DigitalSide Threat Intel

vbc.exe

First submission 2022-08-02 01:43:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 1799.45 KB (1842632 bytes)
Compile time: 2018-07-04 09:12:15
MD5: 3eacca91216d782c68becc40b2056ade
SHA1: d890abd8a87633413fee989f37c442e8f6344a64
SHA256: 217bb63194104a743dea34fafc9d8f38c842cde812ec86dfff64b03526bd2d89
Import Hash : a01a186a1df3be2af58c6c7701264115
Sections 3 .text .data .rsrc
Directories 4 import resource debug security
Virus Total: 42/71 VT report date: 2022-08-02 12:30:06

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://3.70.225.229/138/vbc.exe VirusTotal Report 3.70.225.229 VirusTotal Report 2022-08-02 01:43:02
hXXp://3.70.225.229/90/vbc.exe VirusTotal Report 3.70.225.229 VirusTotal Report 2022-08-02 22:42:09

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1a5cce 1728000 accc48d00eb5eea8ec7e6f887e248ce09ad553e9 e98885b1d10d8a4a0c7708668943681d
.data 0x1a7000 0x5b10 4096 e2d6d14845d2b473d3e74368878f763f7088abf1 40789e10b83c7a4918e57b85b0a1778d
.rsrc 0x1ad000 0x19798 104448 4c060c957d621b98c64fd06b1cfbda59c0e6c01d 94b9b3d0ad3198915ae0f3080c278f86

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_SYS_DEFAULT 0x1c4b70 1128
RT_STRING LANG_NEUTRAL SUBLANG_SYS_DEFAULT 0x1c66f0 164
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_SYS_DEFAULT 0x1c4fd8 90
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x1c5038 456

Meta infos 4

Translation: 0x0000 0x03a4
FileVersion: 13.89.58.59
LegalCopyright: Copyright \x2122 2010-2022 for Cefic Instance.
ProductVersion: 32.50.31.87

Anti debug functions 8

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringA
OutputDebugStringW
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
62bc8a98c22b44dcb697181cd7904411 0a940fb312be12e2b368decc75160733a526452b 5064 1837568

Strings analysis - File found

Library
WUSER32.DLL
mscoree.dll
KERNEL32.dll
GDI32.dll
USER32.dll
MSIMG32.dll

Strings analysis - Possible IPs found 2

13.89.58.59
32.50.31.87

Strings analysis - Possible URLs found 8

http://s.symcb.com/universal-root.crl0
https://d.symcb.com/cps0%
http://s.symcd.com06
http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
http://ts-ocsp.ws.symantec.com0;
https://d.symcb.com/rpa0@
https://d.symcb.com/rpa0.
http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0

Import functions

Function Address Souspicious Anti Debug
InterlockedCompareExchange 0x401008
_hwrite 0x40100c
SetWaitableTimer 0x401010
GetSystemDirectoryA 0x401014
CreateEventA 0x401018
ReadConsoleA 0x40101c
VerifyVersionInfoA 0x401020
WaitNamedPipeW 0x401024
CreateMutexW 0x401028
EnumDateFormatsA 0x40102c
CreateFileA 0x401030
RegisterWaitForSingleObjectEx 0x401034
LoadLibraryA 0x401038
LocalAlloc 0x40103c
VirtualProtect 0x401040
GetUserDefaultLangID 0x401044
FindFirstChangeNotificationA 0x401048
HeapUnlock 0x40104c
LocalFree 0x401050
GetCalendarInfoA 0x401054
SetConsoleTitleW 0x401058
GetBinaryTypeW 0x40105c
GetThreadLocale 0x401060
GetSystemDefaultLCID 0x401064
GetCurrentProcess 0x401068
GetLocaleInfoW 0x40106c
FindNextFileW 0x401070
OpenJobObjectA 0x401074
HeapValidate 0x401078
_lclose 0x40107c
FoldStringW 0x401080
GetComputerNameW 0x401084
SetFileShortNameW 0x401088
GetTimeZoneInformation 0x40108c
TlsGetValue 0x401090
GetCPInfoExA 0x401094
GetFileAttributesExA 0x401098
SetComputerNameA 0x40109c
GetFileAttributesW 0x4010a0
DeleteCriticalSection 0x4010a4
FindFirstChangeNotificationW 0x4010a8
GetVolumePathNameA 0x4010ac
LoadLibraryW 0x4010b0
SetSystemTime 0x4010b4
ReadFile 0x4010b8
GetLocalTime 0x4010bc
GetStringTypeW 0x4010c0
HeapSize 0x4010c4
GetDiskFreeSpaceA 0x4010c8
CreateFileW 0x4010cc
GetComputerNameExW 0x4010d0
InterlockedDecrement 0x4010d4
MultiByteToWideChar 0x4010d8
GetCommandLineA 0x4010dc
HeapSetInformation 0x4010e0
GetStartupInfoW 0x4010e4
IsProcessorFeaturePresent 0x4010e8
EnterCriticalSection 0x4010ec
LeaveCriticalSection 0x4010f0
DecodePointer 0x4010f4
TerminateProcess 0x4010f8
UnhandledExceptionFilter 0x4010fc
SetUnhandledExceptionFilter 0x401100
IsDebuggerPresent 0x401104
EncodePointer 0x401108
GetModuleFileNameW 0x40110c
GetLastError 0x401110
SetFilePointer 0x401114
InterlockedIncrement 0x401118
GetProcAddress 0x40111c
GetModuleHandleW 0x401120
ExitProcess 0x401124
WriteFile 0x401128
GetStdHandle 0x40112c
GetACP 0x401130
GetOEMCP 0x401134
GetCPInfo 0x401138
IsValidCodePage 0x40113c
TlsAlloc 0x401140
TlsSetValue 0x401144
GetCurrentThreadId 0x401148
TlsFree 0x40114c
SetLastError 0x401150
IsBadReadPtr 0x401154
CloseHandle 0x401158
QueryPerformanceCounter 0x40115c
GetTickCount 0x401160
GetCurrentProcessId 0x401164
GetSystemTimeAsFileTime 0x401168
GetModuleFileNameA 0x40116c
FreeEnvironmentStringsW 0x401170
WideCharToMultiByte 0x401174
GetEnvironmentStringsW 0x401178
SetHandleCount 0x40117c
InitializeCriticalSectionAndSpinCount 0x401180
GetFileType 0x401184
HeapCreate 0x401188
OutputDebugStringA 0x40118c
WriteConsoleW 0x401190
OutputDebugStringW 0x401194
RtlUnwind 0x401198
SetStdHandle 0x40119c
FlushFileBuffers 0x4011a0
GetConsoleCP 0x4011a4
GetConsoleMode 0x4011a8
LCMapStringW 0x4011ac
HeapAlloc 0x4011b0
HeapReAlloc 0x4011b4
HeapQueryInformation 0x4011b8
HeapFree 0x4011bc
RaiseException 0x4011c0
Function Address Souspicious Anti Debug
ClientToScreen 0x4011c8
Function Address Souspicious Anti Debug
GetBitmapBits 0x401000