ScreenShot
| Created | 2021.10.21 18:24 | Machine | s1_win7_x6403 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 36 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Unsafe, Save, ZexaF, uu1@aGkvZGjG, Kryptik, Eldorado, Attribute, HighConfidence, A + Troj, Krypt, Score, Sabsik, R446483, ai score=84, CLASSIC, Static AI, Malicious PE, susgen, confidence, 100%) | ||
| md5 | 05d6732ff73403961d2b131ac1237393 | ||
| sha256 | d3a9a3edb7bf2c1c0bee319acb384b4ea0d27a72c09ee0781996ecc4b6637fef | ||
| ssdeep | 6144:nTo3T9zMROMLxpMqCaqSb/d0SqX7tNfVXVHQLIiu8c:nTk9zMROMLxzN70SwZGEX8c | ||
| imphash | df9601abec2416ae7ecc0dd0d7272e84 | ||
| impfuzzy | 24:p0D1YLAJcDpOut62d3lDY8LO4tjhJK0dcdYIlyv9H9OT43jMeYAgKQ:yMXnDH64ttXcJK9McLYAw | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 36 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42f008 EndUpdateResourceW
0x42f00c GetEnvironmentStringsW
0x42f010 SetEvent
0x42f014 FlushViewOfFile
0x42f018 ReadConsoleW
0x42f01c GlobalAlloc
0x42f020 Sleep
0x42f024 InitAtomTable
0x42f028 HeapCreate
0x42f02c WriteConsoleW
0x42f030 GetAtomNameW
0x42f034 GetModuleFileNameW
0x42f038 CreateActCtxA
0x42f03c SetConsoleTitleA
0x42f040 SetProcessAffinityMask
0x42f044 DeactivateActCtx
0x42f048 SetLastError
0x42f04c GetProcAddress
0x42f050 VirtualAlloc
0x42f054 BeginUpdateResourceW
0x42f058 LoadLibraryA
0x42f05c SetEnvironmentVariableA
0x42f060 GetModuleFileNameA
0x42f064 GetOEMCP
0x42f068 CreateIoCompletionPort
0x42f06c GetCPInfoExA
0x42f070 SetProcessShutdownParameters
0x42f074 Module32Next
0x42f078 ReleaseMutex
0x42f07c GetVersionExA
0x42f080 FindNextVolumeA
0x42f084 lstrcpyW
0x42f088 LCMapStringW
0x42f08c SetTapePosition
0x42f090 HeapReAlloc
0x42f094 IsProcessorFeaturePresent
0x42f098 RaiseException
0x42f09c EncodePointer
0x42f0a0 DecodePointer
0x42f0a4 GetModuleHandleW
0x42f0a8 ExitProcess
0x42f0ac GetCommandLineW
0x42f0b0 HeapSetInformation
0x42f0b4 GetStartupInfoW
0x42f0b8 UnhandledExceptionFilter
0x42f0bc SetUnhandledExceptionFilter
0x42f0c0 IsDebuggerPresent
0x42f0c4 TerminateProcess
0x42f0c8 GetCurrentProcess
0x42f0cc TlsAlloc
0x42f0d0 TlsGetValue
0x42f0d4 TlsSetValue
0x42f0d8 TlsFree
0x42f0dc InterlockedIncrement
0x42f0e0 GetCurrentThreadId
0x42f0e4 GetLastError
0x42f0e8 InterlockedDecrement
0x42f0ec HeapAlloc
0x42f0f0 ReadFile
0x42f0f4 EnterCriticalSection
0x42f0f8 LeaveCriticalSection
0x42f0fc HeapFree
0x42f100 SetHandleCount
0x42f104 GetStdHandle
0x42f108 InitializeCriticalSectionAndSpinCount
0x42f10c GetFileType
0x42f110 DeleteCriticalSection
0x42f114 SetFilePointer
0x42f118 GetCPInfo
0x42f11c GetACP
0x42f120 IsValidCodePage
0x42f124 CloseHandle
0x42f128 LoadLibraryW
0x42f12c WriteFile
0x42f130 FreeEnvironmentStringsW
0x42f134 QueryPerformanceCounter
0x42f138 GetTickCount
0x42f13c GetCurrentProcessId
0x42f140 GetSystemTimeAsFileTime
0x42f144 WideCharToMultiByte
0x42f148 GetConsoleCP
0x42f14c GetConsoleMode
0x42f150 MultiByteToWideChar
0x42f154 RtlUnwind
0x42f158 SetStdHandle
0x42f15c FlushFileBuffers
0x42f160 GetStringTypeW
0x42f164 HeapSize
0x42f168 CreateFileW
USER32.dll
0x42f170 ClientToScreen
GDI32.dll
0x42f000 GetBitmapBits
WINHTTP.dll
0x42f178 WinHttpQueryOption
EAT(Export Address Table) is none
KERNEL32.dll
0x42f008 EndUpdateResourceW
0x42f00c GetEnvironmentStringsW
0x42f010 SetEvent
0x42f014 FlushViewOfFile
0x42f018 ReadConsoleW
0x42f01c GlobalAlloc
0x42f020 Sleep
0x42f024 InitAtomTable
0x42f028 HeapCreate
0x42f02c WriteConsoleW
0x42f030 GetAtomNameW
0x42f034 GetModuleFileNameW
0x42f038 CreateActCtxA
0x42f03c SetConsoleTitleA
0x42f040 SetProcessAffinityMask
0x42f044 DeactivateActCtx
0x42f048 SetLastError
0x42f04c GetProcAddress
0x42f050 VirtualAlloc
0x42f054 BeginUpdateResourceW
0x42f058 LoadLibraryA
0x42f05c SetEnvironmentVariableA
0x42f060 GetModuleFileNameA
0x42f064 GetOEMCP
0x42f068 CreateIoCompletionPort
0x42f06c GetCPInfoExA
0x42f070 SetProcessShutdownParameters
0x42f074 Module32Next
0x42f078 ReleaseMutex
0x42f07c GetVersionExA
0x42f080 FindNextVolumeA
0x42f084 lstrcpyW
0x42f088 LCMapStringW
0x42f08c SetTapePosition
0x42f090 HeapReAlloc
0x42f094 IsProcessorFeaturePresent
0x42f098 RaiseException
0x42f09c EncodePointer
0x42f0a0 DecodePointer
0x42f0a4 GetModuleHandleW
0x42f0a8 ExitProcess
0x42f0ac GetCommandLineW
0x42f0b0 HeapSetInformation
0x42f0b4 GetStartupInfoW
0x42f0b8 UnhandledExceptionFilter
0x42f0bc SetUnhandledExceptionFilter
0x42f0c0 IsDebuggerPresent
0x42f0c4 TerminateProcess
0x42f0c8 GetCurrentProcess
0x42f0cc TlsAlloc
0x42f0d0 TlsGetValue
0x42f0d4 TlsSetValue
0x42f0d8 TlsFree
0x42f0dc InterlockedIncrement
0x42f0e0 GetCurrentThreadId
0x42f0e4 GetLastError
0x42f0e8 InterlockedDecrement
0x42f0ec HeapAlloc
0x42f0f0 ReadFile
0x42f0f4 EnterCriticalSection
0x42f0f8 LeaveCriticalSection
0x42f0fc HeapFree
0x42f100 SetHandleCount
0x42f104 GetStdHandle
0x42f108 InitializeCriticalSectionAndSpinCount
0x42f10c GetFileType
0x42f110 DeleteCriticalSection
0x42f114 SetFilePointer
0x42f118 GetCPInfo
0x42f11c GetACP
0x42f120 IsValidCodePage
0x42f124 CloseHandle
0x42f128 LoadLibraryW
0x42f12c WriteFile
0x42f130 FreeEnvironmentStringsW
0x42f134 QueryPerformanceCounter
0x42f138 GetTickCount
0x42f13c GetCurrentProcessId
0x42f140 GetSystemTimeAsFileTime
0x42f144 WideCharToMultiByte
0x42f148 GetConsoleCP
0x42f14c GetConsoleMode
0x42f150 MultiByteToWideChar
0x42f154 RtlUnwind
0x42f158 SetStdHandle
0x42f15c FlushFileBuffers
0x42f160 GetStringTypeW
0x42f164 HeapSize
0x42f168 CreateFileW
USER32.dll
0x42f170 ClientToScreen
GDI32.dll
0x42f000 GetBitmapBits
WINHTTP.dll
0x42f178 WinHttpQueryOption
EAT(Export Address Table) is none