vbc.exe

First submission 2022-07-30 12:59:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 1066.0 KB (1091584 bytes)
Compile time: 1992-06-20 00:22:17
MD5: 227d7181a49e4f19801e621378f67978
SHA1: ffbe03a026068e263ad63b655125b565a27fc522
SHA256: 3c4180a41539d6bb417287a3ef07eb27b1d14b46302514c37311ade6da6cb451
Import Hash : 8c20966f83012175c3b08dffdc592915
Sections 9 .text .itext .data .bss .idata .tls .rdata .reloc .rsrc
Directories 4 import resource tls relocation
Virus Total: 12/70 VT report date: 2022-07-30 07:55:07

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://192.227.168.187/80/vbc.exe VirusTotal Report 192.227.168.187 VirusTotal Report 2022-07-30 12:59:02

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x69dd0 433664 ed44c4991cee3cfce10fe3bdd3c509079a011a6d 441530315fab8bc5144cb73ec2a53abf
.itext 0x6b000 0x86c 2560 568134bf22376bee4719753bb6e7d2bc4b517a79 0312d81753f3bd453a54a5caa6658810
.data 0x6c000 0x1d50 7680 f49b04ea2d71db86018eb207d8964ef400e69a4e dbf623ba5d65b0158e77d133ee2d78e2
.bss 0x6e000 0x37d4 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x72000 0x2aaa 11264 1a4bc81aa556a2df7616dfa92d772a1887b82839 022bfecb0f678dbabf38e17a59981937
.tls 0x75000 0x34 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x76000 0x18 512 4a3eda38d2dd8d3902f5836db7d3c06eef757fcb e23b6f89f38c3fd773e194683129e376
.reloc 0x77000 0x7788 30720 5a41f486141e3398dfb682d5a2e1612e9c77bcd3 d802b883aa4e6bd5fef56a6b91843e58
.rsrc 0x7f000 0x93800 604160 131afc7eea669c250a4fe52190a31290e20c846e e8f63ffe8cc795df8f004bff30f04ba1

PE Resources 10

Name Language Sublanguage Offset Size Data
CODEC LANG_ENGLISH SUBLANG_ENGLISH_US 0x7fb5c 290067
RT_CURSOR LANG_ENGLISH SUBLANG_ENGLISH_US 0xc6fa8 308
RT_BITMAP LANG_ENGLISH SUBLANG_ENGLISH_US 0xc8140 464
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0xd17b8 1720
RT_STRING LANG_NEUTRAL SUBLANG_NEUTRAL 0xd3ff4 692
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x11206c 79
RT_GROUP_CURSOR LANG_ENGLISH SUBLANG_ENGLISH_US 0x112134 20
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x112148 34
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x11216c 692
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x112420 581

Meta infos 9

FileDescription: Don HO oil Rusia
LegalCopyright: Copyleft 1998-2016 by Don HO
Translation: 0x0409 0x04b0
InternalName: npp.mpc
ProductName: Don HO
CompanyName: Don HO son
FileVersion: 7.85
OriginalFilename: npp.mpc
ProductVersion: 7.85

Packers detected 5

Borland Delphi 3.0 (???)
Borland Delphi 4.0
Borland Delphi v3.0
Borland Delphi v6.0 - v7.0
BobSoft Mini Delphi -> BoB / BobSoft

Anti debug functions 5

FindWindowA
GetLastError
GetWindowThreadProcessId
RaiseException
UnhandledExceptionFilter

Strings analysis - File found

Library
USER32.dll
UxTheme.dll
OLEAUT32.dll
COMCTL32.dll
ole32.dll
IMM32.dll
ADVAPI32.dll
OLEPRO32.DLL
GDI32.dll
KERNEL32.dll
vcltest3.dll
VERSION.dll

Import functions