popup

Report - vulcancontrol.exe

UPX Malicious Library Malicious Packer PE64 PE File
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.05.25 09:36 Machine s1_win7_x6401
Filename vulcancontrol.exe
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
AI Score Not founds Behavior Score
1.0
ZERO API file : clean
VT API (file) 7 detected (malicious, high confidence, a variant of WinGo, ClipBanker, Detected, Meterpreter)
md5 4482bb2674adc80b247a13e6901d6945
sha256 fe9ba02801cb37e7d2cf6a61f705eca55d9f442d91e3c880aaaf782724aa0559
ssdeep 393216:7FkkzYdVnfo+nvyzamYwCJwGBvy0/JhkWFI+aui9lrL2d6:7e/lnvaaJwGZyChp2+olrLO
imphash 9da18038e0ba9a33fbbaf76636ea1aff
impfuzzy 3:ssD7SbolWxzvyLsBO7oAAJo1MO/OywSx2AEZsWBJAEPwS9KTXzW:pajtlJoZ/O4ErBJAEHGDW
  Network IP location

Signature (3cnts)

Level Description
notice File has been identified by 7 AntiVirus engines on VirusTotal as malicious
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)

Rules (5cnts)

Level Name Description Collection
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE64 (no description) binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

kernel32.dll
 0x1378000 WriteFile
kernel32.dll
 0x1378010 GetSystemTimeAsFileTime
kernel32.dll
 0x1378020 HeapAlloc
 0x1378028 HeapFree
 0x1378030 ExitProcess
 0x1378038 GetModuleHandleA
 0x1378040 LoadLibraryA
 0x1378048 GetProcAddress

EAT(Export Address Table) is none


Similarity measure (PE file only) - Checking for service failure