ScreenShot
| Created | 2021.10.05 10:01 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, ZexaF, rq0@a855u2ci, Kryptik, Eldorado, Attribute, HighConfidence, Convagent, Generic@ML, RDML, Qe4FKt56BVGlR8JwXvmDAQ, MultiPlug, Static AI, Malicious PE, Score, Sabsik, UrSnif, confidence, 100%) | ||
| md5 | cb1aa8895db7b5598823e583102f9fc6 | ||
| sha256 | 7986de346479a9d3203949e22f990d9e8fadf86b7cdcf573ff9a2da2d7d9867c | ||
| ssdeep | 6144:KQx21wWMsvXOWHDNVHz5buM7+ROhxxpeTr/ekI:D21wWMs2YjFuKrzxp6L | ||
| imphash | 00e4a9909e1dd2f9b23ab751bea778c3 | ||
| impfuzzy | 24:YokAOovFaNxFdEDnB7uPX7aV4wly1R+cjlnt9MZ6LJ3NevHRyv0TzZrnlejMCMv:pCcyDdOw72U+cRt9MZINZ0XZ7V | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424000 GlobalDeleteAtom
0x424004 GetLocaleInfoA
0x424008 HeapAlloc
0x42400c EndUpdateResourceW
0x424010 InterlockedIncrement
0x424014 GetQueuedCompletionStatus
0x424018 ReadConsoleA
0x42401c GetCommandLineA
0x424020 CreateActCtxW
0x424024 GetEnvironmentStrings
0x424028 GlobalAlloc
0x42402c CopyFileW
0x424030 FreeConsole
0x424034 HeapCreate
0x424038 FindNextVolumeW
0x42403c GetFileAttributesW
0x424040 lstrlenW
0x424044 FlushFileBuffers
0x424048 DeactivateActCtx
0x42404c InterlockedExchange
0x424050 GetProcAddress
0x424054 BeginUpdateResourceW
0x424058 EnterCriticalSection
0x42405c ResetEvent
0x424060 WriteConsoleA
0x424064 RemoveDirectoryW
0x424068 SetConsoleWindowInfo
0x42406c GetTapeParameters
0x424070 SetEnvironmentVariableA
0x424074 GetModuleFileNameA
0x424078 SetConsoleTitleW
0x42407c GetModuleHandleA
0x424080 EraseTape
0x424084 VirtualProtect
0x424088 GetFileAttributesExW
0x42408c SetCalendarInfoA
0x424090 GetCurrentProcessId
0x424094 GetPrivateProfileSectionW
0x424098 FindNextVolumeA
0x42409c lstrcpyW
0x4240a0 CreateFileA
0x4240a4 WideCharToMultiByte
0x4240a8 InterlockedDecrement
0x4240ac InterlockedCompareExchange
0x4240b0 MultiByteToWideChar
0x4240b4 Sleep
0x4240b8 InitializeCriticalSection
0x4240bc DeleteCriticalSection
0x4240c0 LeaveCriticalSection
0x4240c4 GetLastError
0x4240c8 HeapFree
0x4240cc TerminateProcess
0x4240d0 GetCurrentProcess
0x4240d4 UnhandledExceptionFilter
0x4240d8 SetUnhandledExceptionFilter
0x4240dc IsDebuggerPresent
0x4240e0 HeapReAlloc
0x4240e4 GetStartupInfoA
0x4240e8 GetCPInfo
0x4240ec RtlUnwind
0x4240f0 RaiseException
0x4240f4 LCMapStringW
0x4240f8 LCMapStringA
0x4240fc GetStringTypeW
0x424100 VirtualFree
0x424104 VirtualAlloc
0x424108 GetModuleHandleW
0x42410c TlsGetValue
0x424110 TlsAlloc
0x424114 TlsSetValue
0x424118 TlsFree
0x42411c SetLastError
0x424120 GetCurrentThreadId
0x424124 SetFilePointer
0x424128 CloseHandle
0x42412c ExitProcess
0x424130 WriteFile
0x424134 GetStdHandle
0x424138 FreeEnvironmentStringsA
0x42413c FreeEnvironmentStringsW
0x424140 GetEnvironmentStringsW
0x424144 SetHandleCount
0x424148 GetFileType
0x42414c QueryPerformanceCounter
0x424150 GetTickCount
0x424154 GetSystemTimeAsFileTime
0x424158 GetStringTypeA
0x42415c HeapSize
0x424160 GetACP
0x424164 GetOEMCP
0x424168 IsValidCodePage
0x42416c GetUserDefaultLCID
0x424170 EnumSystemLocalesA
0x424174 IsValidLocale
0x424178 InitializeCriticalSectionAndSpinCount
0x42417c SetStdHandle
0x424180 GetConsoleCP
0x424184 GetConsoleMode
0x424188 LoadLibraryA
0x42418c GetLocaleInfoW
0x424190 GetConsoleOutputCP
0x424194 WriteConsoleW
EAT(Export Address Table) Library
0x401763 @GetFirstVice@8
KERNEL32.dll
0x424000 GlobalDeleteAtom
0x424004 GetLocaleInfoA
0x424008 HeapAlloc
0x42400c EndUpdateResourceW
0x424010 InterlockedIncrement
0x424014 GetQueuedCompletionStatus
0x424018 ReadConsoleA
0x42401c GetCommandLineA
0x424020 CreateActCtxW
0x424024 GetEnvironmentStrings
0x424028 GlobalAlloc
0x42402c CopyFileW
0x424030 FreeConsole
0x424034 HeapCreate
0x424038 FindNextVolumeW
0x42403c GetFileAttributesW
0x424040 lstrlenW
0x424044 FlushFileBuffers
0x424048 DeactivateActCtx
0x42404c InterlockedExchange
0x424050 GetProcAddress
0x424054 BeginUpdateResourceW
0x424058 EnterCriticalSection
0x42405c ResetEvent
0x424060 WriteConsoleA
0x424064 RemoveDirectoryW
0x424068 SetConsoleWindowInfo
0x42406c GetTapeParameters
0x424070 SetEnvironmentVariableA
0x424074 GetModuleFileNameA
0x424078 SetConsoleTitleW
0x42407c GetModuleHandleA
0x424080 EraseTape
0x424084 VirtualProtect
0x424088 GetFileAttributesExW
0x42408c SetCalendarInfoA
0x424090 GetCurrentProcessId
0x424094 GetPrivateProfileSectionW
0x424098 FindNextVolumeA
0x42409c lstrcpyW
0x4240a0 CreateFileA
0x4240a4 WideCharToMultiByte
0x4240a8 InterlockedDecrement
0x4240ac InterlockedCompareExchange
0x4240b0 MultiByteToWideChar
0x4240b4 Sleep
0x4240b8 InitializeCriticalSection
0x4240bc DeleteCriticalSection
0x4240c0 LeaveCriticalSection
0x4240c4 GetLastError
0x4240c8 HeapFree
0x4240cc TerminateProcess
0x4240d0 GetCurrentProcess
0x4240d4 UnhandledExceptionFilter
0x4240d8 SetUnhandledExceptionFilter
0x4240dc IsDebuggerPresent
0x4240e0 HeapReAlloc
0x4240e4 GetStartupInfoA
0x4240e8 GetCPInfo
0x4240ec RtlUnwind
0x4240f0 RaiseException
0x4240f4 LCMapStringW
0x4240f8 LCMapStringA
0x4240fc GetStringTypeW
0x424100 VirtualFree
0x424104 VirtualAlloc
0x424108 GetModuleHandleW
0x42410c TlsGetValue
0x424110 TlsAlloc
0x424114 TlsSetValue
0x424118 TlsFree
0x42411c SetLastError
0x424120 GetCurrentThreadId
0x424124 SetFilePointer
0x424128 CloseHandle
0x42412c ExitProcess
0x424130 WriteFile
0x424134 GetStdHandle
0x424138 FreeEnvironmentStringsA
0x42413c FreeEnvironmentStringsW
0x424140 GetEnvironmentStringsW
0x424144 SetHandleCount
0x424148 GetFileType
0x42414c QueryPerformanceCounter
0x424150 GetTickCount
0x424154 GetSystemTimeAsFileTime
0x424158 GetStringTypeA
0x42415c HeapSize
0x424160 GetACP
0x424164 GetOEMCP
0x424168 IsValidCodePage
0x42416c GetUserDefaultLCID
0x424170 EnumSystemLocalesA
0x424174 IsValidLocale
0x424178 InitializeCriticalSectionAndSpinCount
0x42417c SetStdHandle
0x424180 GetConsoleCP
0x424184 GetConsoleMode
0x424188 LoadLibraryA
0x42418c GetLocaleInfoW
0x424190 GetConsoleOutputCP
0x424194 WriteConsoleW
EAT(Export Address Table) Library
0x401763 @GetFirstVice@8