ScreenShot
| Created | 2021.11.03 09:41 | Machine | s1_win7_x6403 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 33 detected (AIDetect, malware1, malicious, high confidence, Fragtor, Unsafe, Save, ZexaF, ru1@aa7XINfG, Kryptik, Eldorado, HNCB, ET#94%, RDMK, cmRtazo, +LfngVbiuLbi39y4AQ9Y, A + Troj, Krypt, Lockbit, susgen, Sabsik, score, ai score=83, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | 6a049652dccbc682444088a9c910abed | ||
| sha256 | c14df711aaf2fdf1fe7eb19d5c8715190cfc4c99e535a044d6df754e311ebfdb | ||
| ssdeep | 6144:6qYvRKoDXTYfvJ69UFF0FDO9VIB7008qX0A3ynVP:QKoDXTSyUneDEV8sA3S | ||
| imphash | b8ef4a428f658ada3d2d48117cace047 | ||
| impfuzzy | 24:Vtrj+FiFFmMcDq+ui3+lQ1ciOovA1tCWgJ3IbdcQIlyv9zTNSUjMxUf:aEFU7e5t1t+ScHK9zpSd6 | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x42b008 LoadLibraryExW
0x42b00c GetEnvironmentStringsW
0x42b010 WaitForSingleObject
0x42b014 SetEvent
0x42b018 OpenSemaphoreA
0x42b01c GetTickCount
0x42b020 ReadConsoleW
0x42b024 FindActCtxSectionStringA
0x42b028 CreateActCtxW
0x42b02c Sleep
0x42b030 FindNextVolumeW
0x42b034 GetAtomNameW
0x42b038 GetMailslotInfo
0x42b03c GetModuleFileNameW
0x42b040 Module32First
0x42b044 GetCPInfoExW
0x42b048 GetLastError
0x42b04c GetProcAddress
0x42b050 VirtualAlloc
0x42b054 LoadLibraryA
0x42b058 WriteConsoleA
0x42b05c LocalAlloc
0x42b060 BeginUpdateResourceA
0x42b064 SetEnvironmentVariableA
0x42b068 EraseTape
0x42b06c GetProcessAffinityMask
0x42b070 SetProcessShutdownParameters
0x42b074 EndUpdateResourceA
0x42b078 GetVersionExA
0x42b07c DeleteAtom
0x42b080 FindNextVolumeA
0x42b084 lstrcpyW
0x42b088 LCMapStringW
0x42b08c SetConsoleTitleA
0x42b090 HeapReAlloc
0x42b094 EncodePointer
0x42b098 DecodePointer
0x42b09c GetCommandLineA
0x42b0a0 HeapSetInformation
0x42b0a4 GetStartupInfoW
0x42b0a8 RaiseException
0x42b0ac UnhandledExceptionFilter
0x42b0b0 SetUnhandledExceptionFilter
0x42b0b4 IsDebuggerPresent
0x42b0b8 TerminateProcess
0x42b0bc GetCurrentProcess
0x42b0c0 HeapAlloc
0x42b0c4 HeapFree
0x42b0c8 IsProcessorFeaturePresent
0x42b0cc TlsAlloc
0x42b0d0 TlsGetValue
0x42b0d4 TlsSetValue
0x42b0d8 TlsFree
0x42b0dc InterlockedIncrement
0x42b0e0 GetModuleHandleW
0x42b0e4 SetLastError
0x42b0e8 GetCurrentThreadId
0x42b0ec InterlockedDecrement
0x42b0f0 ReadFile
0x42b0f4 EnterCriticalSection
0x42b0f8 LeaveCriticalSection
0x42b0fc SetHandleCount
0x42b100 GetStdHandle
0x42b104 InitializeCriticalSectionAndSpinCount
0x42b108 GetFileType
0x42b10c DeleteCriticalSection
0x42b110 SetFilePointer
0x42b114 CloseHandle
0x42b118 ExitProcess
0x42b11c WriteFile
0x42b120 GetModuleFileNameA
0x42b124 FreeEnvironmentStringsW
0x42b128 WideCharToMultiByte
0x42b12c HeapCreate
0x42b130 QueryPerformanceCounter
0x42b134 GetCurrentProcessId
0x42b138 GetSystemTimeAsFileTime
0x42b13c GetConsoleCP
0x42b140 GetConsoleMode
0x42b144 GetCPInfo
0x42b148 GetACP
0x42b14c GetOEMCP
0x42b150 IsValidCodePage
0x42b154 MultiByteToWideChar
0x42b158 RtlUnwind
0x42b15c SetStdHandle
0x42b160 FlushFileBuffers
0x42b164 HeapSize
0x42b168 LoadLibraryW
0x42b16c WriteConsoleW
0x42b170 GetStringTypeW
0x42b174 CreateFileW
GDI32.dll
0x42b000 GetBitmapBits
EAT(Export Address Table) is none
KERNEL32.dll
0x42b008 LoadLibraryExW
0x42b00c GetEnvironmentStringsW
0x42b010 WaitForSingleObject
0x42b014 SetEvent
0x42b018 OpenSemaphoreA
0x42b01c GetTickCount
0x42b020 ReadConsoleW
0x42b024 FindActCtxSectionStringA
0x42b028 CreateActCtxW
0x42b02c Sleep
0x42b030 FindNextVolumeW
0x42b034 GetAtomNameW
0x42b038 GetMailslotInfo
0x42b03c GetModuleFileNameW
0x42b040 Module32First
0x42b044 GetCPInfoExW
0x42b048 GetLastError
0x42b04c GetProcAddress
0x42b050 VirtualAlloc
0x42b054 LoadLibraryA
0x42b058 WriteConsoleA
0x42b05c LocalAlloc
0x42b060 BeginUpdateResourceA
0x42b064 SetEnvironmentVariableA
0x42b068 EraseTape
0x42b06c GetProcessAffinityMask
0x42b070 SetProcessShutdownParameters
0x42b074 EndUpdateResourceA
0x42b078 GetVersionExA
0x42b07c DeleteAtom
0x42b080 FindNextVolumeA
0x42b084 lstrcpyW
0x42b088 LCMapStringW
0x42b08c SetConsoleTitleA
0x42b090 HeapReAlloc
0x42b094 EncodePointer
0x42b098 DecodePointer
0x42b09c GetCommandLineA
0x42b0a0 HeapSetInformation
0x42b0a4 GetStartupInfoW
0x42b0a8 RaiseException
0x42b0ac UnhandledExceptionFilter
0x42b0b0 SetUnhandledExceptionFilter
0x42b0b4 IsDebuggerPresent
0x42b0b8 TerminateProcess
0x42b0bc GetCurrentProcess
0x42b0c0 HeapAlloc
0x42b0c4 HeapFree
0x42b0c8 IsProcessorFeaturePresent
0x42b0cc TlsAlloc
0x42b0d0 TlsGetValue
0x42b0d4 TlsSetValue
0x42b0d8 TlsFree
0x42b0dc InterlockedIncrement
0x42b0e0 GetModuleHandleW
0x42b0e4 SetLastError
0x42b0e8 GetCurrentThreadId
0x42b0ec InterlockedDecrement
0x42b0f0 ReadFile
0x42b0f4 EnterCriticalSection
0x42b0f8 LeaveCriticalSection
0x42b0fc SetHandleCount
0x42b100 GetStdHandle
0x42b104 InitializeCriticalSectionAndSpinCount
0x42b108 GetFileType
0x42b10c DeleteCriticalSection
0x42b110 SetFilePointer
0x42b114 CloseHandle
0x42b118 ExitProcess
0x42b11c WriteFile
0x42b120 GetModuleFileNameA
0x42b124 FreeEnvironmentStringsW
0x42b128 WideCharToMultiByte
0x42b12c HeapCreate
0x42b130 QueryPerformanceCounter
0x42b134 GetCurrentProcessId
0x42b138 GetSystemTimeAsFileTime
0x42b13c GetConsoleCP
0x42b140 GetConsoleMode
0x42b144 GetCPInfo
0x42b148 GetACP
0x42b14c GetOEMCP
0x42b150 IsValidCodePage
0x42b154 MultiByteToWideChar
0x42b158 RtlUnwind
0x42b15c SetStdHandle
0x42b160 FlushFileBuffers
0x42b164 HeapSize
0x42b168 LoadLibraryW
0x42b16c WriteConsoleW
0x42b170 GetStringTypeW
0x42b174 CreateFileW
GDI32.dll
0x42b000 GetBitmapBits
EAT(Export Address Table) is none