ScreenShot
| Created | 2021.11.11 12:35 | Machine | s1_win7_x6401 |
| Filename | VBC.EXE | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 41 detected (malicious, high confidence, score, GenericRXAA, Unsafe, Save, Fragtor, Kryptik, Eldorado, HNGM, Androm, MalwareX, Outbreak, kcloud, Azorult, ai score=88, R002H0CKA21, Generic@ML, RDML, 24hpgEJ7BhoRqq0yag, Static AI, Malicious PE, ZexaF, pq0@aykHwLaI, confidence, 100%, susgen) | ||
| md5 | b550e23e12e99746ced6f79b59c015bc | ||
| sha256 | 3adcd6bfdb97a238c80d0cf8554fe4cabc22c50e03bd16985f8fcc02deb90f05 | ||
| ssdeep | 3072:F7ecgDLAj8q4qZQdAGhCMdRYKK2MZpCyQtWrxpzbgqruXhs7sxkgaBChU/pZa9ul:7U68yZQdrPrYT0Tuzbgwu6QigabwVf | ||
| imphash | f6b674b76a065863a80dcff24fafdbed | ||
| impfuzzy | 24:6SNbG2SBkq+fma/qFLycDeu9jLjjfiOovVtlOcQnlyv9G45/J3IoBq7jM6KgwYu:6B1B8AF52tlOcIK9nhIJ/k | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41d008 CommConfigDialogA
0x41d00c GetDefaultCommConfigW
0x41d010 GetSystemWindowsDirectoryW
0x41d014 QueryPerformanceCounter
0x41d018 GetEnvironmentStringsW
0x41d01c SetConsoleScreenBufferSize
0x41d020 AddConsoleAliasW
0x41d024 BackupSeek
0x41d028 GetTickCount
0x41d02c GetProcessHeap
0x41d030 GetSystemTimeAsFileTime
0x41d034 ReadConsoleW
0x41d038 SizeofResource
0x41d03c GetProcessHandleCount
0x41d040 InitAtomTable
0x41d044 HeapValidate
0x41d048 GetModuleFileNameW
0x41d04c DeactivateActCtx
0x41d050 GetLastError
0x41d054 GetProcAddress
0x41d058 VirtualAlloc
0x41d05c HeapSize
0x41d060 BeginUpdateResourceW
0x41d064 GetFirmwareEnvironmentVariableW
0x41d068 LoadLibraryA
0x41d06c WriteConsoleA
0x41d070 LocalAlloc
0x41d074 GetProcessAffinityMask
0x41d078 GetConsoleCursorInfo
0x41d07c DeleteAtom
0x41d080 FindNextVolumeA
0x41d084 LCMapStringW
0x41d088 lstrcpyA
0x41d08c WriteConsoleW
0x41d090 GetAtomNameW
0x41d094 CreateFileW
0x41d098 HeapAlloc
0x41d09c EncodePointer
0x41d0a0 DecodePointer
0x41d0a4 GetCommandLineA
0x41d0a8 HeapSetInformation
0x41d0ac GetStartupInfoW
0x41d0b0 UnhandledExceptionFilter
0x41d0b4 SetUnhandledExceptionFilter
0x41d0b8 IsDebuggerPresent
0x41d0bc TerminateProcess
0x41d0c0 GetCurrentProcess
0x41d0c4 GetModuleHandleW
0x41d0c8 ExitProcess
0x41d0cc WriteFile
0x41d0d0 GetStdHandle
0x41d0d4 HeapCreate
0x41d0d8 Sleep
0x41d0dc EnterCriticalSection
0x41d0e0 LeaveCriticalSection
0x41d0e4 SetHandleCount
0x41d0e8 InitializeCriticalSectionAndSpinCount
0x41d0ec GetFileType
0x41d0f0 DeleteCriticalSection
0x41d0f4 SetFilePointer
0x41d0f8 HeapFree
0x41d0fc CloseHandle
0x41d100 GetModuleFileNameA
0x41d104 FreeEnvironmentStringsW
0x41d108 WideCharToMultiByte
0x41d10c TlsAlloc
0x41d110 TlsGetValue
0x41d114 TlsSetValue
0x41d118 TlsFree
0x41d11c InterlockedIncrement
0x41d120 SetLastError
0x41d124 GetCurrentThreadId
0x41d128 InterlockedDecrement
0x41d12c GetCurrentProcessId
0x41d130 LoadLibraryW
0x41d134 HeapReAlloc
0x41d138 RtlUnwind
0x41d13c GetCPInfo
0x41d140 GetACP
0x41d144 GetOEMCP
0x41d148 IsValidCodePage
0x41d14c SetStdHandle
0x41d150 GetConsoleCP
0x41d154 GetConsoleMode
0x41d158 FlushFileBuffers
0x41d15c RaiseException
0x41d160 IsProcessorFeaturePresent
0x41d164 MultiByteToWideChar
0x41d168 GetStringTypeW
USER32.dll
0x41d170 MessageBeep
ADVAPI32.dll
0x41d000 AdjustTokenGroups
EAT(Export Address Table) is none
KERNEL32.dll
0x41d008 CommConfigDialogA
0x41d00c GetDefaultCommConfigW
0x41d010 GetSystemWindowsDirectoryW
0x41d014 QueryPerformanceCounter
0x41d018 GetEnvironmentStringsW
0x41d01c SetConsoleScreenBufferSize
0x41d020 AddConsoleAliasW
0x41d024 BackupSeek
0x41d028 GetTickCount
0x41d02c GetProcessHeap
0x41d030 GetSystemTimeAsFileTime
0x41d034 ReadConsoleW
0x41d038 SizeofResource
0x41d03c GetProcessHandleCount
0x41d040 InitAtomTable
0x41d044 HeapValidate
0x41d048 GetModuleFileNameW
0x41d04c DeactivateActCtx
0x41d050 GetLastError
0x41d054 GetProcAddress
0x41d058 VirtualAlloc
0x41d05c HeapSize
0x41d060 BeginUpdateResourceW
0x41d064 GetFirmwareEnvironmentVariableW
0x41d068 LoadLibraryA
0x41d06c WriteConsoleA
0x41d070 LocalAlloc
0x41d074 GetProcessAffinityMask
0x41d078 GetConsoleCursorInfo
0x41d07c DeleteAtom
0x41d080 FindNextVolumeA
0x41d084 LCMapStringW
0x41d088 lstrcpyA
0x41d08c WriteConsoleW
0x41d090 GetAtomNameW
0x41d094 CreateFileW
0x41d098 HeapAlloc
0x41d09c EncodePointer
0x41d0a0 DecodePointer
0x41d0a4 GetCommandLineA
0x41d0a8 HeapSetInformation
0x41d0ac GetStartupInfoW
0x41d0b0 UnhandledExceptionFilter
0x41d0b4 SetUnhandledExceptionFilter
0x41d0b8 IsDebuggerPresent
0x41d0bc TerminateProcess
0x41d0c0 GetCurrentProcess
0x41d0c4 GetModuleHandleW
0x41d0c8 ExitProcess
0x41d0cc WriteFile
0x41d0d0 GetStdHandle
0x41d0d4 HeapCreate
0x41d0d8 Sleep
0x41d0dc EnterCriticalSection
0x41d0e0 LeaveCriticalSection
0x41d0e4 SetHandleCount
0x41d0e8 InitializeCriticalSectionAndSpinCount
0x41d0ec GetFileType
0x41d0f0 DeleteCriticalSection
0x41d0f4 SetFilePointer
0x41d0f8 HeapFree
0x41d0fc CloseHandle
0x41d100 GetModuleFileNameA
0x41d104 FreeEnvironmentStringsW
0x41d108 WideCharToMultiByte
0x41d10c TlsAlloc
0x41d110 TlsGetValue
0x41d114 TlsSetValue
0x41d118 TlsFree
0x41d11c InterlockedIncrement
0x41d120 SetLastError
0x41d124 GetCurrentThreadId
0x41d128 InterlockedDecrement
0x41d12c GetCurrentProcessId
0x41d130 LoadLibraryW
0x41d134 HeapReAlloc
0x41d138 RtlUnwind
0x41d13c GetCPInfo
0x41d140 GetACP
0x41d144 GetOEMCP
0x41d148 IsValidCodePage
0x41d14c SetStdHandle
0x41d150 GetConsoleCP
0x41d154 GetConsoleMode
0x41d158 FlushFileBuffers
0x41d15c RaiseException
0x41d160 IsProcessorFeaturePresent
0x41d164 MultiByteToWideChar
0x41d168 GetStringTypeW
USER32.dll
0x41d170 MessageBeep
ADVAPI32.dll
0x41d000 AdjustTokenGroups
EAT(Export Address Table) is none