ScreenShot
| Created | 2023.03.13 09:40 | Machine | s1_win7_x6403 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 28 detected (AIDetectNet, malicious, high confidence, Jaik, confidence, Kryptik, Eldorado, Attribute, HighConfidence, HSZN, score, Strab, high, ai score=83, Detected, BScope, R03BH0CCB23, fXvwJx5yjNH, Static AI, Suspicious PE, susgen) | ||
| md5 | bcae06ceab767b7cfe609336242afe02 | ||
| sha256 | fadf7ead90f9991fc48c3605e00461e0d6495cdb65ae6b97b6e3cb86f73cc9df | ||
| ssdeep | 49152:OrHfMapQaxQtWjWLEjTerPUDvW9o8u0pQLElB4I:OrHfMapQaxZjWLEnaUjo7u9LElH | ||
| imphash | a9e5f3ce5156d21424ffde8025e47b6e | ||
| impfuzzy | 24:arL45OovNMilJcDNdIaEZmfcdTR8hkwuHuOZRvlYblyryxFZeMjMSDtdtl/I:arL48BGaEZmfcdV8hGHWXrEEtdtl/I | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 28 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (8cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x5c2000 GetSystemDefaultLangID
0x5c2004 lstrlenA
0x5c2008 SetUnhandledExceptionFilter
0x5c200c GetCommandLineA
0x5c2010 LoadLibraryW
0x5c2014 GetExitCodeProcess
0x5c2018 CreateProcessA
0x5c201c GetTimeZoneInformation
0x5c2020 GetACP
0x5c2024 lstrlenW
0x5c2028 GetStartupInfoA
0x5c202c GetLastError
0x5c2030 SetLastError
0x5c2034 GetProcAddress
0x5c2038 VirtualAlloc
0x5c203c IsValidCodePage
0x5c2040 RemoveDirectoryA
0x5c2044 GetLargePageMinimum
0x5c2048 GetModuleHandleA
0x5c204c IsDebuggerPresent
0x5c2050 SetFileAttributesW
0x5c2054 FlushFileBuffers
0x5c2058 CloseHandle
0x5c205c GetStartupInfoW
0x5c2060 HeapValidate
0x5c2064 IsBadReadPtr
0x5c2068 RaiseException
0x5c206c TerminateProcess
0x5c2070 GetCurrentProcess
0x5c2074 UnhandledExceptionFilter
0x5c2078 DeleteCriticalSection
0x5c207c EnterCriticalSection
0x5c2080 LeaveCriticalSection
0x5c2084 GetModuleFileNameW
0x5c2088 QueryPerformanceCounter
0x5c208c GetTickCount
0x5c2090 GetCurrentThreadId
0x5c2094 GetCurrentProcessId
0x5c2098 GetSystemTimeAsFileTime
0x5c209c GetModuleHandleW
0x5c20a0 Sleep
0x5c20a4 InterlockedIncrement
0x5c20a8 InterlockedDecrement
0x5c20ac ExitProcess
0x5c20b0 FreeEnvironmentStringsW
0x5c20b4 GetEnvironmentStringsW
0x5c20b8 GetCommandLineW
0x5c20bc SetHandleCount
0x5c20c0 GetStdHandle
0x5c20c4 GetFileType
0x5c20c8 TlsGetValue
0x5c20cc TlsAlloc
0x5c20d0 TlsSetValue
0x5c20d4 TlsFree
0x5c20d8 HeapDestroy
0x5c20dc HeapCreate
0x5c20e0 HeapFree
0x5c20e4 VirtualFree
0x5c20e8 GetModuleFileNameA
0x5c20ec WriteFile
0x5c20f0 HeapAlloc
0x5c20f4 HeapSize
0x5c20f8 HeapReAlloc
0x5c20fc GetOEMCP
0x5c2100 GetCPInfo
0x5c2104 InitializeCriticalSectionAndSpinCount
0x5c2108 DebugBreak
0x5c210c OutputDebugStringA
0x5c2110 WriteConsoleW
0x5c2114 OutputDebugStringW
0x5c2118 RtlUnwind
0x5c211c LoadLibraryA
0x5c2120 WideCharToMultiByte
0x5c2124 MultiByteToWideChar
0x5c2128 LCMapStringA
0x5c212c LCMapStringW
0x5c2130 GetStringTypeA
0x5c2134 GetStringTypeW
0x5c2138 GetLocaleInfoA
0x5c213c SetFilePointer
0x5c2140 GetConsoleCP
0x5c2144 GetConsoleMode
0x5c2148 SetStdHandle
0x5c214c WriteConsoleA
0x5c2150 GetConsoleOutputCP
0x5c2154 CreateFileA
USER32.dll
0x5c215c GetLastActivePopup
0x5c2160 GetSysColor
0x5c2164 SetWindowPos
0x5c2168 OpenClipboard
0x5c216c OpenIcon
EAT(Export Address Table) is none
KERNEL32.dll
0x5c2000 GetSystemDefaultLangID
0x5c2004 lstrlenA
0x5c2008 SetUnhandledExceptionFilter
0x5c200c GetCommandLineA
0x5c2010 LoadLibraryW
0x5c2014 GetExitCodeProcess
0x5c2018 CreateProcessA
0x5c201c GetTimeZoneInformation
0x5c2020 GetACP
0x5c2024 lstrlenW
0x5c2028 GetStartupInfoA
0x5c202c GetLastError
0x5c2030 SetLastError
0x5c2034 GetProcAddress
0x5c2038 VirtualAlloc
0x5c203c IsValidCodePage
0x5c2040 RemoveDirectoryA
0x5c2044 GetLargePageMinimum
0x5c2048 GetModuleHandleA
0x5c204c IsDebuggerPresent
0x5c2050 SetFileAttributesW
0x5c2054 FlushFileBuffers
0x5c2058 CloseHandle
0x5c205c GetStartupInfoW
0x5c2060 HeapValidate
0x5c2064 IsBadReadPtr
0x5c2068 RaiseException
0x5c206c TerminateProcess
0x5c2070 GetCurrentProcess
0x5c2074 UnhandledExceptionFilter
0x5c2078 DeleteCriticalSection
0x5c207c EnterCriticalSection
0x5c2080 LeaveCriticalSection
0x5c2084 GetModuleFileNameW
0x5c2088 QueryPerformanceCounter
0x5c208c GetTickCount
0x5c2090 GetCurrentThreadId
0x5c2094 GetCurrentProcessId
0x5c2098 GetSystemTimeAsFileTime
0x5c209c GetModuleHandleW
0x5c20a0 Sleep
0x5c20a4 InterlockedIncrement
0x5c20a8 InterlockedDecrement
0x5c20ac ExitProcess
0x5c20b0 FreeEnvironmentStringsW
0x5c20b4 GetEnvironmentStringsW
0x5c20b8 GetCommandLineW
0x5c20bc SetHandleCount
0x5c20c0 GetStdHandle
0x5c20c4 GetFileType
0x5c20c8 TlsGetValue
0x5c20cc TlsAlloc
0x5c20d0 TlsSetValue
0x5c20d4 TlsFree
0x5c20d8 HeapDestroy
0x5c20dc HeapCreate
0x5c20e0 HeapFree
0x5c20e4 VirtualFree
0x5c20e8 GetModuleFileNameA
0x5c20ec WriteFile
0x5c20f0 HeapAlloc
0x5c20f4 HeapSize
0x5c20f8 HeapReAlloc
0x5c20fc GetOEMCP
0x5c2100 GetCPInfo
0x5c2104 InitializeCriticalSectionAndSpinCount
0x5c2108 DebugBreak
0x5c210c OutputDebugStringA
0x5c2110 WriteConsoleW
0x5c2114 OutputDebugStringW
0x5c2118 RtlUnwind
0x5c211c LoadLibraryA
0x5c2120 WideCharToMultiByte
0x5c2124 MultiByteToWideChar
0x5c2128 LCMapStringA
0x5c212c LCMapStringW
0x5c2130 GetStringTypeA
0x5c2134 GetStringTypeW
0x5c2138 GetLocaleInfoA
0x5c213c SetFilePointer
0x5c2140 GetConsoleCP
0x5c2144 GetConsoleMode
0x5c2148 SetStdHandle
0x5c214c WriteConsoleA
0x5c2150 GetConsoleOutputCP
0x5c2154 CreateFileA
USER32.dll
0x5c215c GetLastActivePopup
0x5c2160 GetSysColor
0x5c2164 SetWindowPos
0x5c2168 OpenClipboard
0x5c216c OpenIcon
EAT(Export Address Table) is none