vbc.exe

First submission 2022-08-02 14:42:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 339.5 KB (347648 bytes)
Compile time: 2021-10-06 05:20:54
MD5: c99df5bce9762855ab664cd727ee808c
SHA1: 7ff25e388a9570daa4aaf343a57b79cfbbaabb17
SHA256: 28859eb575190164b901640152e89b71fd081cff49bb0a39ea212f519b6d518e
Import Hash : 652492f422ecaa026d8406f810fb7d07
Sections 6 .text .data .xut .vayej .yoge .rsrc
Directories 3 import resource debug
Virus Total: 32/71 VT report date: 2022-08-02 12:30:06

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://23.94.159.226/77/vbc.exe VirusTotal Report 23.94.159.226 VirusTotal Report 2022-08-02 14:42:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x324a2 206336 671f190801dd3f3cec83d3aaad7a60b9dcc800fe eac78bdac1240767b03db8e4e96d1dff
.data 0x34000 0x19f88 69632 cabcbfcb72745afef314eafc962d2d753d4e1e7f 4d74575301b07c8346a91b3c2f47c79b
.xut 0x4e000 0x400 1024 60cacbf3d72e1e7834203da608037b1bf83b40e8 0f343b0931126a20f133d67c2b018a3b
.vayej 0x4f000 0x400 1024 60cacbf3d72e1e7834203da608037b1bf83b40e8 0f343b0931126a20f133d67c2b018a3b
.yoge 0x50000 0x96 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x51000 0x508d0 68096 5c16300904f04ea677ade867a378bcc85110ad2f 1e8d37f2200545c11296a77679c4689f

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_KOREAN SUBLANG_KOREAN 0x60ee8 1128
RT_STRING LANG_KOREAN SUBLANG_KOREAN 0x61688 582
RT_ACCELERATOR LANG_KOREAN SUBLANG_KOREAN 0x613c8 112
RT_GROUP_ICON LANG_KOREAN SUBLANG_KOREAN 0x540f8 76
RT_VERSION LANG_KOREAN SUBLANG_KOREAN 0x61498 316

Meta infos 1

Translations: 0x0353 0x036f

Anti debug functions 7

GetLastError
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
ADVAPI32.dll
MSPDB80.DLL
USER32.dll

Strings analysis - Possible IPs found 2

95.77.6.8
68.41.92.92

Import functions