ScreenShot
| Created | 2021.10.15 09:41 | Machine | s1_win7_x6402 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 37 detected (AIDetect, malware1, malicious, high confidence, Siggen15, Fragtor, Artemis, Unsafe, Save, confidence, 100%, Hacktool, ZexaF, py0@a0wr5oaO, Eldorado, Attribute, HighConfidence, GenKryptik, FMAB, Androm, A + Troj, Krypt, MultiPlug, susgen, ai score=85, kcloud, Sabsik, score, MalPE, R445259, Generic@ML, RDML, 3qeKzgpQUKwbtEjv0wuA, Static AI, Malicious PE, Genetic) | ||
| md5 | 10397feb14b5e8aad2b1e8fd3686763c | ||
| sha256 | 61469a1a12ec1dadb9f884a0f07c23d7de89e77cb687bb6919c555de6ca8dc22 | ||
| ssdeep | 3072:AulhjgrOAFE8CpF3kmW9WtXm5tv4vmVQHboS9D98aShyuy6inoeZcECxc43E:FrjgrHGM81gtA+0Vx98aC3ScEWjE | ||
| imphash | ea8aa8524573fdaa0fbe03cd1215da2c | ||
| impfuzzy | 24:AigqlYJcD1RTiOSMJKOcjtlbeHRnlyv9NT4WajMng+:AjqNnpHcjtFGK9NcWG+ | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d000 HeapReAlloc
0x41d004 UnmapViewOfFile
0x41d008 EndUpdateResourceW
0x41d00c GetCurrentProcess
0x41d010 SleepEx
0x41d014 BackupSeek
0x41d018 ReadConsoleW
0x41d01c FindActCtxSectionStringA
0x41d020 GetEnvironmentStrings
0x41d024 GlobalAlloc
0x41d028 InitAtomTable
0x41d02c HeapDestroy
0x41d030 GetModuleFileNameW
0x41d034 CreateActCtxA
0x41d038 GetOverlappedResult
0x41d03c GetACP
0x41d040 ReleaseSemaphore
0x41d044 SetLastError
0x41d048 GetProcAddress
0x41d04c BeginUpdateResourceW
0x41d050 ResetEvent
0x41d054 WriteConsoleA
0x41d058 DebugSetProcessKillOnExit
0x41d05c GetModuleHandleA
0x41d060 GetProcessShutdownParameters
0x41d064 EraseTape
0x41d068 VirtualProtect
0x41d06c FindNextVolumeA
0x41d070 LCMapStringW
0x41d074 lstrcpyA
0x41d078 EncodePointer
0x41d07c DecodePointer
0x41d080 GetCommandLineW
0x41d084 HeapSetInformation
0x41d088 GetStartupInfoW
0x41d08c TlsAlloc
0x41d090 TlsGetValue
0x41d094 TlsSetValue
0x41d098 TlsFree
0x41d09c InterlockedIncrement
0x41d0a0 GetModuleHandleW
0x41d0a4 GetCurrentThreadId
0x41d0a8 GetLastError
0x41d0ac InterlockedDecrement
0x41d0b0 HeapAlloc
0x41d0b4 EnterCriticalSection
0x41d0b8 LeaveCriticalSection
0x41d0bc UnhandledExceptionFilter
0x41d0c0 SetUnhandledExceptionFilter
0x41d0c4 IsDebuggerPresent
0x41d0c8 TerminateProcess
0x41d0cc HeapFree
0x41d0d0 SetFilePointer
0x41d0d4 CloseHandle
0x41d0d8 ExitProcess
0x41d0dc WriteFile
0x41d0e0 GetStdHandle
0x41d0e4 FreeEnvironmentStringsW
0x41d0e8 GetEnvironmentStringsW
0x41d0ec SetHandleCount
0x41d0f0 InitializeCriticalSectionAndSpinCount
0x41d0f4 GetFileType
0x41d0f8 DeleteCriticalSection
0x41d0fc HeapCreate
0x41d100 QueryPerformanceCounter
0x41d104 GetTickCount
0x41d108 GetCurrentProcessId
0x41d10c GetSystemTimeAsFileTime
0x41d110 GetCPInfo
0x41d114 GetOEMCP
0x41d118 IsValidCodePage
0x41d11c Sleep
0x41d120 WideCharToMultiByte
0x41d124 RtlUnwind
0x41d128 SetStdHandle
0x41d12c GetConsoleCP
0x41d130 GetConsoleMode
0x41d134 FlushFileBuffers
0x41d138 LoadLibraryW
0x41d13c RaiseException
0x41d140 MultiByteToWideChar
0x41d144 GetStringTypeW
0x41d148 IsProcessorFeaturePresent
0x41d14c WriteConsoleW
0x41d150 HeapSize
0x41d154 CreateFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x41d000 HeapReAlloc
0x41d004 UnmapViewOfFile
0x41d008 EndUpdateResourceW
0x41d00c GetCurrentProcess
0x41d010 SleepEx
0x41d014 BackupSeek
0x41d018 ReadConsoleW
0x41d01c FindActCtxSectionStringA
0x41d020 GetEnvironmentStrings
0x41d024 GlobalAlloc
0x41d028 InitAtomTable
0x41d02c HeapDestroy
0x41d030 GetModuleFileNameW
0x41d034 CreateActCtxA
0x41d038 GetOverlappedResult
0x41d03c GetACP
0x41d040 ReleaseSemaphore
0x41d044 SetLastError
0x41d048 GetProcAddress
0x41d04c BeginUpdateResourceW
0x41d050 ResetEvent
0x41d054 WriteConsoleA
0x41d058 DebugSetProcessKillOnExit
0x41d05c GetModuleHandleA
0x41d060 GetProcessShutdownParameters
0x41d064 EraseTape
0x41d068 VirtualProtect
0x41d06c FindNextVolumeA
0x41d070 LCMapStringW
0x41d074 lstrcpyA
0x41d078 EncodePointer
0x41d07c DecodePointer
0x41d080 GetCommandLineW
0x41d084 HeapSetInformation
0x41d088 GetStartupInfoW
0x41d08c TlsAlloc
0x41d090 TlsGetValue
0x41d094 TlsSetValue
0x41d098 TlsFree
0x41d09c InterlockedIncrement
0x41d0a0 GetModuleHandleW
0x41d0a4 GetCurrentThreadId
0x41d0a8 GetLastError
0x41d0ac InterlockedDecrement
0x41d0b0 HeapAlloc
0x41d0b4 EnterCriticalSection
0x41d0b8 LeaveCriticalSection
0x41d0bc UnhandledExceptionFilter
0x41d0c0 SetUnhandledExceptionFilter
0x41d0c4 IsDebuggerPresent
0x41d0c8 TerminateProcess
0x41d0cc HeapFree
0x41d0d0 SetFilePointer
0x41d0d4 CloseHandle
0x41d0d8 ExitProcess
0x41d0dc WriteFile
0x41d0e0 GetStdHandle
0x41d0e4 FreeEnvironmentStringsW
0x41d0e8 GetEnvironmentStringsW
0x41d0ec SetHandleCount
0x41d0f0 InitializeCriticalSectionAndSpinCount
0x41d0f4 GetFileType
0x41d0f8 DeleteCriticalSection
0x41d0fc HeapCreate
0x41d100 QueryPerformanceCounter
0x41d104 GetTickCount
0x41d108 GetCurrentProcessId
0x41d10c GetSystemTimeAsFileTime
0x41d110 GetCPInfo
0x41d114 GetOEMCP
0x41d118 IsValidCodePage
0x41d11c Sleep
0x41d120 WideCharToMultiByte
0x41d124 RtlUnwind
0x41d128 SetStdHandle
0x41d12c GetConsoleCP
0x41d130 GetConsoleMode
0x41d134 FlushFileBuffers
0x41d138 LoadLibraryW
0x41d13c RaiseException
0x41d140 MultiByteToWideChar
0x41d144 GetStringTypeW
0x41d148 IsProcessorFeaturePresent
0x41d14c WriteConsoleW
0x41d150 HeapSize
0x41d154 CreateFileW
EAT(Export Address Table) is none