ScreenShot
| Created | 2023.03.17 17:52 | Machine | s1_win7_x6403 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 20 detected (malicious, high confidence, Artemis, MachineLearning, Anomalous, confidence, Attribute, HighConfidence, GenKryptik, GHRQ, Strab, CrypterX, Generic ML PUA, moderate, score, Sabsik, BScope, unsafe, R002H0DCG23, Generic@AI, RDML, 1aPk7u9HVCEW+s, lBjcdqQ, susgen) | ||
| md5 | 0d6f619554c6de06992c444d8b3c9a74 | ||
| sha256 | c29ac11a91f5f0d9af18e4c5845abb6e024fe682e1287e76ccd6efc218240269 | ||
| ssdeep | 49152:mzJAxzft/ePFG/o0b6AWXP/mfmeWQiN42uky4ZEzS9KXZ:mFAxDVePFG/o0bPWXPupPiPuky40QKJ | ||
| imphash | 5044024844498395d0e63ba22bbd9978 | ||
| impfuzzy | 48:or1pZr0PcpVTTG9m06tTlZx64RArzlvplF:orfp0PcpVfG9mLtTZ644L | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 20 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x5c300c GetUserDefaultLangID
0x5c3010 TlsSetValue
0x5c3014 GlobalAlloc
0x5c3018 LoadLibraryW
0x5c301c GetModuleFileNameW
0x5c3020 GetACP
0x5c3024 lstrlenW
0x5c3028 SetLastError
0x5c302c lstrcmpiA
0x5c3030 GetProcAddress
0x5c3034 VirtualAlloc
0x5c3038 QueueUserAPC
0x5c303c IsValidCodePage
0x5c3040 GetCurrentProcess
0x5c3044 GetLargePageMinimum
0x5c3048 GetModuleHandleA
0x5c304c FreeEnvironmentStringsW
0x5c3050 CompareStringA
0x5c3054 GetThreadUILanguage
0x5c3058 CloseHandle
0x5c305c SetStdHandle
0x5c3060 FlushFileBuffers
0x5c3064 SetFilePointerEx
0x5c3068 GetConsoleMode
0x5c306c GetConsoleCP
0x5c3070 GetStringTypeW
0x5c3074 lstrlenA
0x5c3078 LockResource
0x5c307c TryEnterCriticalSection
0x5c3080 InterlockedIncrement
0x5c3084 InterlockedDecrement
0x5c3088 EnterCriticalSection
0x5c308c LeaveCriticalSection
0x5c3090 InitializeCriticalSectionEx
0x5c3094 DeleteCriticalSection
0x5c3098 EncodePointer
0x5c309c DecodePointer
0x5c30a0 IsDebuggerPresent
0x5c30a4 IsProcessorFeaturePresent
0x5c30a8 GetCommandLineA
0x5c30ac RaiseException
0x5c30b0 RtlUnwind
0x5c30b4 GetModuleHandleExW
0x5c30b8 InitializeCriticalSectionAndSpinCount
0x5c30bc GetLastError
0x5c30c0 ExitProcess
0x5c30c4 MultiByteToWideChar
0x5c30c8 HeapValidate
0x5c30cc GetSystemInfo
0x5c30d0 GetStdHandle
0x5c30d4 WriteFile
0x5c30d8 UnhandledExceptionFilter
0x5c30dc SetUnhandledExceptionFilter
0x5c30e0 FlsAlloc
0x5c30e4 FlsGetValue
0x5c30e8 FlsSetValue
0x5c30ec FlsFree
0x5c30f0 TerminateProcess
0x5c30f4 GetStartupInfoW
0x5c30f8 GetModuleHandleW
0x5c30fc GetCurrentThreadId
0x5c3100 GetProcessHeap
0x5c3104 GetFileType
0x5c3108 InitOnceExecuteOnce
0x5c310c GetModuleFileNameA
0x5c3110 QueryPerformanceCounter
0x5c3114 GetSystemTimeAsFileTime
0x5c3118 GetTickCount64
0x5c311c GetEnvironmentStringsW
0x5c3120 WideCharToMultiByte
0x5c3124 OutputDebugStringW
0x5c3128 WaitForSingleObjectEx
0x5c312c CreateThread
0x5c3130 LoadLibraryExW
0x5c3134 OutputDebugStringA
0x5c3138 WriteConsoleW
0x5c313c GetOEMCP
0x5c3140 GetCPInfo
0x5c3144 HeapFree
0x5c3148 HeapReAlloc
0x5c314c HeapSize
0x5c3150 HeapQueryInformation
0x5c3154 HeapAlloc
0x5c3158 LCMapStringEx
0x5c315c CreateFileW
USER32.dll
0x5c3164 GetDesktopWindow
0x5c3168 SetWindowPos
0x5c316c FindWindowA
0x5c3170 SetDlgItemTextA
0x5c3174 GetShellWindow
0x5c3178 OpenIcon
GDI32.dll
0x5c3000 SelectObject
0x5c3004 DeleteObject
EAT(Export Address Table) is none
KERNEL32.dll
0x5c300c GetUserDefaultLangID
0x5c3010 TlsSetValue
0x5c3014 GlobalAlloc
0x5c3018 LoadLibraryW
0x5c301c GetModuleFileNameW
0x5c3020 GetACP
0x5c3024 lstrlenW
0x5c3028 SetLastError
0x5c302c lstrcmpiA
0x5c3030 GetProcAddress
0x5c3034 VirtualAlloc
0x5c3038 QueueUserAPC
0x5c303c IsValidCodePage
0x5c3040 GetCurrentProcess
0x5c3044 GetLargePageMinimum
0x5c3048 GetModuleHandleA
0x5c304c FreeEnvironmentStringsW
0x5c3050 CompareStringA
0x5c3054 GetThreadUILanguage
0x5c3058 CloseHandle
0x5c305c SetStdHandle
0x5c3060 FlushFileBuffers
0x5c3064 SetFilePointerEx
0x5c3068 GetConsoleMode
0x5c306c GetConsoleCP
0x5c3070 GetStringTypeW
0x5c3074 lstrlenA
0x5c3078 LockResource
0x5c307c TryEnterCriticalSection
0x5c3080 InterlockedIncrement
0x5c3084 InterlockedDecrement
0x5c3088 EnterCriticalSection
0x5c308c LeaveCriticalSection
0x5c3090 InitializeCriticalSectionEx
0x5c3094 DeleteCriticalSection
0x5c3098 EncodePointer
0x5c309c DecodePointer
0x5c30a0 IsDebuggerPresent
0x5c30a4 IsProcessorFeaturePresent
0x5c30a8 GetCommandLineA
0x5c30ac RaiseException
0x5c30b0 RtlUnwind
0x5c30b4 GetModuleHandleExW
0x5c30b8 InitializeCriticalSectionAndSpinCount
0x5c30bc GetLastError
0x5c30c0 ExitProcess
0x5c30c4 MultiByteToWideChar
0x5c30c8 HeapValidate
0x5c30cc GetSystemInfo
0x5c30d0 GetStdHandle
0x5c30d4 WriteFile
0x5c30d8 UnhandledExceptionFilter
0x5c30dc SetUnhandledExceptionFilter
0x5c30e0 FlsAlloc
0x5c30e4 FlsGetValue
0x5c30e8 FlsSetValue
0x5c30ec FlsFree
0x5c30f0 TerminateProcess
0x5c30f4 GetStartupInfoW
0x5c30f8 GetModuleHandleW
0x5c30fc GetCurrentThreadId
0x5c3100 GetProcessHeap
0x5c3104 GetFileType
0x5c3108 InitOnceExecuteOnce
0x5c310c GetModuleFileNameA
0x5c3110 QueryPerformanceCounter
0x5c3114 GetSystemTimeAsFileTime
0x5c3118 GetTickCount64
0x5c311c GetEnvironmentStringsW
0x5c3120 WideCharToMultiByte
0x5c3124 OutputDebugStringW
0x5c3128 WaitForSingleObjectEx
0x5c312c CreateThread
0x5c3130 LoadLibraryExW
0x5c3134 OutputDebugStringA
0x5c3138 WriteConsoleW
0x5c313c GetOEMCP
0x5c3140 GetCPInfo
0x5c3144 HeapFree
0x5c3148 HeapReAlloc
0x5c314c HeapSize
0x5c3150 HeapQueryInformation
0x5c3154 HeapAlloc
0x5c3158 LCMapStringEx
0x5c315c CreateFileW
USER32.dll
0x5c3164 GetDesktopWindow
0x5c3168 SetWindowPos
0x5c316c FindWindowA
0x5c3170 SetDlgItemTextA
0x5c3174 GetShellWindow
0x5c3178 OpenIcon
GDI32.dll
0x5c3000 SelectObject
0x5c3004 DeleteObject
EAT(Export Address Table) is none