ScreenShot
| Created | 2021.10.04 18:36 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (malicious, high confidence, Unsafe, Save, confidence, 100%, Kryptik, Eldorado, Attribute, HighConfidence, score, Androm, Jaik, Generic@ML, RDML, BNfUBZJIGhbAK9eRKBaT3g, MultiPlug, Static AI, Malicious PE, Sabsik, ai score=81, ZexaF, sq0@ae8FHYei) | ||
| md5 | 80deb4864d3e01ae76b938925eabe622 | ||
| sha256 | f50897115f10331d6e9d08e5366e7f60d743a49edc550d1b087735733e36c9f7 | ||
| ssdeep | 6144:YPWe8L7O132mpFNoq2Jc22ROhxxpeTr/ekI:De8fO133kqeLDzxp6L | ||
| imphash | ea6e9add4feec4142f4eaf80b256f47a | ||
| impfuzzy | 24:UokFQOovFPh71SFdED8SL7uJXOaV4wly1R+fjlntsMZ6LJ3NQuOZyvuTzZrnlejq:1AcPhwdJO2U+fRtsMZINsuuXZ7V | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424000 HeapReAlloc
0x424004 GlobalDeleteAtom
0x424008 GetLocaleInfoA
0x42400c InterlockedIncrement
0x424010 GetQueuedCompletionStatus
0x424014 ReadConsoleA
0x424018 GetEnvironmentStringsW
0x42401c SetEvent
0x424020 GetCommandLineA
0x424024 CreateActCtxW
0x424028 GlobalAlloc
0x42402c CopyFileW
0x424030 FreeConsole
0x424034 LeaveCriticalSection
0x424038 HeapCreate
0x42403c FindNextVolumeW
0x424040 GetFileAttributesW
0x424044 GetModuleFileNameW
0x424048 lstrlenW
0x42404c SetConsoleTitleA
0x424050 FlushFileBuffers
0x424054 DeactivateActCtx
0x424058 InterlockedExchange
0x42405c GetProcAddress
0x424060 BeginUpdateResourceW
0x424064 RemoveDirectoryA
0x424068 VerLanguageNameW
0x42406c WriteConsoleA
0x424070 LocalAlloc
0x424074 SetConsoleWindowInfo
0x424078 GetTapeParameters
0x42407c SetEnvironmentVariableA
0x424080 SetConsoleTitleW
0x424084 GetModuleHandleA
0x424088 EraseTape
0x42408c VirtualProtect
0x424090 EndUpdateResourceA
0x424094 FindFirstVolumeW
0x424098 GetCurrentProcessId
0x42409c GetPrivateProfileSectionW
0x4240a0 FindNextVolumeA
0x4240a4 lstrcpyW
0x4240a8 CreateFileA
0x4240ac WideCharToMultiByte
0x4240b0 InterlockedDecrement
0x4240b4 InterlockedCompareExchange
0x4240b8 MultiByteToWideChar
0x4240bc Sleep
0x4240c0 InitializeCriticalSection
0x4240c4 DeleteCriticalSection
0x4240c8 EnterCriticalSection
0x4240cc GetLastError
0x4240d0 HeapFree
0x4240d4 TerminateProcess
0x4240d8 GetCurrentProcess
0x4240dc UnhandledExceptionFilter
0x4240e0 SetUnhandledExceptionFilter
0x4240e4 IsDebuggerPresent
0x4240e8 HeapAlloc
0x4240ec GetStartupInfoW
0x4240f0 GetCPInfo
0x4240f4 RtlUnwind
0x4240f8 RaiseException
0x4240fc LCMapStringW
0x424100 LCMapStringA
0x424104 GetStringTypeW
0x424108 VirtualFree
0x42410c VirtualAlloc
0x424110 GetModuleHandleW
0x424114 TlsGetValue
0x424118 TlsAlloc
0x42411c TlsSetValue
0x424120 TlsFree
0x424124 SetLastError
0x424128 GetCurrentThreadId
0x42412c SetFilePointer
0x424130 CloseHandle
0x424134 ExitProcess
0x424138 WriteFile
0x42413c GetStdHandle
0x424140 GetModuleFileNameA
0x424144 FreeEnvironmentStringsW
0x424148 GetCommandLineW
0x42414c SetHandleCount
0x424150 GetFileType
0x424154 GetStartupInfoA
0x424158 QueryPerformanceCounter
0x42415c GetTickCount
0x424160 GetSystemTimeAsFileTime
0x424164 GetStringTypeA
0x424168 HeapSize
0x42416c GetACP
0x424170 GetOEMCP
0x424174 IsValidCodePage
0x424178 GetUserDefaultLCID
0x42417c EnumSystemLocalesA
0x424180 IsValidLocale
0x424184 InitializeCriticalSectionAndSpinCount
0x424188 SetStdHandle
0x42418c GetConsoleCP
0x424190 GetConsoleMode
0x424194 LoadLibraryA
0x424198 GetLocaleInfoW
0x42419c GetConsoleOutputCP
0x4241a0 WriteConsoleW
EAT(Export Address Table) Library
0x401763 @GetFirstVice@8
KERNEL32.dll
0x424000 HeapReAlloc
0x424004 GlobalDeleteAtom
0x424008 GetLocaleInfoA
0x42400c InterlockedIncrement
0x424010 GetQueuedCompletionStatus
0x424014 ReadConsoleA
0x424018 GetEnvironmentStringsW
0x42401c SetEvent
0x424020 GetCommandLineA
0x424024 CreateActCtxW
0x424028 GlobalAlloc
0x42402c CopyFileW
0x424030 FreeConsole
0x424034 LeaveCriticalSection
0x424038 HeapCreate
0x42403c FindNextVolumeW
0x424040 GetFileAttributesW
0x424044 GetModuleFileNameW
0x424048 lstrlenW
0x42404c SetConsoleTitleA
0x424050 FlushFileBuffers
0x424054 DeactivateActCtx
0x424058 InterlockedExchange
0x42405c GetProcAddress
0x424060 BeginUpdateResourceW
0x424064 RemoveDirectoryA
0x424068 VerLanguageNameW
0x42406c WriteConsoleA
0x424070 LocalAlloc
0x424074 SetConsoleWindowInfo
0x424078 GetTapeParameters
0x42407c SetEnvironmentVariableA
0x424080 SetConsoleTitleW
0x424084 GetModuleHandleA
0x424088 EraseTape
0x42408c VirtualProtect
0x424090 EndUpdateResourceA
0x424094 FindFirstVolumeW
0x424098 GetCurrentProcessId
0x42409c GetPrivateProfileSectionW
0x4240a0 FindNextVolumeA
0x4240a4 lstrcpyW
0x4240a8 CreateFileA
0x4240ac WideCharToMultiByte
0x4240b0 InterlockedDecrement
0x4240b4 InterlockedCompareExchange
0x4240b8 MultiByteToWideChar
0x4240bc Sleep
0x4240c0 InitializeCriticalSection
0x4240c4 DeleteCriticalSection
0x4240c8 EnterCriticalSection
0x4240cc GetLastError
0x4240d0 HeapFree
0x4240d4 TerminateProcess
0x4240d8 GetCurrentProcess
0x4240dc UnhandledExceptionFilter
0x4240e0 SetUnhandledExceptionFilter
0x4240e4 IsDebuggerPresent
0x4240e8 HeapAlloc
0x4240ec GetStartupInfoW
0x4240f0 GetCPInfo
0x4240f4 RtlUnwind
0x4240f8 RaiseException
0x4240fc LCMapStringW
0x424100 LCMapStringA
0x424104 GetStringTypeW
0x424108 VirtualFree
0x42410c VirtualAlloc
0x424110 GetModuleHandleW
0x424114 TlsGetValue
0x424118 TlsAlloc
0x42411c TlsSetValue
0x424120 TlsFree
0x424124 SetLastError
0x424128 GetCurrentThreadId
0x42412c SetFilePointer
0x424130 CloseHandle
0x424134 ExitProcess
0x424138 WriteFile
0x42413c GetStdHandle
0x424140 GetModuleFileNameA
0x424144 FreeEnvironmentStringsW
0x424148 GetCommandLineW
0x42414c SetHandleCount
0x424150 GetFileType
0x424154 GetStartupInfoA
0x424158 QueryPerformanceCounter
0x42415c GetTickCount
0x424160 GetSystemTimeAsFileTime
0x424164 GetStringTypeA
0x424168 HeapSize
0x42416c GetACP
0x424170 GetOEMCP
0x424174 IsValidCodePage
0x424178 GetUserDefaultLCID
0x42417c EnumSystemLocalesA
0x424180 IsValidLocale
0x424184 InitializeCriticalSectionAndSpinCount
0x424188 SetStdHandle
0x42418c GetConsoleCP
0x424190 GetConsoleMode
0x424194 LoadLibraryA
0x424198 GetLocaleInfoW
0x42419c GetConsoleOutputCP
0x4241a0 WriteConsoleW
EAT(Export Address Table) Library
0x401763 @GetFirstVice@8