popup

Report - vbc.exe

Malicious Library UPX PE File PE32
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2022.03.08 18:28 Machine s1_win7_x6403
Filename vbc.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
4
 Behavior Score
7.6
ZERO API file : malware
VT API (file) 21 detected (malicious, high confidence, Artemis, Unsafe, ERDG, FileRepMalware, Fareit, Static AI, Suspicious PE, moderate, score, BScope, TrojanPSW, Noon, CLOUD, susgen, RnkBend)
md5 f8f330f74629761c4d97721eb333ac38
sha256 b9ed36a21e09ff33bef163a4b8f5f041bcc51ef24b12b66e4192a3dc529ba5f5
ssdeep 12288:F9udXq5lwIfJhsVoyv6g2ddE8mgPJP89Q+zl/RRIlRfk:zudXehgWT4gPNmQ+hs7f
imphash ef548b3863419e317467c122fcc08ed7
impfuzzy 96:8cfpHYU3u0MJ4fXFVpNU8GV1k+YGbuu2RrSUvK9LemoWGqE9vDwPOQwZC:f3vTM1gGbuuArSUvK9amo1qE9MPOQwg
  Network IP location

Signature (16cnts)

Level Description
warning File has been identified by 21 AntiVirus engines on VirusTotal as malicious
watch Allocates execute permission to another process indicative of possible code injection
watch Creates a thread using CreateRemoteThread in a non-child process indicative of process injection
watch Installs itself for autorun at Windows startup
watch Manipulates memory of a non-child process indicative of process injection
watch Network activity contains more than one unique useragent
watch One or more of the buffers contains an embedded PE file
watch Potential code injection by writing to the memory of another process
notice Allocates read-write-execute memory (usually to unpack itself)
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
info One or more processes crashed
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The executable uses a known packer

Rules (4cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (33cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://www.sagedermatology.com/e3rs/?lnud=Txll_FO&Dz=BmVSufum30+1s4lK8YiwMjghnnMTkZAzSEhTOMstIaEgouylgvmW2x4JL0eg45ZsBeJi6OCm
whois
US SQUARESPACE 198.185.159.144 clean
http://www.oneowneronly.com/e3rs/?lnud=Txll_FO&Dz=Ei27cO4R/In4nCpRKe1X+vb6IhSQD7KJ8DOgqI0RS1UyrmbR2z2X6RwWjW3Zl1NqSx6QzXwL
whois
HK Shenzhen Katherine Heng Technology Information Co., Ltd. 154.196.11.183 13523 clean
http://www.glowestudiocreativo.com/e3rs/?Dz=HRF5cBwRaD2pnVjl04lDxZrQc/S39DKKmsOHQJEpf55iLBXquTeAPsbQ5KkbylXLeFPlZQnh&lnud=Txll_FO
whois
ES Soltia Consulting SL 185.156.219.142 clean
http://www.extremeentertainmentgroup.com/e3rs/?Dz=dEHKxiAhq2PUxljq/uCxdG1AAciJu6kRpaHoK7hwfjqBv1xsh7JTax04MQP6Pek+aK5HhDsd&lnud=Txll_FO
whois
US GOOGLE 34.117.168.233 13436 mailcious
http://www.xn--laufgefhl-w9a.com/e3rs/?lnud=Txll_FO&Dz=b8jJRQWfF4+OnEJERRv9IAKdrqQukcbHmYLMW0jk5XDvFKBqdxoMO++0Oe2bhe+XWL2/5s9y
whois
DE Strato AG 81.169.145.80 13440 mailcious
http://www.chegocheck.com/e3rs/?Dz=kBtv+8uMZDgJoctzJJlXxpvJV2xMrEWv2WqMq4iFDpTitVnQ5P6FBiXKhQGMvxSgf3VKVeJe&lnud=Txll_FO
whois
NL LeaseWeb Netherlands B.V. 81.171.22.7 clean
http://bondbuild.com.sg/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv/Unqhqorelnlojsbiqegzhsaqjoyrqez
whois
SG Vodien Internet Solutions Pte Ltd 101.100.211.101 13692 mailcious
http://www.padisarealtygroup.com/e3rs/?Dz=itKkYQ+bPiQagqfFS+Lsc+D5+JH3ErIfx0RJoaKqHvkqLFn0ydm1fEP6hkHSMACAxfdRCwUb&lnud=Txll_FO
whois
CA OVH SAS 142.44.146.49 clean
http://www.sutnsdmxq.icu/e3rs/?lnud=Txll_FO&Dz=lUbOt4rRqVssxqmaqZkhNrZPSjqmMN1b0lqH3KrFAoA/kAmkGoi9J+xDVaciNpXg1hW1+xPy
whois
US PONYNET 198.251.81.30 clean
http://www.eskomed.store/e3rs/?Dz=n3coydpyvxb1+U/IYEaNzLKm1axm1EDoNytGpqjnANqsfX5bFLlHi5W8VHT6sMi3TZZUH2tw&lnud=Txll_FO
whois
RU Beget LLC 87.236.16.206 clean
www.loneli.biz
whois
Unknown clean
www.extremeentertainmentgroup.com
whois
US GOOGLE 34.117.168.233 clean
www.padisarealtygroup.com
whois
CA OVH SAS 142.44.146.49 clean
www.chegocheck.com
whois
NL LeaseWeb Netherlands B.V. 81.171.22.7 clean
www.eskomed.store
whois
RU Beget LLC 87.236.16.206 clean
www.sailorswife.online
whois
Unknown clean
www.oneowneronly.com
whois
HK Shenzhen Katherine Heng Technology Information Co., Ltd. 154.196.11.183 clean
www.xn--laufgefhl-w9a.com
whois
DE Strato AG 81.169.145.80 clean
www.servos-sandbox.com
whois
Unknown clean
www.sagedermatology.com
whois
US SQUARESPACE 198.185.159.144 clean
www.sutnsdmxq.icu
whois
US PONYNET 198.251.81.30 clean
bondbuild.com.sg
whois
SG Vodien Internet Solutions Pte Ltd 101.100.211.101 mailcious
www.glowestudiocreativo.com
whois
ES Soltia Consulting SL 185.156.219.142 clean
198.251.84.92
whois
US PONYNET 198.251.84.92 mailcious
34.117.168.233
whois
US GOOGLE 34.117.168.233 mailcious
154.196.11.183
whois
HK Shenzhen Katherine Heng Technology Information Co., Ltd. 154.196.11.183 mailcious
101.100.211.101
whois
SG Vodien Internet Solutions Pte Ltd 101.100.211.101 mailcious
81.169.145.80
whois
DE Strato AG 81.169.145.80 mailcious
37.48.65.153
whois
NL LeaseWeb Netherlands B.V. 37.48.65.153 suspicious
87.236.16.206
whois
RU Beget LLC 87.236.16.206 malware
185.156.219.142
whois
ES Soltia Consulting SL 185.156.219.142 clean
142.44.146.49
whois
CA OVH SAS 142.44.146.49 clean
198.185.159.144
whois
US SQUARESPACE 198.185.159.144 mailcious

Suricata ids

ET INFO DNS Query for Suspicious .icu Domain
ET INFO Observed DNS Query to .biz TLD
ET MALWARE FormBook CnC Checkin (GET)

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x47b140 DeleteCriticalSection
 0x47b144 LeaveCriticalSection
 0x47b148 EnterCriticalSection
 0x47b14c InitializeCriticalSection
 0x47b150 VirtualFree
 0x47b154 VirtualAlloc
 0x47b158 LocalFree
 0x47b15c LocalAlloc
 0x47b160 GetVersion
 0x47b164 GetCurrentThreadId
 0x47b168 InterlockedDecrement
 0x47b16c InterlockedIncrement
 0x47b170 VirtualQuery
 0x47b174 WideCharToMultiByte
 0x47b178 MultiByteToWideChar
 0x47b17c lstrlenA
 0x47b180 lstrcpynA
 0x47b184 LoadLibraryExA
 0x47b188 GetThreadLocale
 0x47b18c GetStartupInfoA
 0x47b190 GetProcAddress
 0x47b194 GetModuleHandleA
 0x47b198 GetModuleFileNameA
 0x47b19c GetLocaleInfoA
 0x47b1a0 GetCommandLineA
 0x47b1a4 FreeLibrary
 0x47b1a8 FindFirstFileA
 0x47b1ac FindClose
 0x47b1b0 ExitProcess
 0x47b1b4 ExitThread
 0x47b1b8 CreateThread
 0x47b1bc WriteFile
 0x47b1c0 UnhandledExceptionFilter
 0x47b1c4 RtlUnwind
 0x47b1c8 RaiseException
 0x47b1cc GetStdHandle
user32.dll
 0x47b1d4 GetKeyboardType
 0x47b1d8 LoadStringA
 0x47b1dc MessageBoxA
 0x47b1e0 CharNextA
advapi32.dll
 0x47b1e8 RegQueryValueExA
 0x47b1ec RegOpenKeyExA
 0x47b1f0 RegCloseKey
oleaut32.dll
 0x47b1f8 SysFreeString
 0x47b1fc SysReAllocStringLen
 0x47b200 SysAllocStringLen
kernel32.dll
 0x47b208 TlsSetValue
 0x47b20c TlsGetValue
 0x47b210 LocalAlloc
 0x47b214 GetModuleHandleA
advapi32.dll
 0x47b21c RegQueryValueExA
 0x47b220 RegOpenKeyExA
 0x47b224 RegCloseKey
kernel32.dll
 0x47b22c lstrcpyA
 0x47b230 lstrcmpA
 0x47b234 WriteFile
 0x47b238 WideCharToMultiByte
 0x47b23c WaitForSingleObject
 0x47b240 VirtualQuery
 0x47b244 VirtualProtect
 0x47b248 VirtualAlloc
 0x47b24c TerminateProcess
 0x47b250 SuspendThread
 0x47b254 Sleep
 0x47b258 SizeofResource
 0x47b25c SetThreadLocale
 0x47b260 SetFilePointer
 0x47b264 SetEvent
 0x47b268 SetErrorMode
 0x47b26c SetEndOfFile
 0x47b270 ResumeThread
 0x47b274 ResetEvent
 0x47b278 ReadFile
 0x47b27c OpenProcess
 0x47b280 MulDiv
 0x47b284 LockResource
 0x47b288 LoadResource
 0x47b28c LoadLibraryW
 0x47b290 LoadLibraryA
 0x47b294 LeaveCriticalSection
 0x47b298 InitializeCriticalSection
 0x47b29c GlobalUnlock
 0x47b2a0 GlobalReAlloc
 0x47b2a4 GlobalHandle
 0x47b2a8 GlobalLock
 0x47b2ac GlobalFree
 0x47b2b0 GlobalFindAtomA
 0x47b2b4 GlobalDeleteAtom
 0x47b2b8 GlobalAlloc
 0x47b2bc GlobalAddAtomA
 0x47b2c0 GetVersionExA
 0x47b2c4 GetVersion
 0x47b2c8 GetTickCount
 0x47b2cc GetThreadLocale
 0x47b2d0 GetSystemInfo
 0x47b2d4 GetStringTypeExA
 0x47b2d8 GetStdHandle
 0x47b2dc GetProcAddress
 0x47b2e0 GetModuleHandleA
 0x47b2e4 GetModuleFileNameA
 0x47b2e8 GetLocaleInfoA
 0x47b2ec GetLocalTime
 0x47b2f0 GetLastError
 0x47b2f4 GetFullPathNameA
 0x47b2f8 GetExitCodeThread
 0x47b2fc GetDiskFreeSpaceA
 0x47b300 GetDateFormatA
 0x47b304 GetCurrentThreadId
 0x47b308 GetCurrentProcessId
 0x47b30c GetCurrentProcess
 0x47b310 GetCPInfo
 0x47b314 GetACP
 0x47b318 FreeResource
 0x47b31c InterlockedIncrement
 0x47b320 InterlockedExchange
 0x47b324 InterlockedDecrement
 0x47b328 FreeLibrary
 0x47b32c FormatMessageA
 0x47b330 FlushInstructionCache
 0x47b334 FindResourceA
 0x47b338 FindNextFileA
 0x47b33c FindNextChangeNotification
 0x47b340 FindFirstFileA
 0x47b344 FindFirstChangeNotificationA
 0x47b348 FindCloseChangeNotification
 0x47b34c FindClose
 0x47b350 EnumCalendarInfoA
 0x47b354 EnterCriticalSection
 0x47b358 DeleteCriticalSection
 0x47b35c CreateThread
 0x47b360 CreateFileA
 0x47b364 CreateEventA
 0x47b368 CompareStringA
 0x47b36c CloseHandle
 0x47b370 AddAtomW
 0x47b374 AddAtomA
version.dll
 0x47b37c VerQueryValueA
 0x47b380 GetFileVersionInfoSizeA
 0x47b384 GetFileVersionInfoA
gdi32.dll
 0x47b38c UnrealizeObject
 0x47b390 StretchBlt
 0x47b394 SetWindowOrgEx
 0x47b398 SetViewportOrgEx
 0x47b39c SetTextColor
 0x47b3a0 SetStretchBltMode
 0x47b3a4 SetROP2
 0x47b3a8 SetPixel
 0x47b3ac SetDIBColorTable
 0x47b3b0 SetBrushOrgEx
 0x47b3b4 SetBkMode
 0x47b3b8 SetBkColor
 0x47b3bc SelectPalette
 0x47b3c0 SelectObject
 0x47b3c4 SelectClipRgn
 0x47b3c8 SaveDC
 0x47b3cc RestoreDC
 0x47b3d0 Rectangle
 0x47b3d4 RectVisible
 0x47b3d8 RealizePalette
 0x47b3dc Polyline
 0x47b3e0 PatBlt
 0x47b3e4 MoveToEx
 0x47b3e8 MaskBlt
 0x47b3ec LineTo
 0x47b3f0 IntersectClipRect
 0x47b3f4 GetWindowOrgEx
 0x47b3f8 GetTextMetricsA
 0x47b3fc GetTextExtentPoint32A
 0x47b400 GetSystemPaletteEntries
 0x47b404 GetStockObject
 0x47b408 GetPixel
 0x47b40c GetPaletteEntries
 0x47b410 GetObjectA
 0x47b414 GetDeviceCaps
 0x47b418 GetDIBits
 0x47b41c GetDIBColorTable
 0x47b420 GetDCOrgEx
 0x47b424 GetCurrentPositionEx
 0x47b428 GetClipBox
 0x47b42c GetBrushOrgEx
 0x47b430 GetBitmapBits
 0x47b434 ExtTextOutA
 0x47b438 ExcludeClipRect
 0x47b43c DeleteObject
 0x47b440 DeleteDC
 0x47b444 CreateSolidBrush
 0x47b448 CreatePenIndirect
 0x47b44c CreatePalette
 0x47b450 CreateHalftonePalette
 0x47b454 CreateFontIndirectA
 0x47b458 CreateDIBitmap
 0x47b45c CreateDIBSection
 0x47b460 CreateCompatibleDC
 0x47b464 CreateCompatibleBitmap
 0x47b468 CreateBrushIndirect
 0x47b46c CreateBitmap
 0x47b470 BitBlt
user32.dll
 0x47b478 CreateWindowExA
 0x47b47c WindowFromPoint
 0x47b480 WinHelpA
 0x47b484 WaitMessage
 0x47b488 UpdateWindow
 0x47b48c UnregisterClassA
 0x47b490 UnhookWindowsHookEx
 0x47b494 TranslateMessage
 0x47b498 TranslateMDISysAccel
 0x47b49c TrackPopupMenu
 0x47b4a0 SystemParametersInfoA
 0x47b4a4 ShowWindow
 0x47b4a8 ShowScrollBar
 0x47b4ac ShowOwnedPopups
 0x47b4b0 ShowCursor
 0x47b4b4 SetWindowsHookExA
 0x47b4b8 SetWindowTextA
 0x47b4bc SetWindowPos
 0x47b4c0 SetWindowPlacement
 0x47b4c4 SetWindowLongA
 0x47b4c8 SetTimer
 0x47b4cc SetScrollRange
 0x47b4d0 SetScrollPos
 0x47b4d4 SetScrollInfo
 0x47b4d8 SetRect
 0x47b4dc SetPropA
 0x47b4e0 SetParent
 0x47b4e4 SetMenuItemInfoA
 0x47b4e8 SetMenu
 0x47b4ec SetForegroundWindow
 0x47b4f0 SetFocus
 0x47b4f4 SetCursor
 0x47b4f8 SetClassLongA
 0x47b4fc SetCapture
 0x47b500 SetActiveWindow
 0x47b504 SendMessageA
 0x47b508 ScrollWindow
 0x47b50c ScreenToClient
 0x47b510 RemovePropA
 0x47b514 RemoveMenu
 0x47b518 ReleaseDC
 0x47b51c ReleaseCapture
 0x47b520 RegisterWindowMessageA
 0x47b524 RegisterClipboardFormatA
 0x47b528 RegisterClassA
 0x47b52c RedrawWindow
 0x47b530 PtInRect
 0x47b534 PostQuitMessage
 0x47b538 PostMessageA
 0x47b53c PeekMessageA
 0x47b540 OffsetRect
 0x47b544 OemToCharA
 0x47b548 MsgWaitForMultipleObjects
 0x47b54c MessageBoxA
 0x47b550 MapWindowPoints
 0x47b554 MapVirtualKeyA
 0x47b558 LoadStringA
 0x47b55c LoadKeyboardLayoutA
 0x47b560 LoadImageA
 0x47b564 LoadIconA
 0x47b568 LoadCursorA
 0x47b56c LoadBitmapA
 0x47b570 KillTimer
 0x47b574 IsZoomed
 0x47b578 IsWindowVisible
 0x47b57c IsWindowEnabled
 0x47b580 IsWindow
 0x47b584 IsRectEmpty
 0x47b588 IsIconic
 0x47b58c IsDialogMessageA
 0x47b590 IsChild
 0x47b594 InvalidateRect
 0x47b598 IntersectRect
 0x47b59c InsertMenuItemA
 0x47b5a0 InsertMenuA
 0x47b5a4 InflateRect
 0x47b5a8 GetWindowThreadProcessId
 0x47b5ac GetWindowTextA
 0x47b5b0 GetWindowRect
 0x47b5b4 GetWindowPlacement
 0x47b5b8 GetWindowLongA
 0x47b5bc GetWindowDC
 0x47b5c0 GetTopWindow
 0x47b5c4 GetSystemMetrics
 0x47b5c8 GetSystemMenu
 0x47b5cc GetSysColorBrush
 0x47b5d0 GetSysColor
 0x47b5d4 GetSubMenu
 0x47b5d8 GetScrollRange
 0x47b5dc GetScrollPos
 0x47b5e0 GetScrollInfo
 0x47b5e4 GetPropA
 0x47b5e8 GetParent
 0x47b5ec GetWindow
 0x47b5f0 GetMessagePos
 0x47b5f4 GetMenuStringA
 0x47b5f8 GetMenuState
 0x47b5fc GetMenuItemInfoA
 0x47b600 GetMenuItemID
 0x47b604 GetMenuItemCount
 0x47b608 GetMenu
 0x47b60c GetLastActivePopup
 0x47b610 GetKeyboardState
 0x47b614 GetKeyboardLayoutList
 0x47b618 GetKeyboardLayout
 0x47b61c GetKeyState
 0x47b620 GetKeyNameTextA
 0x47b624 GetIconInfo
 0x47b628 GetForegroundWindow
 0x47b62c GetFocus
 0x47b630 GetDesktopWindow
 0x47b634 GetDCEx
 0x47b638 GetDC
 0x47b63c GetCursorPos
 0x47b640 GetCursor
 0x47b644 GetClientRect
 0x47b648 GetClassNameA
 0x47b64c GetClassLongA
 0x47b650 GetClassInfoA
 0x47b654 GetCapture
 0x47b658 GetActiveWindow
 0x47b65c FrameRect
 0x47b660 FindWindowA
 0x47b664 FillRect
 0x47b668 EqualRect
 0x47b66c EnumWindows
 0x47b670 EnumThreadWindows
 0x47b674 EnumPropsA
 0x47b678 EnumChildWindows
 0x47b67c EndPaint
 0x47b680 EnableWindow
 0x47b684 EnableScrollBar
 0x47b688 EnableMenuItem
 0x47b68c DrawTextA
 0x47b690 DrawMenuBar
 0x47b694 DrawIconEx
 0x47b698 DrawIcon
 0x47b69c DrawFrameControl
 0x47b6a0 DrawFocusRect
 0x47b6a4 DrawEdge
 0x47b6a8 DispatchMessageA
 0x47b6ac DestroyWindow
 0x47b6b0 DestroyMenu
 0x47b6b4 DestroyIcon
 0x47b6b8 DestroyCursor
 0x47b6bc DeleteMenu
 0x47b6c0 DefWindowProcA
 0x47b6c4 DefMDIChildProcA
 0x47b6c8 DefFrameProcA
 0x47b6cc CreatePopupMenu
 0x47b6d0 CreateMenu
 0x47b6d4 CreateIcon
 0x47b6d8 ClientToScreen
 0x47b6dc ChildWindowFromPoint
 0x47b6e0 CheckMenuItem
 0x47b6e4 CallWindowProcA
 0x47b6e8 CallNextHookEx
 0x47b6ec BeginPaint
 0x47b6f0 CharNextA
 0x47b6f4 CharLowerA
 0x47b6f8 CharToOemA
 0x47b6fc AdjustWindowRectEx
 0x47b700 ActivateKeyboardLayout
kernel32.dll
 0x47b708 Sleep
oleaut32.dll
 0x47b710 SafeArrayPtrOfIndex
 0x47b714 SafeArrayGetUBound
 0x47b718 SafeArrayGetLBound
 0x47b71c SafeArrayCreate
 0x47b720 VariantChangeType
 0x47b724 VariantCopy
 0x47b728 VariantClear
 0x47b72c VariantInit
ole32.dll
 0x47b734 CoTaskMemAlloc
 0x47b738 CoCreateInstance
 0x47b73c CoUninitialize
 0x47b740 CoInitialize
comctl32.dll
 0x47b748 ImageList_SetIconSize
 0x47b74c ImageList_GetIconSize
 0x47b750 ImageList_Write
 0x47b754 ImageList_Read
 0x47b758 ImageList_GetDragImage
 0x47b75c ImageList_DragShowNolock
 0x47b760 ImageList_SetDragCursorImage
 0x47b764 ImageList_DragMove
 0x47b768 ImageList_DragLeave
 0x47b76c ImageList_DragEnter
 0x47b770 ImageList_EndDrag
 0x47b774 ImageList_BeginDrag
 0x47b778 ImageList_Remove
 0x47b77c ImageList_DrawEx
 0x47b780 ImageList_Replace
 0x47b784 ImageList_Draw
 0x47b788 ImageList_GetBkColor
 0x47b78c ImageList_SetBkColor
 0x47b790 ImageList_ReplaceIcon
 0x47b794 ImageList_Add
 0x47b798 ImageList_SetImageCount
 0x47b79c ImageList_GetImageCount
 0x47b7a0 ImageList_Destroy
 0x47b7a4 ImageList_Create
 0x47b7a8 InitCommonControls
shell32.dll
 0x47b7b0 ExtractIconA

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure