ScreenShot
| Created | 2021.10.19 09:23 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 37 detected (AIDetect, malware1, Androm, malicious, high confidence, Fragtor, GenericRXQJ, Unsafe, Save, confidence, ZexaF, my0@aixlq7aO, Eldorado, Kryptik, HMWQ, RansomX, Woza, R + Troj, Krypt, Static AI, Malicious PE, Strab, Score, ai score=87, Azorult, R445206, Generic@ML, RDML, bUj5l, 0q09D2F6orkg, HMWM, Genetic) | ||
| md5 | d5221f463d6fe2799e405236513610cb | ||
| sha256 | fbf8573e839732a10b86926f7431ec61f95b328db6bb074dd0f8173cbea75f2e | ||
| ssdeep | 3072:M0QP6wY8eSlG+huEfjkYyzy/4eAU7cG0jcPtr7+4oS9D98aShyuyo0+53E:bw6RmG+hu2kB2QHEclcFW4Vx98aCNXE | ||
| imphash | c8c17e47eb07afabbfe8e635fca5ad02 | ||
| impfuzzy | 24:IiJBDJcDn6WmcOrcqtU9lWeHRnlyv95hI3TDajMngH:I4uHarcqtpGK978fGH | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 37 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d000 HeapReAlloc
0x41d004 UnmapViewOfFile
0x41d008 EndUpdateResourceW
0x41d00c ReadConsoleA
0x41d010 GetCurrentProcess
0x41d014 BackupSeek
0x41d018 FindActCtxSectionStringA
0x41d01c GetEnvironmentStrings
0x41d020 GlobalAlloc
0x41d024 Sleep
0x41d028 InitAtomTable
0x41d02c HeapDestroy
0x41d030 FindNextVolumeW
0x41d034 WriteConsoleW
0x41d038 GetModuleFileNameW
0x41d03c CreateActCtxA
0x41d040 GetACP
0x41d044 ReleaseSemaphore
0x41d048 SetTapePosition
0x41d04c SetLastError
0x41d050 GetProcAddress
0x41d054 BeginUpdateResourceW
0x41d058 ResetEvent
0x41d05c DebugSetProcessKillOnExit
0x41d060 CreateIoCompletionPort
0x41d064 GetModuleHandleA
0x41d068 GetProcessShutdownParameters
0x41d06c VirtualProtect
0x41d070 GetCurrentProcessId
0x41d074 FindNextVolumeA
0x41d078 LCMapStringW
0x41d07c lstrcpyA
0x41d080 GetCommandLineW
0x41d084 HeapSetInformation
0x41d088 GetStartupInfoW
0x41d08c HeapAlloc
0x41d090 EnterCriticalSection
0x41d094 LeaveCriticalSection
0x41d098 DecodePointer
0x41d09c UnhandledExceptionFilter
0x41d0a0 SetUnhandledExceptionFilter
0x41d0a4 IsDebuggerPresent
0x41d0a8 EncodePointer
0x41d0ac TerminateProcess
0x41d0b0 GetLastError
0x41d0b4 HeapFree
0x41d0b8 SetFilePointer
0x41d0bc CloseHandle
0x41d0c0 GetModuleHandleW
0x41d0c4 ExitProcess
0x41d0c8 WriteFile
0x41d0cc GetStdHandle
0x41d0d0 FreeEnvironmentStringsW
0x41d0d4 GetEnvironmentStringsW
0x41d0d8 SetHandleCount
0x41d0dc InitializeCriticalSectionAndSpinCount
0x41d0e0 GetFileType
0x41d0e4 DeleteCriticalSection
0x41d0e8 TlsAlloc
0x41d0ec TlsGetValue
0x41d0f0 TlsSetValue
0x41d0f4 TlsFree
0x41d0f8 InterlockedIncrement
0x41d0fc GetCurrentThreadId
0x41d100 InterlockedDecrement
0x41d104 HeapCreate
0x41d108 QueryPerformanceCounter
0x41d10c GetTickCount
0x41d110 GetSystemTimeAsFileTime
0x41d114 GetCPInfo
0x41d118 GetOEMCP
0x41d11c IsValidCodePage
0x41d120 WideCharToMultiByte
0x41d124 RtlUnwind
0x41d128 SetStdHandle
0x41d12c GetConsoleCP
0x41d130 GetConsoleMode
0x41d134 FlushFileBuffers
0x41d138 LoadLibraryW
0x41d13c RaiseException
0x41d140 MultiByteToWideChar
0x41d144 GetStringTypeW
0x41d148 IsProcessorFeaturePresent
0x41d14c HeapSize
0x41d150 CreateFileW
EAT(Export Address Table) Library
0x401000 @GetFirstVice@8
KERNEL32.dll
0x41d000 HeapReAlloc
0x41d004 UnmapViewOfFile
0x41d008 EndUpdateResourceW
0x41d00c ReadConsoleA
0x41d010 GetCurrentProcess
0x41d014 BackupSeek
0x41d018 FindActCtxSectionStringA
0x41d01c GetEnvironmentStrings
0x41d020 GlobalAlloc
0x41d024 Sleep
0x41d028 InitAtomTable
0x41d02c HeapDestroy
0x41d030 FindNextVolumeW
0x41d034 WriteConsoleW
0x41d038 GetModuleFileNameW
0x41d03c CreateActCtxA
0x41d040 GetACP
0x41d044 ReleaseSemaphore
0x41d048 SetTapePosition
0x41d04c SetLastError
0x41d050 GetProcAddress
0x41d054 BeginUpdateResourceW
0x41d058 ResetEvent
0x41d05c DebugSetProcessKillOnExit
0x41d060 CreateIoCompletionPort
0x41d064 GetModuleHandleA
0x41d068 GetProcessShutdownParameters
0x41d06c VirtualProtect
0x41d070 GetCurrentProcessId
0x41d074 FindNextVolumeA
0x41d078 LCMapStringW
0x41d07c lstrcpyA
0x41d080 GetCommandLineW
0x41d084 HeapSetInformation
0x41d088 GetStartupInfoW
0x41d08c HeapAlloc
0x41d090 EnterCriticalSection
0x41d094 LeaveCriticalSection
0x41d098 DecodePointer
0x41d09c UnhandledExceptionFilter
0x41d0a0 SetUnhandledExceptionFilter
0x41d0a4 IsDebuggerPresent
0x41d0a8 EncodePointer
0x41d0ac TerminateProcess
0x41d0b0 GetLastError
0x41d0b4 HeapFree
0x41d0b8 SetFilePointer
0x41d0bc CloseHandle
0x41d0c0 GetModuleHandleW
0x41d0c4 ExitProcess
0x41d0c8 WriteFile
0x41d0cc GetStdHandle
0x41d0d0 FreeEnvironmentStringsW
0x41d0d4 GetEnvironmentStringsW
0x41d0d8 SetHandleCount
0x41d0dc InitializeCriticalSectionAndSpinCount
0x41d0e0 GetFileType
0x41d0e4 DeleteCriticalSection
0x41d0e8 TlsAlloc
0x41d0ec TlsGetValue
0x41d0f0 TlsSetValue
0x41d0f4 TlsFree
0x41d0f8 InterlockedIncrement
0x41d0fc GetCurrentThreadId
0x41d100 InterlockedDecrement
0x41d104 HeapCreate
0x41d108 QueryPerformanceCounter
0x41d10c GetTickCount
0x41d110 GetSystemTimeAsFileTime
0x41d114 GetCPInfo
0x41d118 GetOEMCP
0x41d11c IsValidCodePage
0x41d120 WideCharToMultiByte
0x41d124 RtlUnwind
0x41d128 SetStdHandle
0x41d12c GetConsoleCP
0x41d130 GetConsoleMode
0x41d134 FlushFileBuffers
0x41d138 LoadLibraryW
0x41d13c RaiseException
0x41d140 MultiByteToWideChar
0x41d144 GetStringTypeW
0x41d148 IsProcessorFeaturePresent
0x41d14c HeapSize
0x41d150 CreateFileW
EAT(Export Address Table) Library
0x401000 @GetFirstVice@8