParameters
0x41a030 CreateNamedPipeW
0x41a034 GetCompressedFileSizeW
0x41a038 CreateActCtxW
0x41a03c FindResourceExA
0x41a040 GlobalAlloc
0x41a044 GetPrivateProfileIntA
0x41a048 GetSystemDirectoryW
0x41a04c SetFileShortNameW
0x41a050 LoadLibraryW
0x41a054 GetSystemWow64DirectoryW
0x41a058 HeapDestroy
0x41a05c CreateSemaphoreA
0x41a060 GetBinaryTypeA
0x41a064 QueryInformationJobObject
0x41a068 GetStartupInfoW
0x41a06c LCMapStringA
0x41a070 GetLastError
0x41a074 SetLastError
0x41a078 GetProcAddress
0x41a07c CreateNamedPipeA
0x41a080 SetStdHandle
0x41a084 SearchPathA
0x41a088 GetNumberFormatW
0x41a08c FindAtomA
0x41a090 GetModuleFileNameA
0x41a094 FindNextFileA
0x41a098 CreateIoCompletionPort
0x41a09c FindFirstChangeNotificationA
0x41a0a0 HeapSetInformation
0x41a0a4 GetCurrentDirectoryA
0x41a0a8 OutputDebugStringA
0x41a0ac GetCPInfoExA
0x41a0b0 FindAtomW
0x41a0b4 DeleteFileW
0x41a0b8 GetSystemTime
0x41a0bc CopyFileExA
0x41a0c0 InterlockedDecrement
0x41a0c4 DecodePointer
0x41a0c8 GetModuleHandleW
0x41a0cc ExitProcess
0x41a0d0 TerminateProcess
0x41a0d4 GetCurrentProcess
0x41a0d8 UnhandledExceptionFilter
0x41a0dc SetUnhandledExceptionFilter
0x41a0e0 IsDebuggerPresent
0x41a0e4 EncodePointer
0x41a0e8 GetModuleFileNameW
0x41a0ec WriteFile
0x41a0f0 GetStdHandle
0x41a0f4 RtlUnwind
0x41a0f8 GetACP
0x41a0fc GetOEMCP
0x41a100 GetCPInfo
0x41a104 IsValidCodePage
0x41a108 TlsAlloc
0x41a10c TlsGetValue
0x41a110 TlsSetValue
0x41a114 GetCurrentThreadId
0x41a118 TlsFree
0x41a11c QueryPerformanceCounter
0x41a120 GetTickCount
0x41a124 GetCurrentProcessId
0x41a128 GetSystemTimeAsFileTime
0x41a12c FreeEnvironmentStringsW
0x41a130 GetEnvironmentStringsW
0x41a134 SetHandleCount
0x41a138 InitializeCriticalSectionAndSpinCount
0x41a13c GetFileType
0x41a140 DeleteCriticalSection
0x41a144 HeapValidate
0x41a148 IsBadReadPtr
0x41a14c HeapCreate
0x41a150 EnterCriticalSection
0x41a154 LeaveCriticalSection
0x41a158 SetFilePointer
0x41a15c WideCharToMultiByte
0x41a160 GetConsoleCP
0x41a164 GetConsoleMode
0x41a168 WriteConsoleW
0x41a16c OutputDebugStringW
0x41a170 GetStringTypeW
0x41a174 MultiByteToWideChar
0x41a178 LCMapStringW
0x41a17c HeapAlloc
0x41a180 HeapReAlloc
0x41a184 HeapSize
0x41a188 HeapQueryInformation
0x41a18c HeapFree
0x41a190 IsProcessorFeaturePresent
0x41a194 RaiseException
0x41a198 CreateFileW
0x41a19c CloseHandle
0x41a1a0 FlushFileBuffers
EAT(Export Address Table) is none