ScreenShot
| Created | 2021.10.05 09:55 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 41 detected (Androm, malicious, high confidence, Siggen15, Fragtor, Artemis, Unsafe, Save, Azorult, ZexaF, sq0@a4ub9rmi, Kryptik, Eldorado, Attribute, HighConfidence, HMSQ, FileRepMalware, Generic@ML, RDMK, RGpjaqnlPC1EwpmNZ23VCA, UMal, rpmgf@0, MultiPlug, Static AI, Malicious PE, ai score=99, kcloud, LokiBot, FVY81R, score, R002H07J421, HMSO, Genetic, confidence, 100%) | ||
| md5 | 5a320540eeef00b5020c8dd42557ab2f | ||
| sha256 | e3efaf72472faf918f7ff2a430db45cf5ffc2eb595e1b96d4dc403603b0acced | ||
| ssdeep | 6144:IhN2HJC884dHOuyUVwYiFCyIJROhxxpeTr/ekI:I6HJ984duubOfx3zxp6L | ||
| imphash | f47739d0cfd89d51cbbbec502f2604c9 | ||
| impfuzzy | 24:YokFQOovFaNh71SFdEDg7uJX9aV4wly1R+fjlnt9MZ6LJ3NQvRyv0TzZrnlejMCc:pAcyhwdI92U+fRt9MZIND0XZ7V | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424000 GlobalDeleteAtom
0x424004 GetLocaleInfoA
0x424008 HeapAlloc
0x42400c EndUpdateResourceW
0x424010 InterlockedIncrement
0x424014 GetQueuedCompletionStatus
0x424018 ReadConsoleA
0x42401c GetEnvironmentStringsW
0x424020 SetEvent
0x424024 GetCommandLineA
0x424028 CreateActCtxW
0x42402c GetEnvironmentStrings
0x424030 GlobalAlloc
0x424034 CopyFileW
0x424038 FreeConsole
0x42403c LeaveCriticalSection
0x424040 HeapCreate
0x424044 FindNextVolumeW
0x424048 GetFileAttributesW
0x42404c GetModuleFileNameW
0x424050 lstrlenW
0x424054 SetConsoleTitleA
0x424058 FlushFileBuffers
0x42405c DeactivateActCtx
0x424060 InterlockedExchange
0x424064 GetProcAddress
0x424068 BeginUpdateResourceW
0x42406c WriteConsoleA
0x424070 RemoveDirectoryW
0x424074 SetConsoleWindowInfo
0x424078 GetTapeParameters
0x42407c SetEnvironmentVariableA
0x424080 SetConsoleTitleW
0x424084 GetModuleHandleA
0x424088 EraseTape
0x42408c VirtualProtect
0x424090 GetCurrentProcessId
0x424094 GetPrivateProfileSectionW
0x424098 FindNextVolumeA
0x42409c lstrcpyW
0x4240a0 CreateFileA
0x4240a4 WideCharToMultiByte
0x4240a8 InterlockedDecrement
0x4240ac InterlockedCompareExchange
0x4240b0 MultiByteToWideChar
0x4240b4 Sleep
0x4240b8 InitializeCriticalSection
0x4240bc DeleteCriticalSection
0x4240c0 EnterCriticalSection
0x4240c4 GetLastError
0x4240c8 HeapFree
0x4240cc TerminateProcess
0x4240d0 GetCurrentProcess
0x4240d4 UnhandledExceptionFilter
0x4240d8 SetUnhandledExceptionFilter
0x4240dc IsDebuggerPresent
0x4240e0 HeapReAlloc
0x4240e4 GetStartupInfoA
0x4240e8 GetCPInfo
0x4240ec RtlUnwind
0x4240f0 RaiseException
0x4240f4 LCMapStringW
0x4240f8 LCMapStringA
0x4240fc GetStringTypeW
0x424100 VirtualFree
0x424104 VirtualAlloc
0x424108 GetModuleHandleW
0x42410c TlsGetValue
0x424110 TlsAlloc
0x424114 TlsSetValue
0x424118 TlsFree
0x42411c SetLastError
0x424120 GetCurrentThreadId
0x424124 SetFilePointer
0x424128 CloseHandle
0x42412c ExitProcess
0x424130 WriteFile
0x424134 GetStdHandle
0x424138 GetModuleFileNameA
0x42413c FreeEnvironmentStringsA
0x424140 FreeEnvironmentStringsW
0x424144 SetHandleCount
0x424148 GetFileType
0x42414c QueryPerformanceCounter
0x424150 GetTickCount
0x424154 GetSystemTimeAsFileTime
0x424158 GetStringTypeA
0x42415c HeapSize
0x424160 GetACP
0x424164 GetOEMCP
0x424168 IsValidCodePage
0x42416c GetUserDefaultLCID
0x424170 EnumSystemLocalesA
0x424174 IsValidLocale
0x424178 InitializeCriticalSectionAndSpinCount
0x42417c SetStdHandle
0x424180 GetConsoleCP
0x424184 GetConsoleMode
0x424188 LoadLibraryA
0x42418c GetLocaleInfoW
0x424190 GetConsoleOutputCP
0x424194 WriteConsoleW
EAT(Export Address Table) Library
0x401787 @GetFirstVice@8
KERNEL32.dll
0x424000 GlobalDeleteAtom
0x424004 GetLocaleInfoA
0x424008 HeapAlloc
0x42400c EndUpdateResourceW
0x424010 InterlockedIncrement
0x424014 GetQueuedCompletionStatus
0x424018 ReadConsoleA
0x42401c GetEnvironmentStringsW
0x424020 SetEvent
0x424024 GetCommandLineA
0x424028 CreateActCtxW
0x42402c GetEnvironmentStrings
0x424030 GlobalAlloc
0x424034 CopyFileW
0x424038 FreeConsole
0x42403c LeaveCriticalSection
0x424040 HeapCreate
0x424044 FindNextVolumeW
0x424048 GetFileAttributesW
0x42404c GetModuleFileNameW
0x424050 lstrlenW
0x424054 SetConsoleTitleA
0x424058 FlushFileBuffers
0x42405c DeactivateActCtx
0x424060 InterlockedExchange
0x424064 GetProcAddress
0x424068 BeginUpdateResourceW
0x42406c WriteConsoleA
0x424070 RemoveDirectoryW
0x424074 SetConsoleWindowInfo
0x424078 GetTapeParameters
0x42407c SetEnvironmentVariableA
0x424080 SetConsoleTitleW
0x424084 GetModuleHandleA
0x424088 EraseTape
0x42408c VirtualProtect
0x424090 GetCurrentProcessId
0x424094 GetPrivateProfileSectionW
0x424098 FindNextVolumeA
0x42409c lstrcpyW
0x4240a0 CreateFileA
0x4240a4 WideCharToMultiByte
0x4240a8 InterlockedDecrement
0x4240ac InterlockedCompareExchange
0x4240b0 MultiByteToWideChar
0x4240b4 Sleep
0x4240b8 InitializeCriticalSection
0x4240bc DeleteCriticalSection
0x4240c0 EnterCriticalSection
0x4240c4 GetLastError
0x4240c8 HeapFree
0x4240cc TerminateProcess
0x4240d0 GetCurrentProcess
0x4240d4 UnhandledExceptionFilter
0x4240d8 SetUnhandledExceptionFilter
0x4240dc IsDebuggerPresent
0x4240e0 HeapReAlloc
0x4240e4 GetStartupInfoA
0x4240e8 GetCPInfo
0x4240ec RtlUnwind
0x4240f0 RaiseException
0x4240f4 LCMapStringW
0x4240f8 LCMapStringA
0x4240fc GetStringTypeW
0x424100 VirtualFree
0x424104 VirtualAlloc
0x424108 GetModuleHandleW
0x42410c TlsGetValue
0x424110 TlsAlloc
0x424114 TlsSetValue
0x424118 TlsFree
0x42411c SetLastError
0x424120 GetCurrentThreadId
0x424124 SetFilePointer
0x424128 CloseHandle
0x42412c ExitProcess
0x424130 WriteFile
0x424134 GetStdHandle
0x424138 GetModuleFileNameA
0x42413c FreeEnvironmentStringsA
0x424140 FreeEnvironmentStringsW
0x424144 SetHandleCount
0x424148 GetFileType
0x42414c QueryPerformanceCounter
0x424150 GetTickCount
0x424154 GetSystemTimeAsFileTime
0x424158 GetStringTypeA
0x42415c HeapSize
0x424160 GetACP
0x424164 GetOEMCP
0x424168 IsValidCodePage
0x42416c GetUserDefaultLCID
0x424170 EnumSystemLocalesA
0x424174 IsValidLocale
0x424178 InitializeCriticalSectionAndSpinCount
0x42417c SetStdHandle
0x424180 GetConsoleCP
0x424184 GetConsoleMode
0x424188 LoadLibraryA
0x42418c GetLocaleInfoW
0x424190 GetConsoleOutputCP
0x424194 WriteConsoleW
EAT(Export Address Table) Library
0x401787 @GetFirstVice@8