ScreenShot
| Created | 2021.11.13 13:00 | Machine | s1_win7_x6403 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 47 detected (malicious, high confidence, Siggen15, Fragtor, Unsafe, Save, StopCrypt, confidence, 100%, ZexaF, mq0@aCnRF8gc, Kryptik, Eldorado, HNHG, Androm, TrojanX, saili@0, USMANKC21, Static AI, Malicious PE, kcloud, STOP, score, CoinMiner, Glupteba, R449804, Lockbit, FSWW, ai score=81, Generic@ML, RDMK, kcuovyNpfOe3i3DvaDXsDg, PossibleThreat, Genetic, susgen) | ||
| md5 | ad21e35c0fae8bdeda31a26faa028305 | ||
| sha256 | 8e08e11a06efa2ed04641873284bb209fc777f147fbe7188d10b442f8bc8e3d3 | ||
| ssdeep | 3072:+7w2TMYBl/zS+13gI2qow/Tqzf5LGG1d7FppZa9uD6Vdyhkx:mMYBl/zN3ghi/WzjRwVf | ||
| imphash | fff777f42c1e485850e1fdc0085a1692 | ||
| impfuzzy | 24:lkq+fwrf5u3qEVebG2ScH/JcDlmNrlCSR7oOov4bcjtOIlyv9217hI16EwaMTgfR:l8iQh10FCknNcjtVK903EwefR | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 47 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x41e008 ReadConsoleA
0x41e00c GetSystemWindowsDirectoryW
0x41e010 QueryPerformanceCounter
0x41e014 GetEnvironmentStringsW
0x41e018 SetConsoleScreenBufferSize
0x41e01c SleepEx
0x41e020 GetTickCount
0x41e024 GetProcessHeap
0x41e028 GetSystemTimeAsFileTime
0x41e02c GetConsoleCP
0x41e030 SetFileShortNameW
0x41e034 GetFirmwareEnvironmentVariableA
0x41e038 GetProcessHandleCount
0x41e03c InitAtomTable
0x41e040 DeleteVolumeMountPointW
0x41e044 HeapValidate
0x41e048 GetFileAttributesW
0x41e04c GetDefaultCommConfigW
0x41e050 WriteConsoleW
0x41e054 DeactivateActCtx
0x41e058 LCMapStringA
0x41e05c SetLastError
0x41e060 GetProcAddress
0x41e064 VirtualAlloc
0x41e068 BeginUpdateResourceW
0x41e06c BackupWrite
0x41e070 VirtualAllocEx
0x41e074 GetAtomNameA
0x41e078 LoadLibraryA
0x41e07c LocalAlloc
0x41e080 GetModuleFileNameA
0x41e084 GetConsoleCursorInfo
0x41e088 DeleteAtom
0x41e08c FindNextVolumeA
0x41e090 lstrcpyW
0x41e094 CommConfigDialogW
0x41e098 CreateFileW
0x41e09c GetLastError
0x41e0a0 HeapReAlloc
0x41e0a4 GetModuleHandleW
0x41e0a8 ExitProcess
0x41e0ac DecodePointer
0x41e0b0 GetCommandLineA
0x41e0b4 HeapSetInformation
0x41e0b8 GetStartupInfoW
0x41e0bc EncodePointer
0x41e0c0 IsProcessorFeaturePresent
0x41e0c4 HeapAlloc
0x41e0c8 EnterCriticalSection
0x41e0cc LeaveCriticalSection
0x41e0d0 UnhandledExceptionFilter
0x41e0d4 SetUnhandledExceptionFilter
0x41e0d8 IsDebuggerPresent
0x41e0dc TerminateProcess
0x41e0e0 GetCurrentProcess
0x41e0e4 SetHandleCount
0x41e0e8 GetStdHandle
0x41e0ec InitializeCriticalSectionAndSpinCount
0x41e0f0 GetFileType
0x41e0f4 DeleteCriticalSection
0x41e0f8 SetFilePointer
0x41e0fc HeapCreate
0x41e100 HeapFree
0x41e104 CloseHandle
0x41e108 LoadLibraryW
0x41e10c TlsAlloc
0x41e110 TlsGetValue
0x41e114 TlsSetValue
0x41e118 TlsFree
0x41e11c InterlockedIncrement
0x41e120 GetCurrentThreadId
0x41e124 InterlockedDecrement
0x41e128 WriteFile
0x41e12c GetModuleFileNameW
0x41e130 FreeEnvironmentStringsW
0x41e134 WideCharToMultiByte
0x41e138 GetCurrentProcessId
0x41e13c RaiseException
0x41e140 Sleep
0x41e144 GetCPInfo
0x41e148 GetACP
0x41e14c GetOEMCP
0x41e150 IsValidCodePage
0x41e154 RtlUnwind
0x41e158 SetStdHandle
0x41e15c GetConsoleMode
0x41e160 FlushFileBuffers
0x41e164 HeapSize
0x41e168 LCMapStringW
0x41e16c MultiByteToWideChar
0x41e170 GetStringTypeW
USER32.dll
0x41e178 ClipCursor
ADVAPI32.dll
0x41e000 AdjustTokenGroups
EAT(Export Address Table) is none
KERNEL32.dll
0x41e008 ReadConsoleA
0x41e00c GetSystemWindowsDirectoryW
0x41e010 QueryPerformanceCounter
0x41e014 GetEnvironmentStringsW
0x41e018 SetConsoleScreenBufferSize
0x41e01c SleepEx
0x41e020 GetTickCount
0x41e024 GetProcessHeap
0x41e028 GetSystemTimeAsFileTime
0x41e02c GetConsoleCP
0x41e030 SetFileShortNameW
0x41e034 GetFirmwareEnvironmentVariableA
0x41e038 GetProcessHandleCount
0x41e03c InitAtomTable
0x41e040 DeleteVolumeMountPointW
0x41e044 HeapValidate
0x41e048 GetFileAttributesW
0x41e04c GetDefaultCommConfigW
0x41e050 WriteConsoleW
0x41e054 DeactivateActCtx
0x41e058 LCMapStringA
0x41e05c SetLastError
0x41e060 GetProcAddress
0x41e064 VirtualAlloc
0x41e068 BeginUpdateResourceW
0x41e06c BackupWrite
0x41e070 VirtualAllocEx
0x41e074 GetAtomNameA
0x41e078 LoadLibraryA
0x41e07c LocalAlloc
0x41e080 GetModuleFileNameA
0x41e084 GetConsoleCursorInfo
0x41e088 DeleteAtom
0x41e08c FindNextVolumeA
0x41e090 lstrcpyW
0x41e094 CommConfigDialogW
0x41e098 CreateFileW
0x41e09c GetLastError
0x41e0a0 HeapReAlloc
0x41e0a4 GetModuleHandleW
0x41e0a8 ExitProcess
0x41e0ac DecodePointer
0x41e0b0 GetCommandLineA
0x41e0b4 HeapSetInformation
0x41e0b8 GetStartupInfoW
0x41e0bc EncodePointer
0x41e0c0 IsProcessorFeaturePresent
0x41e0c4 HeapAlloc
0x41e0c8 EnterCriticalSection
0x41e0cc LeaveCriticalSection
0x41e0d0 UnhandledExceptionFilter
0x41e0d4 SetUnhandledExceptionFilter
0x41e0d8 IsDebuggerPresent
0x41e0dc TerminateProcess
0x41e0e0 GetCurrentProcess
0x41e0e4 SetHandleCount
0x41e0e8 GetStdHandle
0x41e0ec InitializeCriticalSectionAndSpinCount
0x41e0f0 GetFileType
0x41e0f4 DeleteCriticalSection
0x41e0f8 SetFilePointer
0x41e0fc HeapCreate
0x41e100 HeapFree
0x41e104 CloseHandle
0x41e108 LoadLibraryW
0x41e10c TlsAlloc
0x41e110 TlsGetValue
0x41e114 TlsSetValue
0x41e118 TlsFree
0x41e11c InterlockedIncrement
0x41e120 GetCurrentThreadId
0x41e124 InterlockedDecrement
0x41e128 WriteFile
0x41e12c GetModuleFileNameW
0x41e130 FreeEnvironmentStringsW
0x41e134 WideCharToMultiByte
0x41e138 GetCurrentProcessId
0x41e13c RaiseException
0x41e140 Sleep
0x41e144 GetCPInfo
0x41e148 GetACP
0x41e14c GetOEMCP
0x41e150 IsValidCodePage
0x41e154 RtlUnwind
0x41e158 SetStdHandle
0x41e15c GetConsoleMode
0x41e160 FlushFileBuffers
0x41e164 HeapSize
0x41e168 LCMapStringW
0x41e16c MultiByteToWideChar
0x41e170 GetStringTypeW
USER32.dll
0x41e178 ClipCursor
ADVAPI32.dll
0x41e000 AdjustTokenGroups
EAT(Export Address Table) is none