ScreenShot
| Created | 2021.11.12 10:58 | Machine | s1_win7_x6403 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 29 detected (malicious, high confidence, GenericKD, Unsafe, Attribute, HighConfidence, Vbinder, Static AI, Malicious PE, Sabsik, Artemis, ai score=88, Score, ZevbaF, Dm3@aGxFFHli, confidence, 100%, susgen) | ||
| md5 | cab077fad804e27baf9256754bd848b3 | ||
| sha256 | 074135bb9026efbce79d86f3cf9f6eeb7304905cad07d594e3453eeed6f187de | ||
| ssdeep | 6144:vBMYXoufOfAZ/8tbayAZIxS6YnJRrQTaeQLWphDDuLxqLNweKRvj2W8TCy8bB:vBMYGfAy/YnJgZ0QLNw7Rr1c52 | ||
| imphash | a64c6e908e2c83802822128ba8ce8ade | ||
| impfuzzy | 96:nmOjvl5/l1BxQRQZUfPHbNwYY+kbHV1xJxYJ1WaW++QN2XaAbdBdZoRTwcAxgdoc:nL9opnk72yhg41g | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 29 AntiVirus engines on VirusTotal as malicious |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| info | One or more processes crashed |
Rules (7cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
MSVBVM60.DLL
0x401000 __vbaVarTstGt
0x401004 __vbaVarSub
0x401008 None
0x40100c __vbaStrI2
0x401010 __vbaR8ForNextCheck
0x401014 _CIcos
0x401018 _adj_fptan
0x40101c __vbaVarMove
0x401020 __vbaStrI4
0x401024 __vbaVarVargNofree
0x401028 __vbaCyMul
0x40102c __vbaAryMove
0x401030 __vbaFreeVar
0x401034 None
0x401038 __vbaStrVarMove
0x40103c __vbaLenBstr
0x401040 __vbaEnd
0x401044 __vbaFreeVarList
0x401048 _adj_fdiv_m64
0x40104c __vbaRaiseEvent
0x401050 __vbaFreeObjList
0x401054 None
0x401058 _adj_fprem1
0x40105c __vbaI4Sgn
0x401060 __vbaCopyBytes
0x401064 __vbaStrCat
0x401068 None
0x40106c __vbaSetSystemError
0x401070 __vbaLenBstrB
0x401074 __vbaHresultCheckObj
0x401078 __vbaVargVarCopy
0x40107c None
0x401080 __vbaLenVar
0x401084 _adj_fdiv_m32
0x401088 __vbaAryVar
0x40108c None
0x401090 __vbaAryDestruct
0x401094 None
0x401098 None
0x40109c __vbaExitProc
0x4010a0 __vbaStrBool
0x4010a4 __vbaBoolStr
0x4010a8 __vbaI4Abs
0x4010ac None
0x4010b0 __vbaCyAdd
0x4010b4 __vbaObjSet
0x4010b8 __vbaOnError
0x4010bc None
0x4010c0 _adj_fdiv_m16i
0x4010c4 __vbaObjSetAddref
0x4010c8 _adj_fdivr_m16i
0x4010cc __vbaVarIndexLoad
0x4010d0 None
0x4010d4 __vbaFpR4
0x4010d8 __vbaCyStr
0x4010dc __vbaBoolVar
0x4010e0 __vbaFpR8
0x4010e4 __vbaRefVarAry
0x4010e8 None
0x4010ec __vbaBoolVarNull
0x4010f0 _CIsin
0x4010f4 None
0x4010f8 __vbaErase
0x4010fc None
0x401100 __vbaVargVarMove
0x401104 __vbaChkstk
0x401108 None
0x40110c __vbaFileClose
0x401110 EVENT_SINK_AddRef
0x401114 None
0x401118 __vbaGenerateBoundsError
0x40111c None
0x401120 __vbaStrCmp
0x401124 __vbaGet3
0x401128 __vbaPutOwner3
0x40112c __vbaAryConstruct2
0x401130 __vbaVarTstEq
0x401134 __vbaCyI4
0x401138 None
0x40113c __vbaI2I4
0x401140 DllFunctionCall
0x401144 __vbaFpUI1
0x401148 __vbaCySub
0x40114c __vbaLbound
0x401150 __vbaRedimPreserve
0x401154 _adj_fpatan
0x401158 None
0x40115c __vbaR4Var
0x401160 __vbaLateIdCallLd
0x401164 __vbaRedim
0x401168 EVENT_SINK_Release
0x40116c None
0x401170 __vbaUI1I2
0x401174 _CIsqrt
0x401178 EVENT_SINK_QueryInterface
0x40117c __vbaUI1I4
0x401180 __vbaExceptHandler
0x401184 None
0x401188 __vbaPrintFile
0x40118c __vbaStrToUnicode
0x401190 None
0x401194 _adj_fprem
0x401198 _adj_fdivr_m64
0x40119c None
0x4011a0 __vbaI2Str
0x4011a4 None
0x4011a8 None
0x4011ac __vbaFPException
0x4011b0 None
0x4011b4 None
0x4011b8 __vbaInStrVar
0x4011bc __vbaGetOwner3
0x4011c0 __vbaUbound
0x4011c4 __vbaStrVarVal
0x4011c8 __vbaVarCat
0x4011cc __vbaMidStmtBstrB
0x4011d0 None
0x4011d4 None
0x4011d8 None
0x4011dc _CIlog
0x4011e0 __vbaErrorOverflow
0x4011e4 __vbaFileOpen
0x4011e8 __vbaInStr
0x4011ec None
0x4011f0 None
0x4011f4 __vbaR8Str
0x4011f8 __vbaVar2Vec
0x4011fc __vbaNew2
0x401200 _adj_fdiv_m32i
0x401204 None
0x401208 _adj_fdivr_m32i
0x40120c __vbaStrCopy
0x401210 None
0x401214 __vbaI4Str
0x401218 __vbaFreeStrList
0x40121c None
0x401220 _adj_fdivr_m32
0x401224 __vbaPowerR8
0x401228 _adj_fdiv_r
0x40122c None
0x401230 None
0x401234 None
0x401238 __vbaVarTstNe
0x40123c None
0x401240 __vbaI4Var
0x401244 None
0x401248 __vbaVarCmpEq
0x40124c __vbaAryLock
0x401250 __vbaVarAdd
0x401254 __vbaStrToAnsi
0x401258 __vbaVarDup
0x40125c None
0x401260 __vbaFpI2
0x401264 None
0x401268 __vbaVarCopy
0x40126c __vbaFpI4
0x401270 __vbaVarSetObjAddref
0x401274 None
0x401278 _CIatan
0x40127c None
0x401280 __vbaAryCopy
0x401284 __vbaStrMove
0x401288 __vbaCastObj
0x40128c __vbaR8IntI4
0x401290 __vbaI4Cy
0x401294 None
0x401298 _allmul
0x40129c _CItan
0x4012a0 __vbaAryUnlock
0x4012a4 __vbaFPInt
0x4012a8 __vbaFpCSngR8
0x4012ac _CIexp
0x4012b0 __vbaMidStmtBstr
0x4012b4 __vbaStrCy
0x4012b8 None
0x4012bc __vbaFreeStr
0x4012c0 __vbaFreeObj
0x4012c4 None
EAT(Export Address Table) is none
MSVBVM60.DLL
0x401000 __vbaVarTstGt
0x401004 __vbaVarSub
0x401008 None
0x40100c __vbaStrI2
0x401010 __vbaR8ForNextCheck
0x401014 _CIcos
0x401018 _adj_fptan
0x40101c __vbaVarMove
0x401020 __vbaStrI4
0x401024 __vbaVarVargNofree
0x401028 __vbaCyMul
0x40102c __vbaAryMove
0x401030 __vbaFreeVar
0x401034 None
0x401038 __vbaStrVarMove
0x40103c __vbaLenBstr
0x401040 __vbaEnd
0x401044 __vbaFreeVarList
0x401048 _adj_fdiv_m64
0x40104c __vbaRaiseEvent
0x401050 __vbaFreeObjList
0x401054 None
0x401058 _adj_fprem1
0x40105c __vbaI4Sgn
0x401060 __vbaCopyBytes
0x401064 __vbaStrCat
0x401068 None
0x40106c __vbaSetSystemError
0x401070 __vbaLenBstrB
0x401074 __vbaHresultCheckObj
0x401078 __vbaVargVarCopy
0x40107c None
0x401080 __vbaLenVar
0x401084 _adj_fdiv_m32
0x401088 __vbaAryVar
0x40108c None
0x401090 __vbaAryDestruct
0x401094 None
0x401098 None
0x40109c __vbaExitProc
0x4010a0 __vbaStrBool
0x4010a4 __vbaBoolStr
0x4010a8 __vbaI4Abs
0x4010ac None
0x4010b0 __vbaCyAdd
0x4010b4 __vbaObjSet
0x4010b8 __vbaOnError
0x4010bc None
0x4010c0 _adj_fdiv_m16i
0x4010c4 __vbaObjSetAddref
0x4010c8 _adj_fdivr_m16i
0x4010cc __vbaVarIndexLoad
0x4010d0 None
0x4010d4 __vbaFpR4
0x4010d8 __vbaCyStr
0x4010dc __vbaBoolVar
0x4010e0 __vbaFpR8
0x4010e4 __vbaRefVarAry
0x4010e8 None
0x4010ec __vbaBoolVarNull
0x4010f0 _CIsin
0x4010f4 None
0x4010f8 __vbaErase
0x4010fc None
0x401100 __vbaVargVarMove
0x401104 __vbaChkstk
0x401108 None
0x40110c __vbaFileClose
0x401110 EVENT_SINK_AddRef
0x401114 None
0x401118 __vbaGenerateBoundsError
0x40111c None
0x401120 __vbaStrCmp
0x401124 __vbaGet3
0x401128 __vbaPutOwner3
0x40112c __vbaAryConstruct2
0x401130 __vbaVarTstEq
0x401134 __vbaCyI4
0x401138 None
0x40113c __vbaI2I4
0x401140 DllFunctionCall
0x401144 __vbaFpUI1
0x401148 __vbaCySub
0x40114c __vbaLbound
0x401150 __vbaRedimPreserve
0x401154 _adj_fpatan
0x401158 None
0x40115c __vbaR4Var
0x401160 __vbaLateIdCallLd
0x401164 __vbaRedim
0x401168 EVENT_SINK_Release
0x40116c None
0x401170 __vbaUI1I2
0x401174 _CIsqrt
0x401178 EVENT_SINK_QueryInterface
0x40117c __vbaUI1I4
0x401180 __vbaExceptHandler
0x401184 None
0x401188 __vbaPrintFile
0x40118c __vbaStrToUnicode
0x401190 None
0x401194 _adj_fprem
0x401198 _adj_fdivr_m64
0x40119c None
0x4011a0 __vbaI2Str
0x4011a4 None
0x4011a8 None
0x4011ac __vbaFPException
0x4011b0 None
0x4011b4 None
0x4011b8 __vbaInStrVar
0x4011bc __vbaGetOwner3
0x4011c0 __vbaUbound
0x4011c4 __vbaStrVarVal
0x4011c8 __vbaVarCat
0x4011cc __vbaMidStmtBstrB
0x4011d0 None
0x4011d4 None
0x4011d8 None
0x4011dc _CIlog
0x4011e0 __vbaErrorOverflow
0x4011e4 __vbaFileOpen
0x4011e8 __vbaInStr
0x4011ec None
0x4011f0 None
0x4011f4 __vbaR8Str
0x4011f8 __vbaVar2Vec
0x4011fc __vbaNew2
0x401200 _adj_fdiv_m32i
0x401204 None
0x401208 _adj_fdivr_m32i
0x40120c __vbaStrCopy
0x401210 None
0x401214 __vbaI4Str
0x401218 __vbaFreeStrList
0x40121c None
0x401220 _adj_fdivr_m32
0x401224 __vbaPowerR8
0x401228 _adj_fdiv_r
0x40122c None
0x401230 None
0x401234 None
0x401238 __vbaVarTstNe
0x40123c None
0x401240 __vbaI4Var
0x401244 None
0x401248 __vbaVarCmpEq
0x40124c __vbaAryLock
0x401250 __vbaVarAdd
0x401254 __vbaStrToAnsi
0x401258 __vbaVarDup
0x40125c None
0x401260 __vbaFpI2
0x401264 None
0x401268 __vbaVarCopy
0x40126c __vbaFpI4
0x401270 __vbaVarSetObjAddref
0x401274 None
0x401278 _CIatan
0x40127c None
0x401280 __vbaAryCopy
0x401284 __vbaStrMove
0x401288 __vbaCastObj
0x40128c __vbaR8IntI4
0x401290 __vbaI4Cy
0x401294 None
0x401298 _allmul
0x40129c _CItan
0x4012a0 __vbaAryUnlock
0x4012a4 __vbaFPInt
0x4012a8 __vbaFpCSngR8
0x4012ac _CIexp
0x4012b0 __vbaMidStmtBstr
0x4012b4 __vbaStrCy
0x4012b8 None
0x4012bc __vbaFreeStr
0x4012c0 __vbaFreeObj
0x4012c4 None
EAT(Export Address Table) is none