ScreenShot
| Created | 2023.03.17 09:50 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 45 detected (AIDetectNet, Strab, malicious, high confidence, GenericKD, Artemis, Save, confidence, 100%, ZexaF, 7vX@aOE5XcbG, ABRisk, UQLX, score, DropperX, Oader, Tzfl, RHADAMANTHYS, YXDCNZ, eakhl, ai score=88, Sabsik, Casdet, Detected, R562533, BScope, Remcos, unsafe, Tpf88tZVTGP, Chgt) | ||
| md5 | b12fe6628b45145916f3d8c86238078c | ||
| sha256 | 090fdf318c2c642e77918b3c4bc5a0bf9ef62123bb5fb5091d633bd84156efdb | ||
| ssdeep | 49152:pey5hyBIZak9lkSRxUI1lH+Is9V8X5A0mSBNLPhbusJ6Cb:kyOIR9lDxBfwg51Nr7h686g | ||
| imphash | fa016816d9ac212c1e1a109c52a8a7b8 | ||
| impfuzzy | 24:ydWyOovQJcDMqv90pO2t4cRyvDhhJKSlRXfplFnBBwyzVESHl6U4vh:Tjs9P2t4VDTNXfpznBBwyzVESHl6UC | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 45 AntiVirus engines on VirusTotal as malicious |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (12cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (download) |
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (download) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x5b300c GetSystemDefaultUILanguage
0x5b3010 HeapAlloc
0x5b3014 LoadLibraryExW
0x5b3018 GetCurrentProcess
0x5b301c GetEnvironmentStringsW
0x5b3020 GetTickCount
0x5b3024 GetProcessHeap
0x5b3028 GetCommandLineA
0x5b302c TerminateProcess
0x5b3030 GetACP
0x5b3034 lstrlenW
0x5b3038 SetLastError
0x5b303c GetProcAddress
0x5b3040 lstrlenA
0x5b3044 LoadLibraryA
0x5b3048 GlobalMemoryStatusEx
0x5b304c GetOEMCP
0x5b3050 GetCurrentProcessId
0x5b3054 LCMapStringW
0x5b3058 LCMapStringA
0x5b305c GetStringTypeW
0x5b3060 MultiByteToWideChar
0x5b3064 GetStringTypeA
0x5b3068 SetPriorityClass
0x5b306c IsValidCodePage
0x5b3070 GetCommandLineW
0x5b3074 GetStartupInfoW
0x5b3078 UnhandledExceptionFilter
0x5b307c SetUnhandledExceptionFilter
0x5b3080 IsDebuggerPresent
0x5b3084 GetModuleHandleW
0x5b3088 Sleep
0x5b308c ExitProcess
0x5b3090 WriteFile
0x5b3094 GetStdHandle
0x5b3098 GetModuleFileNameA
0x5b309c GetModuleFileNameW
0x5b30a0 FreeEnvironmentStringsW
0x5b30a4 SetHandleCount
0x5b30a8 GetFileType
0x5b30ac GetStartupInfoA
0x5b30b0 DeleteCriticalSection
0x5b30b4 TlsGetValue
0x5b30b8 TlsAlloc
0x5b30bc TlsSetValue
0x5b30c0 TlsFree
0x5b30c4 InterlockedIncrement
0x5b30c8 GetCurrentThreadId
0x5b30cc GetLastError
0x5b30d0 InterlockedDecrement
0x5b30d4 HeapCreate
0x5b30d8 VirtualFree
0x5b30dc HeapFree
0x5b30e0 QueryPerformanceCounter
0x5b30e4 GetSystemTimeAsFileTime
0x5b30e8 LeaveCriticalSection
0x5b30ec EnterCriticalSection
0x5b30f0 InitializeCriticalSectionAndSpinCount
0x5b30f4 GetCPInfo
0x5b30f8 VirtualAlloc
0x5b30fc HeapReAlloc
0x5b3100 RtlUnwind
0x5b3104 HeapSize
0x5b3108 GetLocaleInfoA
0x5b310c WideCharToMultiByte
0x5b3110 RaiseException
USER32.dll
0x5b3118 GetMessageTime
0x5b311c FillRect
0x5b3120 GetTopWindow
0x5b3124 IsZoomed
0x5b3128 GetWindowTextLengthA
0x5b312c IsWindow
0x5b3130 SetClipboardData
0x5b3134 DialogBoxParamA
ADVAPI32.dll
0x5b3000 RegQueryInfoKeyA
0x5b3004 RegEnumValueA
ole32.dll
0x5b313c CoTaskMemFree
EAT(Export Address Table) is none
KERNEL32.dll
0x5b300c GetSystemDefaultUILanguage
0x5b3010 HeapAlloc
0x5b3014 LoadLibraryExW
0x5b3018 GetCurrentProcess
0x5b301c GetEnvironmentStringsW
0x5b3020 GetTickCount
0x5b3024 GetProcessHeap
0x5b3028 GetCommandLineA
0x5b302c TerminateProcess
0x5b3030 GetACP
0x5b3034 lstrlenW
0x5b3038 SetLastError
0x5b303c GetProcAddress
0x5b3040 lstrlenA
0x5b3044 LoadLibraryA
0x5b3048 GlobalMemoryStatusEx
0x5b304c GetOEMCP
0x5b3050 GetCurrentProcessId
0x5b3054 LCMapStringW
0x5b3058 LCMapStringA
0x5b305c GetStringTypeW
0x5b3060 MultiByteToWideChar
0x5b3064 GetStringTypeA
0x5b3068 SetPriorityClass
0x5b306c IsValidCodePage
0x5b3070 GetCommandLineW
0x5b3074 GetStartupInfoW
0x5b3078 UnhandledExceptionFilter
0x5b307c SetUnhandledExceptionFilter
0x5b3080 IsDebuggerPresent
0x5b3084 GetModuleHandleW
0x5b3088 Sleep
0x5b308c ExitProcess
0x5b3090 WriteFile
0x5b3094 GetStdHandle
0x5b3098 GetModuleFileNameA
0x5b309c GetModuleFileNameW
0x5b30a0 FreeEnvironmentStringsW
0x5b30a4 SetHandleCount
0x5b30a8 GetFileType
0x5b30ac GetStartupInfoA
0x5b30b0 DeleteCriticalSection
0x5b30b4 TlsGetValue
0x5b30b8 TlsAlloc
0x5b30bc TlsSetValue
0x5b30c0 TlsFree
0x5b30c4 InterlockedIncrement
0x5b30c8 GetCurrentThreadId
0x5b30cc GetLastError
0x5b30d0 InterlockedDecrement
0x5b30d4 HeapCreate
0x5b30d8 VirtualFree
0x5b30dc HeapFree
0x5b30e0 QueryPerformanceCounter
0x5b30e4 GetSystemTimeAsFileTime
0x5b30e8 LeaveCriticalSection
0x5b30ec EnterCriticalSection
0x5b30f0 InitializeCriticalSectionAndSpinCount
0x5b30f4 GetCPInfo
0x5b30f8 VirtualAlloc
0x5b30fc HeapReAlloc
0x5b3100 RtlUnwind
0x5b3104 HeapSize
0x5b3108 GetLocaleInfoA
0x5b310c WideCharToMultiByte
0x5b3110 RaiseException
USER32.dll
0x5b3118 GetMessageTime
0x5b311c FillRect
0x5b3120 GetTopWindow
0x5b3124 IsZoomed
0x5b3128 GetWindowTextLengthA
0x5b312c IsWindow
0x5b3130 SetClipboardData
0x5b3134 DialogBoxParamA
ADVAPI32.dll
0x5b3000 RegQueryInfoKeyA
0x5b3004 RegEnumValueA
ole32.dll
0x5b313c CoTaskMemFree
EAT(Export Address Table) is none