vbc.exe
First submission 2022-05-10 19:58:03
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
File type: | 177.9 KB (182165 bytes) |
Compile time: | 2021-09-25 23:54:49 |
MD5: | c33d399c78bbc6d5f34b50759ce3deda |
SHA1: | 3b78f12e5f3adf30b758942ae3bc08a3955d6e53 |
SHA256: | 8f55cd87f94613eb7ea5e568c263cc3803378ab422bf31ceb7b7cc166bd9ad77 |
Import Hash : | 61259b55b8912888e90f516ca08dc514 |
Sections 5 | .text .rdata .data .ndata .rsrc |
Directories 2 | import resource |
Virus Total: | 27/68 VT report date: 2022-05-10 13:53:58 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 1
PE Sections 1 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x67c4 | 26624 | 5426a94b0895fc52d44216598c3d9b67d7c11815 | 0d301800a1129c1b34c24e9c70a83a2a | |
.rdata | 0x8000 | 0x139a | 5120 | dc4f14d019cad6646b38852dfb7370532acafebc | 8c5edfd8ff9cc0135e197611be38ca18 | |
.data | 0xa000 | 0x39ebb8 | 1536 | a5cf5c085ab3ed3c0697cf20b2fa14c618052c76 | c47ec1a5b78405f05a7f14418434b039 | |
.ndata | 0x3a9000 | 0x10000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.rsrc | 0x3b9000 | 0xa50 | 3072 | 40b30a1f6cdb3ed8738dd0a418597f67d3d62071 | d79dec7fbf7b676592533742181cc502 |
PE Resources 4
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x3b9190 | 744 | |
RT_DIALOG | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x3b9698 | 96 | |
RT_GROUP_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x3b96f8 | 20 | |
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x3b9710 | 830 |
Anti debug functions 2
FindWindowExW |
GetLastError |
Strings analysis - File found
Library |
%s%s.dll |
ADVAPI32.dll |
SHELL32.dll |
COMCTL32.dll |
ole32.dll |
GDI32.dll |
USER32.dll |
KERNEL32.dll |
Strings analysis - Possible URLs found 1
http://nsis.sf.net/NSIS_Error |