ScreenShot
| Created | 2021.10.22 09:38 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 28 detected (AIDetect, malware1, malicious, high confidence, MachineLearning, Anomalous, Save, Attribute, HighConfidence, Kryptik, HNAL, score, A + Troj, Krypt, Static AI, Malicious PE, Azorult, Unsafe, CLASSIC, ZexaF, qu0@a45Rs0gG, confidence, 100%, susgen) | ||
| md5 | 75d7e4d1730247c05bd66666c8902d56 | ||
| sha256 | 463688d6dfb7d1afcb6e3b13110542de17dd81cd271a79beb55d2916b5563c4c | ||
| ssdeep | 6144:cnhyn+X8BezX321bKbGrdXso/eIADG8el:chynmcez21mnHxD | ||
| imphash | 324eb7eba0d6f4cd042276a6e19d7718 | ||
| impfuzzy | 24:anFX0J1WJcDt4uRVd4lc8LO4tjhJK0dcd/Ilyv9Z9OT43jMeMxK/:KFXaCj64ttXcqK9GcLME/ | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d008 GetEnvironmentStringsW
0x41d00c ReadConsoleW
0x41d010 FindActCtxSectionStringA
0x41d014 CreateActCtxW
0x41d018 GlobalAlloc
0x41d01c Sleep
0x41d020 InitAtomTable
0x41d024 HeapCreate
0x41d028 FindNextVolumeW
0x41d02c GetAtomNameW
0x41d030 GetMailslotInfo
0x41d034 GetModuleFileNameW
0x41d038 SetConsoleTitleA
0x41d03c SetTapePosition
0x41d040 SetLastError
0x41d044 GetProcAddress
0x41d048 VirtualAlloc
0x41d04c ResetEvent
0x41d050 LoadLibraryA
0x41d054 WriteConsoleA
0x41d058 BeginUpdateResourceA
0x41d05c SetEnvironmentVariableA
0x41d060 GetModuleFileNameA
0x41d064 GetProcessShutdownParameters
0x41d068 GetProcessAffinityMask
0x41d06c GetCPInfoExA
0x41d070 Module32Next
0x41d074 ReleaseMutex
0x41d078 EndUpdateResourceA
0x41d07c GetVersionExA
0x41d080 FindNextVolumeA
0x41d084 lstrcpyW
0x41d088 HeapReAlloc
0x41d08c EncodePointer
0x41d090 DecodePointer
0x41d094 GetModuleHandleW
0x41d098 ExitProcess
0x41d09c GetCommandLineW
0x41d0a0 HeapSetInformation
0x41d0a4 GetStartupInfoW
0x41d0a8 UnhandledExceptionFilter
0x41d0ac SetUnhandledExceptionFilter
0x41d0b0 IsDebuggerPresent
0x41d0b4 TerminateProcess
0x41d0b8 GetCurrentProcess
0x41d0bc TlsAlloc
0x41d0c0 TlsGetValue
0x41d0c4 TlsSetValue
0x41d0c8 TlsFree
0x41d0cc InterlockedIncrement
0x41d0d0 GetCurrentThreadId
0x41d0d4 GetLastError
0x41d0d8 InterlockedDecrement
0x41d0dc HeapAlloc
0x41d0e0 ReadFile
0x41d0e4 EnterCriticalSection
0x41d0e8 LeaveCriticalSection
0x41d0ec HeapFree
0x41d0f0 IsProcessorFeaturePresent
0x41d0f4 SetHandleCount
0x41d0f8 GetStdHandle
0x41d0fc InitializeCriticalSectionAndSpinCount
0x41d100 GetFileType
0x41d104 DeleteCriticalSection
0x41d108 SetFilePointer
0x41d10c GetCPInfo
0x41d110 GetACP
0x41d114 GetOEMCP
0x41d118 IsValidCodePage
0x41d11c CloseHandle
0x41d120 LoadLibraryW
0x41d124 WriteFile
0x41d128 FreeEnvironmentStringsW
0x41d12c QueryPerformanceCounter
0x41d130 GetTickCount
0x41d134 GetCurrentProcessId
0x41d138 GetSystemTimeAsFileTime
0x41d13c WideCharToMultiByte
0x41d140 GetConsoleCP
0x41d144 GetConsoleMode
0x41d148 MultiByteToWideChar
0x41d14c RtlUnwind
0x41d150 RaiseException
0x41d154 SetStdHandle
0x41d158 FlushFileBuffers
0x41d15c LCMapStringW
0x41d160 GetStringTypeW
0x41d164 HeapSize
0x41d168 WriteConsoleW
0x41d16c CreateFileW
GDI32.dll
0x41d000 GetBitmapBits
WINHTTP.dll
0x41d174 WinHttpSetOption
EAT(Export Address Table) is none
KERNEL32.dll
0x41d008 GetEnvironmentStringsW
0x41d00c ReadConsoleW
0x41d010 FindActCtxSectionStringA
0x41d014 CreateActCtxW
0x41d018 GlobalAlloc
0x41d01c Sleep
0x41d020 InitAtomTable
0x41d024 HeapCreate
0x41d028 FindNextVolumeW
0x41d02c GetAtomNameW
0x41d030 GetMailslotInfo
0x41d034 GetModuleFileNameW
0x41d038 SetConsoleTitleA
0x41d03c SetTapePosition
0x41d040 SetLastError
0x41d044 GetProcAddress
0x41d048 VirtualAlloc
0x41d04c ResetEvent
0x41d050 LoadLibraryA
0x41d054 WriteConsoleA
0x41d058 BeginUpdateResourceA
0x41d05c SetEnvironmentVariableA
0x41d060 GetModuleFileNameA
0x41d064 GetProcessShutdownParameters
0x41d068 GetProcessAffinityMask
0x41d06c GetCPInfoExA
0x41d070 Module32Next
0x41d074 ReleaseMutex
0x41d078 EndUpdateResourceA
0x41d07c GetVersionExA
0x41d080 FindNextVolumeA
0x41d084 lstrcpyW
0x41d088 HeapReAlloc
0x41d08c EncodePointer
0x41d090 DecodePointer
0x41d094 GetModuleHandleW
0x41d098 ExitProcess
0x41d09c GetCommandLineW
0x41d0a0 HeapSetInformation
0x41d0a4 GetStartupInfoW
0x41d0a8 UnhandledExceptionFilter
0x41d0ac SetUnhandledExceptionFilter
0x41d0b0 IsDebuggerPresent
0x41d0b4 TerminateProcess
0x41d0b8 GetCurrentProcess
0x41d0bc TlsAlloc
0x41d0c0 TlsGetValue
0x41d0c4 TlsSetValue
0x41d0c8 TlsFree
0x41d0cc InterlockedIncrement
0x41d0d0 GetCurrentThreadId
0x41d0d4 GetLastError
0x41d0d8 InterlockedDecrement
0x41d0dc HeapAlloc
0x41d0e0 ReadFile
0x41d0e4 EnterCriticalSection
0x41d0e8 LeaveCriticalSection
0x41d0ec HeapFree
0x41d0f0 IsProcessorFeaturePresent
0x41d0f4 SetHandleCount
0x41d0f8 GetStdHandle
0x41d0fc InitializeCriticalSectionAndSpinCount
0x41d100 GetFileType
0x41d104 DeleteCriticalSection
0x41d108 SetFilePointer
0x41d10c GetCPInfo
0x41d110 GetACP
0x41d114 GetOEMCP
0x41d118 IsValidCodePage
0x41d11c CloseHandle
0x41d120 LoadLibraryW
0x41d124 WriteFile
0x41d128 FreeEnvironmentStringsW
0x41d12c QueryPerformanceCounter
0x41d130 GetTickCount
0x41d134 GetCurrentProcessId
0x41d138 GetSystemTimeAsFileTime
0x41d13c WideCharToMultiByte
0x41d140 GetConsoleCP
0x41d144 GetConsoleMode
0x41d148 MultiByteToWideChar
0x41d14c RtlUnwind
0x41d150 RaiseException
0x41d154 SetStdHandle
0x41d158 FlushFileBuffers
0x41d15c LCMapStringW
0x41d160 GetStringTypeW
0x41d164 HeapSize
0x41d168 WriteConsoleW
0x41d16c CreateFileW
GDI32.dll
0x41d000 GetBitmapBits
WINHTTP.dll
0x41d174 WinHttpSetOption
EAT(Export Address Table) is none