vbc.exe

First submission 2022-08-02 01:43:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 1799.45 KB (1842632 bytes)
Compile time: 2018-07-04 09:12:15
MD5: 3eacca91216d782c68becc40b2056ade
SHA1: d890abd8a87633413fee989f37c442e8f6344a64
SHA256: 217bb63194104a743dea34fafc9d8f38c842cde812ec86dfff64b03526bd2d89
Import Hash : a01a186a1df3be2af58c6c7701264115
Sections 3 .text .data .rsrc
Directories 4 import resource debug security
Virus Total: 42/71 VT report date: 2022-08-02 12:30:06

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://3.70.225.229/138/vbc.exe VirusTotal Report 3.70.225.229 VirusTotal Report 2022-08-02 01:43:02
hXXp://3.70.225.229/90/vbc.exe VirusTotal Report 3.70.225.229 VirusTotal Report 2022-08-02 22:42:09

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1a5cce 1728000 accc48d00eb5eea8ec7e6f887e248ce09ad553e9 e98885b1d10d8a4a0c7708668943681d
.data 0x1a7000 0x5b10 4096 e2d6d14845d2b473d3e74368878f763f7088abf1 40789e10b83c7a4918e57b85b0a1778d
.rsrc 0x1ad000 0x19798 104448 4c060c957d621b98c64fd06b1cfbda59c0e6c01d 94b9b3d0ad3198915ae0f3080c278f86

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_SYS_DEFAULT 0x1c4b70 1128
RT_STRING LANG_NEUTRAL SUBLANG_SYS_DEFAULT 0x1c66f0 164
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_SYS_DEFAULT 0x1c4fd8 90
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x1c5038 456

Meta infos 4

Translation: 0x0000 0x03a4
FileVersion: 13.89.58.59
LegalCopyright: Copyright \x2122 2010-2022 for Cefic Instance.
ProductVersion: 32.50.31.87

Anti debug functions 8

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringA
OutputDebugStringW
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
62bc8a98c22b44dcb697181cd7904411 0a940fb312be12e2b368decc75160733a526452b 5064 1837568

Strings analysis - File found

Library
WUSER32.DLL
mscoree.dll
KERNEL32.dll
GDI32.dll
USER32.dll
MSIMG32.dll

Strings analysis - Possible IPs found 2

13.89.58.59
32.50.31.87

Strings analysis - Possible URLs found 8

http://s.symcb.com/universal-root.crl0
https://d.symcb.com/cps0%
http://s.symcd.com06
http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
http://ts-ocsp.ws.symantec.com0;
https://d.symcb.com/rpa0@
https://d.symcb.com/rpa0.
http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0

Import functions