popup

Report - vbc.exe

Malicious Library UPX PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2022.01.20 11:36 Machine s1_win7_x6401
Filename vbc.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
8.6
ZERO API file : malware
VT API (file) 36 detected (Remcos, DownLoader44, GenericKD, Unsafe, Eldorado, MalPbs, gen1, Delf, R002H0DAJ22, MalwareX, kcloud, Sabsik, DBatLoader, NASQ4Q, R466178, ai score=84, Malicious, Undefined, dGZlOgT1VMVrAwIPTA, susgen, EQPQ, GdSda, confidence, 100%)
md5 fe6c034412fb96a3d6e8f1c2d636041f
sha256 a7017af2c60c1c5bc06d07f88e12d3b471a8787e233969d92ac6048d303cd682
ssdeep 24576:xx5RK+onXkmS7OR6gPSshzLnDyXranXKT7vOGe:xx5M+Sbos9LDg
imphash 9277af176d806a0016d6f2aea1e276c8
impfuzzy 192:o13MDbuuaxSUvK9kmo1XyJeELLhF1QgPOQHq:C3maq9oI1BPOQK
  Network IP location

Signature (18cnts)

Level Description
danger File has been identified by 36 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Communicates with host for which no DNS query was performed
watch Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch Installs itself for autorun at Windows startup
watch Manipulates memory of a non-child process indicative of process injection
watch Network activity contains more than one unique useragent
watch One or more of the buffers contains an embedded PE file
watch Potential code injection by writing to the memory of another process
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice The binary likely contains encrypted or compressed data indicative of a packer
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (8cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://lqzdgq.db.files.1drv.com/y4my6_i6Vo73Yq6vIwB3zUDhBwyIcXciQ1huClBiYvXWt4vpQCBdUZmZExMO8Slm6CfTeqOL6PEXkZGqqEi5HjvMyIyQC8V3SDTe3shU5gOVL_-nhRvwOwKWwKiOgETomvEdbiahWHE1QmYjT-ROjfxqmEJ89hwDbPWIfmdxJMnQcF23vJGZ8IcIUuTf4GpTdtb0pYgZv59PYSGmKXQXdZX_g/Gdwe
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
https://onedrive.live.com/download?cid=C3C0A692803ED1E8&resid=C3C0A692803ED1E8%21114&authkey=ABw1EEf0w_1hKks
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.43.13 clean
https://lqzdgq.db.files.1drv.com/y4mWYlf095NA-ZFVYi4erSwAT-JwfFadhKMnnJJOuAUAIa9FIjXvlASc0BjsM7Zr3dHlJydvKTv0Zp8oJxjMFsOBnFTmBZD5_ueNGLv1YaPzudI6RrlYMJ-6FVTZnWSxO4JN8AJJ8O1tKLAw5TbDHwUYQPgD-z2o46zYxs7HQO5GZE4IO_ZLMNqmRzVY6kjeZuxNhSJ9e_clSTbV9ZTkjiQ5Q/Gdwe
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
lqzdgq.db.files.1drv.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 clean
onedrive.live.com
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.13 mailcious
13.107.43.13
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.43.13 mailcious
13.107.42.12
whois
US MICROSOFT-CORP-MSN-AS-BLOCK 13.107.42.12 malware
162.159.138.85
whois
Unknown 162.159.138.85 clean

Suricata ids

PE API

IAT(Import Address Table) Library

oleaut32.dll
 0x48c800 SysFreeString
 0x48c804 SysReAllocStringLen
 0x48c808 SysAllocStringLen
advapi32.dll
 0x48c810 RegQueryValueExA
 0x48c814 RegOpenKeyExA
 0x48c818 RegCloseKey
user32.dll
 0x48c820 GetKeyboardType
 0x48c824 DestroyWindow
 0x48c828 LoadStringA
 0x48c82c MessageBoxA
 0x48c830 CharNextA
kernel32.dll
 0x48c838 GetACP
 0x48c83c Sleep
 0x48c840 VirtualFree
 0x48c844 VirtualAlloc
 0x48c848 GetCurrentThreadId
 0x48c84c InterlockedDecrement
 0x48c850 InterlockedIncrement
 0x48c854 VirtualQuery
 0x48c858 WideCharToMultiByte
 0x48c85c MultiByteToWideChar
 0x48c860 lstrlenA
 0x48c864 lstrcpynA
 0x48c868 LoadLibraryExA
 0x48c86c GetThreadLocale
 0x48c870 GetStartupInfoA
 0x48c874 GetProcAddress
 0x48c878 GetModuleHandleA
 0x48c87c GetModuleFileNameA
 0x48c880 GetLocaleInfoA
 0x48c884 GetCommandLineA
 0x48c888 FreeLibrary
 0x48c88c FindFirstFileA
 0x48c890 FindClose
 0x48c894 ExitProcess
 0x48c898 CompareStringA
 0x48c89c WriteFile
 0x48c8a0 UnhandledExceptionFilter
 0x48c8a4 RtlUnwind
 0x48c8a8 RaiseException
 0x48c8ac GetStdHandle
kernel32.dll
 0x48c8b4 TlsSetValue
 0x48c8b8 TlsGetValue
 0x48c8bc LocalAlloc
 0x48c8c0 GetModuleHandleA
user32.dll
 0x48c8c8 CreateWindowExA
 0x48c8cc WindowFromPoint
 0x48c8d0 WaitMessage
 0x48c8d4 UpdateWindow
 0x48c8d8 UnregisterClassA
 0x48c8dc UnhookWindowsHookEx
 0x48c8e0 TranslateMessage
 0x48c8e4 TranslateMDISysAccel
 0x48c8e8 TrackPopupMenu
 0x48c8ec SystemParametersInfoA
 0x48c8f0 ShowWindow
 0x48c8f4 ShowScrollBar
 0x48c8f8 ShowOwnedPopups
 0x48c8fc SetWindowsHookExA
 0x48c900 SetWindowTextA
 0x48c904 SetWindowPos
 0x48c908 SetWindowPlacement
 0x48c90c SetWindowLongW
 0x48c910 SetWindowLongA
 0x48c914 SetTimer
 0x48c918 SetScrollRange
 0x48c91c SetScrollPos
 0x48c920 SetScrollInfo
 0x48c924 SetRect
 0x48c928 SetPropA
 0x48c92c SetParent
 0x48c930 SetMenuItemInfoA
 0x48c934 SetMenu
 0x48c938 SetForegroundWindow
 0x48c93c SetFocus
 0x48c940 SetCursor
 0x48c944 SetClassLongA
 0x48c948 SetCapture
 0x48c94c SetActiveWindow
 0x48c950 SendMessageW
 0x48c954 SendMessageA
 0x48c958 ScrollWindow
 0x48c95c ScreenToClient
 0x48c960 RemovePropA
 0x48c964 RemoveMenu
 0x48c968 ReleaseDC
 0x48c96c ReleaseCapture
 0x48c970 RegisterWindowMessageA
 0x48c974 RegisterClipboardFormatA
 0x48c978 RegisterClassA
 0x48c97c RedrawWindow
 0x48c980 PtInRect
 0x48c984 PostQuitMessage
 0x48c988 PostMessageA
 0x48c98c PeekMessageW
 0x48c990 PeekMessageA
 0x48c994 OffsetRect
 0x48c998 OemToCharA
 0x48c99c MessageBoxA
 0x48c9a0 MapWindowPoints
 0x48c9a4 MapVirtualKeyA
 0x48c9a8 LockWindowUpdate
 0x48c9ac LoadStringA
 0x48c9b0 LoadKeyboardLayoutA
 0x48c9b4 LoadIconA
 0x48c9b8 LoadCursorA
 0x48c9bc LoadBitmapA
 0x48c9c0 KillTimer
 0x48c9c4 IsZoomed
 0x48c9c8 IsWindowVisible
 0x48c9cc IsWindowUnicode
 0x48c9d0 IsWindowEnabled
 0x48c9d4 IsWindow
 0x48c9d8 IsRectEmpty
 0x48c9dc IsIconic
 0x48c9e0 IsDialogMessageW
 0x48c9e4 IsDialogMessageA
 0x48c9e8 IsChild
 0x48c9ec InvalidateRect
 0x48c9f0 IntersectRect
 0x48c9f4 InsertMenuItemA
 0x48c9f8 InsertMenuA
 0x48c9fc InflateRect
 0x48ca00 GetWindowThreadProcessId
 0x48ca04 GetWindowTextA
 0x48ca08 GetWindowRect
 0x48ca0c GetWindowPlacement
 0x48ca10 GetWindowLongW
 0x48ca14 GetWindowLongA
 0x48ca18 GetWindowDC
 0x48ca1c GetTopWindow
 0x48ca20 GetSystemMetrics
 0x48ca24 GetSystemMenu
 0x48ca28 GetSysColorBrush
 0x48ca2c GetSysColor
 0x48ca30 GetSubMenu
 0x48ca34 GetScrollRange
 0x48ca38 GetScrollPos
 0x48ca3c GetScrollInfo
 0x48ca40 GetPropA
 0x48ca44 GetParent
 0x48ca48 GetWindow
 0x48ca4c GetMessagePos
 0x48ca50 GetMenuStringA
 0x48ca54 GetMenuState
 0x48ca58 GetMenuItemInfoA
 0x48ca5c GetMenuItemID
 0x48ca60 GetMenuItemCount
 0x48ca64 GetMenu
 0x48ca68 GetLastActivePopup
 0x48ca6c GetKeyboardState
 0x48ca70 GetKeyboardLayoutNameA
 0x48ca74 GetKeyboardLayoutList
 0x48ca78 GetKeyboardLayout
 0x48ca7c GetKeyState
 0x48ca80 GetKeyNameTextA
 0x48ca84 GetIconInfo
 0x48ca88 GetForegroundWindow
 0x48ca8c GetFocus
 0x48ca90 GetDlgItem
 0x48ca94 GetDesktopWindow
 0x48ca98 GetDCEx
 0x48ca9c GetDC
 0x48caa0 GetCursorPos
 0x48caa4 GetCursor
 0x48caa8 GetClipboardData
 0x48caac GetClientRect
 0x48cab0 GetClassLongA
 0x48cab4 GetClassInfoA
 0x48cab8 GetCapture
 0x48cabc GetActiveWindow
 0x48cac0 FrameRect
 0x48cac4 FindWindowA
 0x48cac8 FillRect
 0x48cacc EqualRect
 0x48cad0 EnumWindows
 0x48cad4 EnumThreadWindows
 0x48cad8 EnumChildWindows
 0x48cadc EndPaint
 0x48cae0 EnableWindow
 0x48cae4 EnableScrollBar
 0x48cae8 EnableMenuItem
 0x48caec DrawTextA
 0x48caf0 DrawMenuBar
 0x48caf4 DrawIconEx
 0x48caf8 DrawIcon
 0x48cafc DrawFrameControl
 0x48cb00 DrawFocusRect
 0x48cb04 DrawEdge
 0x48cb08 DispatchMessageW
 0x48cb0c DispatchMessageA
 0x48cb10 DestroyWindow
 0x48cb14 DestroyMenu
 0x48cb18 DestroyIcon
 0x48cb1c DestroyCursor
 0x48cb20 DeleteMenu
 0x48cb24 DefWindowProcA
 0x48cb28 DefMDIChildProcA
 0x48cb2c DefFrameProcA
 0x48cb30 CreatePopupMenu
 0x48cb34 CreateMenu
 0x48cb38 CreateIcon
 0x48cb3c ClientToScreen
 0x48cb40 CheckMenuItem
 0x48cb44 CallWindowProcA
 0x48cb48 CallNextHookEx
 0x48cb4c BeginPaint
 0x48cb50 CharNextA
 0x48cb54 CharLowerBuffA
 0x48cb58 CharLowerA
 0x48cb5c CharToOemA
 0x48cb60 AdjustWindowRectEx
 0x48cb64 ActivateKeyboardLayout
msimg32.dll
 0x48cb6c GradientFill
gdi32.dll
 0x48cb74 UnrealizeObject
 0x48cb78 StretchBlt
 0x48cb7c SetWindowOrgEx
 0x48cb80 SetWinMetaFileBits
 0x48cb84 SetViewportOrgEx
 0x48cb88 SetTextColor
 0x48cb8c SetStretchBltMode
 0x48cb90 SetROP2
 0x48cb94 SetPixel
 0x48cb98 SetEnhMetaFileBits
 0x48cb9c SetDIBColorTable
 0x48cba0 SetBrushOrgEx
 0x48cba4 SetBkMode
 0x48cba8 SetBkColor
 0x48cbac SelectPalette
 0x48cbb0 SelectObject
 0x48cbb4 SaveDC
 0x48cbb8 RestoreDC
 0x48cbbc Rectangle
 0x48cbc0 RectVisible
 0x48cbc4 RealizePalette
 0x48cbc8 Polyline
 0x48cbcc Polygon
 0x48cbd0 PlayEnhMetaFile
 0x48cbd4 PatBlt
 0x48cbd8 MoveToEx
 0x48cbdc MaskBlt
 0x48cbe0 LineTo
 0x48cbe4 IntersectClipRect
 0x48cbe8 GetWindowOrgEx
 0x48cbec GetWinMetaFileBits
 0x48cbf0 GetTextMetricsA
 0x48cbf4 GetTextExtentPoint32A
 0x48cbf8 GetSystemPaletteEntries
 0x48cbfc GetStockObject
 0x48cc00 GetRgnBox
 0x48cc04 GetPixel
 0x48cc08 GetPaletteEntries
 0x48cc0c GetObjectA
 0x48cc10 GetEnhMetaFilePaletteEntries
 0x48cc14 GetEnhMetaFileHeader
 0x48cc18 GetEnhMetaFileBits
 0x48cc1c GetDeviceCaps
 0x48cc20 GetDIBits
 0x48cc24 GetDIBColorTable
 0x48cc28 GetDCOrgEx
 0x48cc2c GetCurrentPositionEx
 0x48cc30 GetClipBox
 0x48cc34 GetBrushOrgEx
 0x48cc38 GetBitmapBits
 0x48cc3c ExtTextOutA
 0x48cc40 ExcludeClipRect
 0x48cc44 DeleteObject
 0x48cc48 DeleteEnhMetaFile
 0x48cc4c DeleteDC
 0x48cc50 CreateSolidBrush
 0x48cc54 CreateRectRgn
 0x48cc58 CreatePenIndirect
 0x48cc5c CreatePalette
 0x48cc60 CreateHalftonePalette
 0x48cc64 CreateFontIndirectA
 0x48cc68 CreateDIBitmap
 0x48cc6c CreateDIBSection
 0x48cc70 CreateCompatibleDC
 0x48cc74 CreateCompatibleBitmap
 0x48cc78 CreateBrushIndirect
 0x48cc7c CreateBitmap
 0x48cc80 CopyEnhMetaFileA
 0x48cc84 CombineRgn
 0x48cc88 BitBlt
version.dll
 0x48cc90 VerQueryValueA
 0x48cc94 GetFileVersionInfoSizeA
 0x48cc98 GetFileVersionInfoA
kernel32.dll
 0x48cca0 lstrcpyA
 0x48cca4 WriteFile
 0x48cca8 WaitForSingleObject
 0x48ccac VirtualQuery
 0x48ccb0 VirtualProtect
 0x48ccb4 VirtualAlloc
 0x48ccb8 SizeofResource
 0x48ccbc SetThreadLocale
 0x48ccc0 SetFilePointer
 0x48ccc4 SetEvent
 0x48ccc8 SetErrorMode
 0x48cccc SetEndOfFile
 0x48ccd0 ResetEvent
 0x48ccd4 ReadFile
 0x48ccd8 MultiByteToWideChar
 0x48ccdc MulDiv
 0x48cce0 LockResource
 0x48cce4 LoadResource
 0x48cce8 LoadLibraryA
 0x48ccec LeaveCriticalSection
 0x48ccf0 InitializeCriticalSection
 0x48ccf4 GlobalFree
 0x48ccf8 GlobalFindAtomA
 0x48ccfc GlobalDeleteAtom
 0x48cd00 GlobalAlloc
 0x48cd04 GlobalAddAtomA
 0x48cd08 GetVersionExA
 0x48cd0c GetVersion
 0x48cd10 GetTickCount
 0x48cd14 GetThreadLocale
 0x48cd18 GetStdHandle
 0x48cd1c GetProcAddress
 0x48cd20 GetModuleHandleA
 0x48cd24 GetModuleFileNameA
 0x48cd28 GetLocaleInfoA
 0x48cd2c GetLocalTime
 0x48cd30 GetLastError
 0x48cd34 GetFullPathNameA
 0x48cd38 GetFileSize
 0x48cd3c GetDiskFreeSpaceA
 0x48cd40 GetDateFormatA
 0x48cd44 GetCurrentThreadId
 0x48cd48 GetCurrentProcessId
 0x48cd4c GetComputerNameA
 0x48cd50 GetCPInfo
 0x48cd54 FreeResource
 0x48cd58 InterlockedExchange
 0x48cd5c FreeLibrary
 0x48cd60 FormatMessageA
 0x48cd64 FindResourceA
 0x48cd68 EnumCalendarInfoA
 0x48cd6c EnterCriticalSection
 0x48cd70 DeleteCriticalSection
 0x48cd74 CreateThread
 0x48cd78 CreateFileA
 0x48cd7c CreateEventA
 0x48cd80 CompareStringA
 0x48cd84 CloseHandle
 0x48cd88 AllocConsole
 0x48cd8c AddAtomA
advapi32.dll
 0x48cd94 RegQueryValueExA
 0x48cd98 RegOpenKeyExA
 0x48cd9c RegFlushKey
 0x48cda0 RegCloseKey
oleaut32.dll
 0x48cda8 CreateErrorInfo
 0x48cdac GetErrorInfo
 0x48cdb0 SetErrorInfo
 0x48cdb4 GetActiveObject
 0x48cdb8 SysFreeString
ole32.dll
 0x48cdc0 OleUninitialize
 0x48cdc4 OleInitialize
 0x48cdc8 CoTaskMemFree
 0x48cdcc ProgIDFromCLSID
 0x48cdd0 StringFromCLSID
 0x48cdd4 CoCreateInstance
 0x48cdd8 CoUninitialize
 0x48cddc CoInitialize
 0x48cde0 IsEqualGUID
kernel32.dll
 0x48cde8 Sleep
oleaut32.dll
 0x48cdf0 SafeArrayPtrOfIndex
 0x48cdf4 SafeArrayGetUBound
 0x48cdf8 SafeArrayGetLBound
 0x48cdfc SafeArrayCreate
 0x48ce00 VariantChangeType
 0x48ce04 VariantCopy
 0x48ce08 VariantClear
 0x48ce0c VariantInit
comctl32.dll
 0x48ce14 _TrackMouseEvent
 0x48ce18 ImageList_SetIconSize
 0x48ce1c ImageList_GetIconSize
 0x48ce20 ImageList_Write
 0x48ce24 ImageList_Read
 0x48ce28 ImageList_GetDragImage
 0x48ce2c ImageList_DragShowNolock
 0x48ce30 ImageList_DragMove
 0x48ce34 ImageList_DragLeave
 0x48ce38 ImageList_DragEnter
 0x48ce3c ImageList_EndDrag
 0x48ce40 ImageList_BeginDrag
 0x48ce44 ImageList_Remove
 0x48ce48 ImageList_DrawEx
 0x48ce4c ImageList_Draw
 0x48ce50 ImageList_GetBkColor
 0x48ce54 ImageList_SetBkColor
 0x48ce58 ImageList_Add
 0x48ce5c ImageList_GetImageCount
 0x48ce60 ImageList_Destroy
 0x48ce64 ImageList_Create
 0x48ce68 InitCommonControls
shell32.dll
 0x48ce70 ShellExecuteA
comdlg32.dll
 0x48ce78 GetSaveFileNameA
 0x48ce7c GetOpenFileNameA

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure