ScreenShot
| Created | 2023.05.04 18:44 | Machine | s1_win7_x6401 |
| Filename | vbc.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 44 detected (AIDetectMalware, Malicious, score, Artemis, Jaik, Save, GenKryptik, ZexaF, EvX@a4qM54iG, ABRisk, RTIK, high confidence, GJED, Strab, CrypterX, AgentTesla, cxwla, NEGASTEAL, YXDECZ, ai score=85, Sabsik, DSYQ1H, Detected, BScope, TrojanPSW, RedLine, unsafe, Chgt, AveMaria, gPYSJezLNfH, susgen, confidence, 100%) | ||
| md5 | 66d9a44a51599155c7a39a9a5a9dafa9 | ||
| sha256 | ead5fbe849c5bf78f300a22a2142fb5a00a2246ce0cf792c2789dd0e36ec6c50 | ||
| ssdeep | 24576:QfScnrJZy32uGrH3Zvz7ivzrm7AR+2G78EXpH0LD39jLJPnVml+BJQnEW+VC:Qf5JA2JHJvz7ivzrqdd0XNRPy8QnEW+0 | ||
| imphash | 5dbd4b53304dc2aae0c97e1295bb4e1e | ||
| impfuzzy | 48:nZCypVOjBX8tMS175c+ppQycR3AmA2zwSvRGryzzeAV/rzvN:ZCsV0BX8tMS175c+ppQy4p5 | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 44 AntiVirus engines on VirusTotal as malicious |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (10cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (download) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (download) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (download) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (download) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x53f000 SizeofResource
0x53f004 GetSystemDefaultLCID
0x53f008 SetLastError
0x53f00c lstrlenW
0x53f010 GetFullPathNameA
0x53f014 lstrlenA
0x53f018 LocalAlloc
0x53f01c lstrcmpA
0x53f020 GetModuleHandleA
0x53f024 IsValidCodePage
0x53f028 CompareStringA
0x53f02c DeleteFileW
0x53f030 LoadResource
0x53f034 GetCurrentProcessorNumber
0x53f038 GetProcAddress
0x53f03c CreateFileMappingA
0x53f040 GetProcessHeap
0x53f044 GlobalMemoryStatusEx
0x53f048 CreateRemoteThread
0x53f04c SetThreadContext
0x53f050 OpenThread
0x53f054 CloseHandle
0x53f058 DecodePointer
0x53f05c GetConsoleMode
0x53f060 GetConsoleOutputCP
0x53f064 FlushFileBuffers
0x53f068 SetFilePointerEx
0x53f06c WriteConsoleW
0x53f070 HeapQueryInformation
0x53f074 HeapSize
0x53f078 HeapReAlloc
0x53f07c HeapFree
0x53f080 LCMapStringW
0x53f084 UnhandledExceptionFilter
0x53f088 SetUnhandledExceptionFilter
0x53f08c GetCurrentProcess
0x53f090 TerminateProcess
0x53f094 IsProcessorFeaturePresent
0x53f098 QueryPerformanceCounter
0x53f09c GetCurrentProcessId
0x53f0a0 GetCurrentThreadId
0x53f0a4 GetSystemTimeAsFileTime
0x53f0a8 InitializeSListHead
0x53f0ac IsDebuggerPresent
0x53f0b0 GetStartupInfoW
0x53f0b4 GetModuleHandleW
0x53f0b8 RtlUnwind
0x53f0bc GetLastError
0x53f0c0 EnterCriticalSection
0x53f0c4 LeaveCriticalSection
0x53f0c8 DeleteCriticalSection
0x53f0cc InitializeCriticalSectionAndSpinCount
0x53f0d0 TlsAlloc
0x53f0d4 TlsGetValue
0x53f0d8 TlsSetValue
0x53f0dc TlsFree
0x53f0e0 FreeLibrary
0x53f0e4 LoadLibraryExW
0x53f0e8 EncodePointer
0x53f0ec RaiseException
0x53f0f0 GetStdHandle
0x53f0f4 WriteFile
0x53f0f8 GetModuleFileNameW
0x53f0fc ExitProcess
0x53f100 GetModuleHandleExW
0x53f104 HeapAlloc
0x53f108 HeapValidate
0x53f10c GetSystemInfo
0x53f110 OutputDebugStringW
0x53f114 FindClose
0x53f118 FindFirstFileExW
0x53f11c FindNextFileW
0x53f120 GetACP
0x53f124 GetOEMCP
0x53f128 GetCPInfo
0x53f12c GetCommandLineA
0x53f130 GetCommandLineW
0x53f134 MultiByteToWideChar
0x53f138 WideCharToMultiByte
0x53f13c GetEnvironmentStringsW
0x53f140 FreeEnvironmentStringsW
0x53f144 SetStdHandle
0x53f148 GetFileType
0x53f14c GetStringTypeW
0x53f150 CreateFileW
USER32.dll
0x53f158 OpenIcon
0x53f15c GetFocus
0x53f160 FillRect
0x53f164 EndDialog
0x53f168 GetCapture
0x53f16c GetDlgCtrlID
0x53f170 GetSystemMenu
0x53f174 GetTopWindow
0x53f178 GetDialogBaseUnits
0x53f17c GetUpdateRect
0x53f180 GetWindowDC
0x53f184 IsZoomed
0x53f188 GetCaretBlinkTime
0x53f18c GetDesktopWindow
0x53f190 FindWindowA
0x53f194 GetDoubleClickTime
EAT(Export Address Table) is none
KERNEL32.dll
0x53f000 SizeofResource
0x53f004 GetSystemDefaultLCID
0x53f008 SetLastError
0x53f00c lstrlenW
0x53f010 GetFullPathNameA
0x53f014 lstrlenA
0x53f018 LocalAlloc
0x53f01c lstrcmpA
0x53f020 GetModuleHandleA
0x53f024 IsValidCodePage
0x53f028 CompareStringA
0x53f02c DeleteFileW
0x53f030 LoadResource
0x53f034 GetCurrentProcessorNumber
0x53f038 GetProcAddress
0x53f03c CreateFileMappingA
0x53f040 GetProcessHeap
0x53f044 GlobalMemoryStatusEx
0x53f048 CreateRemoteThread
0x53f04c SetThreadContext
0x53f050 OpenThread
0x53f054 CloseHandle
0x53f058 DecodePointer
0x53f05c GetConsoleMode
0x53f060 GetConsoleOutputCP
0x53f064 FlushFileBuffers
0x53f068 SetFilePointerEx
0x53f06c WriteConsoleW
0x53f070 HeapQueryInformation
0x53f074 HeapSize
0x53f078 HeapReAlloc
0x53f07c HeapFree
0x53f080 LCMapStringW
0x53f084 UnhandledExceptionFilter
0x53f088 SetUnhandledExceptionFilter
0x53f08c GetCurrentProcess
0x53f090 TerminateProcess
0x53f094 IsProcessorFeaturePresent
0x53f098 QueryPerformanceCounter
0x53f09c GetCurrentProcessId
0x53f0a0 GetCurrentThreadId
0x53f0a4 GetSystemTimeAsFileTime
0x53f0a8 InitializeSListHead
0x53f0ac IsDebuggerPresent
0x53f0b0 GetStartupInfoW
0x53f0b4 GetModuleHandleW
0x53f0b8 RtlUnwind
0x53f0bc GetLastError
0x53f0c0 EnterCriticalSection
0x53f0c4 LeaveCriticalSection
0x53f0c8 DeleteCriticalSection
0x53f0cc InitializeCriticalSectionAndSpinCount
0x53f0d0 TlsAlloc
0x53f0d4 TlsGetValue
0x53f0d8 TlsSetValue
0x53f0dc TlsFree
0x53f0e0 FreeLibrary
0x53f0e4 LoadLibraryExW
0x53f0e8 EncodePointer
0x53f0ec RaiseException
0x53f0f0 GetStdHandle
0x53f0f4 WriteFile
0x53f0f8 GetModuleFileNameW
0x53f0fc ExitProcess
0x53f100 GetModuleHandleExW
0x53f104 HeapAlloc
0x53f108 HeapValidate
0x53f10c GetSystemInfo
0x53f110 OutputDebugStringW
0x53f114 FindClose
0x53f118 FindFirstFileExW
0x53f11c FindNextFileW
0x53f120 GetACP
0x53f124 GetOEMCP
0x53f128 GetCPInfo
0x53f12c GetCommandLineA
0x53f130 GetCommandLineW
0x53f134 MultiByteToWideChar
0x53f138 WideCharToMultiByte
0x53f13c GetEnvironmentStringsW
0x53f140 FreeEnvironmentStringsW
0x53f144 SetStdHandle
0x53f148 GetFileType
0x53f14c GetStringTypeW
0x53f150 CreateFileW
USER32.dll
0x53f158 OpenIcon
0x53f15c GetFocus
0x53f160 FillRect
0x53f164 EndDialog
0x53f168 GetCapture
0x53f16c GetDlgCtrlID
0x53f170 GetSystemMenu
0x53f174 GetTopWindow
0x53f178 GetDialogBaseUnits
0x53f17c GetUpdateRect
0x53f180 GetWindowDC
0x53f184 IsZoomed
0x53f188 GetCaretBlinkTime
0x53f18c GetDesktopWindow
0x53f190 FindWindowA
0x53f194 GetDoubleClickTime
EAT(Export Address Table) is none