ScreenShot
| Created | 2023.05.04 10:00 | Machine | s1_win7_x6401 |
| Filename | vdcs.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | 5a6929c141164830993b2c604e14a2a2 | ||
| sha256 | 02f8735f09f9c89a65d165ce098fe649039f0d08352353c69d8018d4c3db75c7 | ||
| ssdeep | 98304:ponC5g4H7xXJqStkoRYXGRdKocRaG/n85B7Gv9n+J4P6F9RuBhSMf5rXEAxbxtqm:pz5z1JNSo2XlzuB7M9nRYuXzf+ABZ | ||
| imphash | f0e8db307701582115b12426e04e3928 | ||
| impfuzzy | 96:AJcpVY3S1RtaMDpJE0j21AXJ+Zcp+qjwSttLyuua:/J1Z+Ra | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| watch | Queries information on disks |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x7b6000 DeviceIoControl
0x7b6004 CreateToolhelp32Snapshot
0x7b6008 GetTickCount64
0x7b600c Process32NextW
0x7b6010 CreateFileA
0x7b6014 Process32FirstW
0x7b6018 CloseHandle
0x7b601c GetSystemInfo
0x7b6020 GetProcAddress
0x7b6024 GlobalMemoryStatusEx
0x7b6028 GetModuleFileNameA
0x7b602c IsDebuggerPresent
0x7b6030 GetComputerNameA
0x7b6034 Sleep
0x7b6038 CreateDirectoryA
0x7b603c WriteConsoleW
0x7b6040 HeapSize
0x7b6044 CreateFileW
0x7b6048 GetProcessHeap
0x7b604c SetStdHandle
0x7b6050 SetEnvironmentVariableW
0x7b6054 FreeEnvironmentStringsW
0x7b6058 GlobalUnlock
0x7b605c GlobalLock
0x7b6060 GlobalFree
0x7b6064 GetModuleHandleW
0x7b6068 GlobalAlloc
0x7b606c GetEnvironmentStringsW
0x7b6070 GetOEMCP
0x7b6074 GetACP
0x7b6078 IsValidCodePage
0x7b607c FindNextFileW
0x7b6080 FindFirstFileExW
0x7b6084 FindClose
0x7b6088 MultiByteToWideChar
0x7b608c WideCharToMultiByte
0x7b6090 LCMapStringEx
0x7b6094 EnterCriticalSection
0x7b6098 LeaveCriticalSection
0x7b609c InitializeCriticalSectionEx
0x7b60a0 DeleteCriticalSection
0x7b60a4 EncodePointer
0x7b60a8 DecodePointer
0x7b60ac CompareStringEx
0x7b60b0 GetCPInfo
0x7b60b4 GetStringTypeW
0x7b60b8 IsProcessorFeaturePresent
0x7b60bc QueryPerformanceCounter
0x7b60c0 GetCurrentProcessId
0x7b60c4 GetCurrentThreadId
0x7b60c8 GetSystemTimeAsFileTime
0x7b60cc InitializeSListHead
0x7b60d0 UnhandledExceptionFilter
0x7b60d4 SetUnhandledExceptionFilter
0x7b60d8 GetStartupInfoW
0x7b60dc GetCurrentProcess
0x7b60e0 TerminateProcess
0x7b60e4 RtlUnwind
0x7b60e8 RaiseException
0x7b60ec GetLastError
0x7b60f0 SetLastError
0x7b60f4 InitializeCriticalSectionAndSpinCount
0x7b60f8 TlsAlloc
0x7b60fc TlsGetValue
0x7b6100 TlsSetValue
0x7b6104 TlsFree
0x7b6108 FreeLibrary
0x7b610c LoadLibraryExW
0x7b6110 GetStdHandle
0x7b6114 WriteFile
0x7b6118 GetModuleFileNameW
0x7b611c ExitProcess
0x7b6120 GetModuleHandleExW
0x7b6124 GetCommandLineA
0x7b6128 GetCommandLineW
0x7b612c HeapReAlloc
0x7b6130 CompareStringW
0x7b6134 LCMapStringW
0x7b6138 GetLocaleInfoW
0x7b613c IsValidLocale
0x7b6140 GetUserDefaultLCID
0x7b6144 EnumSystemLocalesW
0x7b6148 HeapFree
0x7b614c GetFileSizeEx
0x7b6150 SetFilePointerEx
0x7b6154 GetFileType
0x7b6158 FlushFileBuffers
0x7b615c GetConsoleOutputCP
0x7b6160 GetConsoleMode
0x7b6164 HeapAlloc
0x7b6168 ReadFile
0x7b616c ReadConsoleW
0x7b6170 SetEndOfFile
USER32.dll
0x7b6178 EmptyClipboard
0x7b617c GetClipboardData
0x7b6180 OpenClipboard
0x7b6184 CloseClipboard
0x7b6188 SetClipboardData
ADVAPI32.dll
0x7b6190 RegSetValueExA
0x7b6194 RegOpenKeyExW
0x7b6198 GetUserNameA
0x7b619c RegCloseKey
SHELL32.dll
0x7b61a4 ShellExecuteA
0x7b61a8 SHGetFolderPathA
WININET.dll
0x7b61b0 InternetCloseHandle
0x7b61b4 HttpOpenRequestA
0x7b61b8 InternetOpenA
0x7b61bc HttpSendRequestW
0x7b61c0 InternetConnectA
0x7b61c4 InternetReadFile
KERNEL32.dll
0x7b61cc GetSystemTimeAsFileTime
0x7b61d0 GetModuleHandleA
0x7b61d4 CreateEventA
0x7b61d8 GetModuleFileNameW
0x7b61dc TerminateProcess
0x7b61e0 GetCurrentProcess
0x7b61e4 CreateToolhelp32Snapshot
0x7b61e8 Thread32First
0x7b61ec GetCurrentProcessId
0x7b61f0 GetCurrentThreadId
0x7b61f4 OpenThread
0x7b61f8 Thread32Next
0x7b61fc CloseHandle
0x7b6200 SuspendThread
0x7b6204 ResumeThread
0x7b6208 WriteProcessMemory
0x7b620c GetSystemInfo
0x7b6210 VirtualAlloc
0x7b6214 VirtualProtect
0x7b6218 VirtualFree
0x7b621c GetProcessAffinityMask
0x7b6220 SetProcessAffinityMask
0x7b6224 GetCurrentThread
0x7b6228 SetThreadAffinityMask
0x7b622c Sleep
0x7b6230 LoadLibraryA
0x7b6234 FreeLibrary
0x7b6238 GetTickCount
0x7b623c SystemTimeToFileTime
0x7b6240 FileTimeToSystemTime
0x7b6244 GlobalFree
0x7b6248 LocalAlloc
0x7b624c LocalFree
0x7b6250 GetProcAddress
0x7b6254 ExitProcess
0x7b6258 EnterCriticalSection
0x7b625c LeaveCriticalSection
0x7b6260 InitializeCriticalSection
0x7b6264 DeleteCriticalSection
0x7b6268 GetModuleHandleW
0x7b626c LoadResource
0x7b6270 MultiByteToWideChar
0x7b6274 FindResourceExW
0x7b6278 FindResourceExA
0x7b627c WideCharToMultiByte
0x7b6280 GetThreadLocale
0x7b6284 GetUserDefaultLCID
0x7b6288 GetSystemDefaultLCID
0x7b628c EnumResourceNamesA
0x7b6290 EnumResourceNamesW
0x7b6294 EnumResourceLanguagesA
0x7b6298 EnumResourceLanguagesW
0x7b629c EnumResourceTypesA
0x7b62a0 EnumResourceTypesW
0x7b62a4 CreateFileW
0x7b62a8 LoadLibraryW
0x7b62ac GetLastError
0x7b62b0 FlushFileBuffers
0x7b62b4 WriteConsoleW
0x7b62b8 SetStdHandle
0x7b62bc IsProcessorFeaturePresent
0x7b62c0 DecodePointer
0x7b62c4 GetCommandLineA
0x7b62c8 RaiseException
0x7b62cc HeapFree
0x7b62d0 GetCPInfo
0x7b62d4 InterlockedIncrement
0x7b62d8 InterlockedDecrement
0x7b62dc GetACP
0x7b62e0 GetOEMCP
0x7b62e4 IsValidCodePage
0x7b62e8 EncodePointer
0x7b62ec TlsAlloc
0x7b62f0 TlsGetValue
0x7b62f4 TlsSetValue
0x7b62f8 TlsFree
0x7b62fc SetLastError
0x7b6300 UnhandledExceptionFilter
0x7b6304 SetUnhandledExceptionFilter
0x7b6308 IsDebuggerPresent
0x7b630c HeapAlloc
0x7b6310 LCMapStringW
0x7b6314 GetStringTypeW
0x7b6318 SetHandleCount
0x7b631c GetStdHandle
0x7b6320 InitializeCriticalSectionAndSpinCount
0x7b6324 GetFileType
0x7b6328 GetStartupInfoW
0x7b632c GetModuleFileNameA
0x7b6330 FreeEnvironmentStringsW
0x7b6334 GetEnvironmentStringsW
0x7b6338 HeapCreate
0x7b633c HeapDestroy
0x7b6340 QueryPerformanceCounter
0x7b6344 HeapSize
0x7b6348 WriteFile
0x7b634c RtlUnwind
0x7b6350 SetFilePointer
0x7b6354 GetConsoleCP
0x7b6358 GetConsoleMode
0x7b635c HeapReAlloc
0x7b6360 VirtualQuery
USER32.dll
0x7b6368 CharUpperBuffW
KERNEL32.dll
0x7b6370 LocalAlloc
0x7b6374 LocalFree
0x7b6378 GetModuleFileNameW
0x7b637c ExitProcess
0x7b6380 LoadLibraryA
0x7b6384 GetModuleHandleA
0x7b6388 GetProcAddress
EAT(Export Address Table) is none
KERNEL32.dll
0x7b6000 DeviceIoControl
0x7b6004 CreateToolhelp32Snapshot
0x7b6008 GetTickCount64
0x7b600c Process32NextW
0x7b6010 CreateFileA
0x7b6014 Process32FirstW
0x7b6018 CloseHandle
0x7b601c GetSystemInfo
0x7b6020 GetProcAddress
0x7b6024 GlobalMemoryStatusEx
0x7b6028 GetModuleFileNameA
0x7b602c IsDebuggerPresent
0x7b6030 GetComputerNameA
0x7b6034 Sleep
0x7b6038 CreateDirectoryA
0x7b603c WriteConsoleW
0x7b6040 HeapSize
0x7b6044 CreateFileW
0x7b6048 GetProcessHeap
0x7b604c SetStdHandle
0x7b6050 SetEnvironmentVariableW
0x7b6054 FreeEnvironmentStringsW
0x7b6058 GlobalUnlock
0x7b605c GlobalLock
0x7b6060 GlobalFree
0x7b6064 GetModuleHandleW
0x7b6068 GlobalAlloc
0x7b606c GetEnvironmentStringsW
0x7b6070 GetOEMCP
0x7b6074 GetACP
0x7b6078 IsValidCodePage
0x7b607c FindNextFileW
0x7b6080 FindFirstFileExW
0x7b6084 FindClose
0x7b6088 MultiByteToWideChar
0x7b608c WideCharToMultiByte
0x7b6090 LCMapStringEx
0x7b6094 EnterCriticalSection
0x7b6098 LeaveCriticalSection
0x7b609c InitializeCriticalSectionEx
0x7b60a0 DeleteCriticalSection
0x7b60a4 EncodePointer
0x7b60a8 DecodePointer
0x7b60ac CompareStringEx
0x7b60b0 GetCPInfo
0x7b60b4 GetStringTypeW
0x7b60b8 IsProcessorFeaturePresent
0x7b60bc QueryPerformanceCounter
0x7b60c0 GetCurrentProcessId
0x7b60c4 GetCurrentThreadId
0x7b60c8 GetSystemTimeAsFileTime
0x7b60cc InitializeSListHead
0x7b60d0 UnhandledExceptionFilter
0x7b60d4 SetUnhandledExceptionFilter
0x7b60d8 GetStartupInfoW
0x7b60dc GetCurrentProcess
0x7b60e0 TerminateProcess
0x7b60e4 RtlUnwind
0x7b60e8 RaiseException
0x7b60ec GetLastError
0x7b60f0 SetLastError
0x7b60f4 InitializeCriticalSectionAndSpinCount
0x7b60f8 TlsAlloc
0x7b60fc TlsGetValue
0x7b6100 TlsSetValue
0x7b6104 TlsFree
0x7b6108 FreeLibrary
0x7b610c LoadLibraryExW
0x7b6110 GetStdHandle
0x7b6114 WriteFile
0x7b6118 GetModuleFileNameW
0x7b611c ExitProcess
0x7b6120 GetModuleHandleExW
0x7b6124 GetCommandLineA
0x7b6128 GetCommandLineW
0x7b612c HeapReAlloc
0x7b6130 CompareStringW
0x7b6134 LCMapStringW
0x7b6138 GetLocaleInfoW
0x7b613c IsValidLocale
0x7b6140 GetUserDefaultLCID
0x7b6144 EnumSystemLocalesW
0x7b6148 HeapFree
0x7b614c GetFileSizeEx
0x7b6150 SetFilePointerEx
0x7b6154 GetFileType
0x7b6158 FlushFileBuffers
0x7b615c GetConsoleOutputCP
0x7b6160 GetConsoleMode
0x7b6164 HeapAlloc
0x7b6168 ReadFile
0x7b616c ReadConsoleW
0x7b6170 SetEndOfFile
USER32.dll
0x7b6178 EmptyClipboard
0x7b617c GetClipboardData
0x7b6180 OpenClipboard
0x7b6184 CloseClipboard
0x7b6188 SetClipboardData
ADVAPI32.dll
0x7b6190 RegSetValueExA
0x7b6194 RegOpenKeyExW
0x7b6198 GetUserNameA
0x7b619c RegCloseKey
SHELL32.dll
0x7b61a4 ShellExecuteA
0x7b61a8 SHGetFolderPathA
WININET.dll
0x7b61b0 InternetCloseHandle
0x7b61b4 HttpOpenRequestA
0x7b61b8 InternetOpenA
0x7b61bc HttpSendRequestW
0x7b61c0 InternetConnectA
0x7b61c4 InternetReadFile
KERNEL32.dll
0x7b61cc GetSystemTimeAsFileTime
0x7b61d0 GetModuleHandleA
0x7b61d4 CreateEventA
0x7b61d8 GetModuleFileNameW
0x7b61dc TerminateProcess
0x7b61e0 GetCurrentProcess
0x7b61e4 CreateToolhelp32Snapshot
0x7b61e8 Thread32First
0x7b61ec GetCurrentProcessId
0x7b61f0 GetCurrentThreadId
0x7b61f4 OpenThread
0x7b61f8 Thread32Next
0x7b61fc CloseHandle
0x7b6200 SuspendThread
0x7b6204 ResumeThread
0x7b6208 WriteProcessMemory
0x7b620c GetSystemInfo
0x7b6210 VirtualAlloc
0x7b6214 VirtualProtect
0x7b6218 VirtualFree
0x7b621c GetProcessAffinityMask
0x7b6220 SetProcessAffinityMask
0x7b6224 GetCurrentThread
0x7b6228 SetThreadAffinityMask
0x7b622c Sleep
0x7b6230 LoadLibraryA
0x7b6234 FreeLibrary
0x7b6238 GetTickCount
0x7b623c SystemTimeToFileTime
0x7b6240 FileTimeToSystemTime
0x7b6244 GlobalFree
0x7b6248 LocalAlloc
0x7b624c LocalFree
0x7b6250 GetProcAddress
0x7b6254 ExitProcess
0x7b6258 EnterCriticalSection
0x7b625c LeaveCriticalSection
0x7b6260 InitializeCriticalSection
0x7b6264 DeleteCriticalSection
0x7b6268 GetModuleHandleW
0x7b626c LoadResource
0x7b6270 MultiByteToWideChar
0x7b6274 FindResourceExW
0x7b6278 FindResourceExA
0x7b627c WideCharToMultiByte
0x7b6280 GetThreadLocale
0x7b6284 GetUserDefaultLCID
0x7b6288 GetSystemDefaultLCID
0x7b628c EnumResourceNamesA
0x7b6290 EnumResourceNamesW
0x7b6294 EnumResourceLanguagesA
0x7b6298 EnumResourceLanguagesW
0x7b629c EnumResourceTypesA
0x7b62a0 EnumResourceTypesW
0x7b62a4 CreateFileW
0x7b62a8 LoadLibraryW
0x7b62ac GetLastError
0x7b62b0 FlushFileBuffers
0x7b62b4 WriteConsoleW
0x7b62b8 SetStdHandle
0x7b62bc IsProcessorFeaturePresent
0x7b62c0 DecodePointer
0x7b62c4 GetCommandLineA
0x7b62c8 RaiseException
0x7b62cc HeapFree
0x7b62d0 GetCPInfo
0x7b62d4 InterlockedIncrement
0x7b62d8 InterlockedDecrement
0x7b62dc GetACP
0x7b62e0 GetOEMCP
0x7b62e4 IsValidCodePage
0x7b62e8 EncodePointer
0x7b62ec TlsAlloc
0x7b62f0 TlsGetValue
0x7b62f4 TlsSetValue
0x7b62f8 TlsFree
0x7b62fc SetLastError
0x7b6300 UnhandledExceptionFilter
0x7b6304 SetUnhandledExceptionFilter
0x7b6308 IsDebuggerPresent
0x7b630c HeapAlloc
0x7b6310 LCMapStringW
0x7b6314 GetStringTypeW
0x7b6318 SetHandleCount
0x7b631c GetStdHandle
0x7b6320 InitializeCriticalSectionAndSpinCount
0x7b6324 GetFileType
0x7b6328 GetStartupInfoW
0x7b632c GetModuleFileNameA
0x7b6330 FreeEnvironmentStringsW
0x7b6334 GetEnvironmentStringsW
0x7b6338 HeapCreate
0x7b633c HeapDestroy
0x7b6340 QueryPerformanceCounter
0x7b6344 HeapSize
0x7b6348 WriteFile
0x7b634c RtlUnwind
0x7b6350 SetFilePointer
0x7b6354 GetConsoleCP
0x7b6358 GetConsoleMode
0x7b635c HeapReAlloc
0x7b6360 VirtualQuery
USER32.dll
0x7b6368 CharUpperBuffW
KERNEL32.dll
0x7b6370 LocalAlloc
0x7b6374 LocalFree
0x7b6378 GetModuleFileNameW
0x7b637c ExitProcess
0x7b6380 LoadLibraryA
0x7b6384 GetModuleHandleA
0x7b6388 GetProcAddress
EAT(Export Address Table) is none