vbc.exe

First submission 2022-08-03 17:47:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 182.0 KB (186368 bytes)
Compile time: 2021-12-06 04:01:23
MD5: cc76ce2b86f70e72509e0b1400f9654b
SHA1: 08ee70586a0939201f517d5673d71e642e007ddb
SHA256: 58eacc46d0b0cea33f72048362effd466fddda3a98e5b190102e0f74abb4356d
Import Hash : 16efb6b0368de80f5b2f8ee7ed5ecc80
Sections 3 .text .data .rsrc
Directories 3 import resource debug
Virus Total: 35/71 VT report date: 2022-08-03 13:25:05

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://192.3.152.158/45/vbc.exe VirusTotal Report 192.3.152.158 VirusTotal Report 2022-08-03 17:47:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x22b40 142336 3d26ccc8a578f20a9b97ed3baf581a9ac4eb7558 a83181ea7a9d3821b094966285160ad5
.data 0x24000 0x2083ad0 12288 8a175b62d24360c8ad891b991e50af314723ac12 1d9ae01110fec31fb8c4a50aa30b1932
.rsrc 0x20a8000 0x76d8 30720 28d9e4cc1d44a35891b3b91a974443f599ec5548 f1d3c6de2db0292624f2334d29721aff

PE Resources 6

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_NEUTRAL SUBLANG_NEUTRAL 0x20ae4e0 14
RT_ICON LANG_KANNADA SUBLANG_DEFAULT 0x20ae000 1128
RT_STRING LANG_FRENCH SUBLANG_FRENCH_SWISS 0x20af270 1128
RT_GROUP_ICON LANG_KANNADA SUBLANG_DEFAULT 0x20ae468 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x20ae4f0 404
None LANG_NEUTRAL SUBLANG_NEUTRAL 0x20ae4d0 10

Meta infos 3

FileVersions: 48.90.12.34
Copyrighz: Copyright (C) 2022, pozkarte
ProjectVersion: 82.79.7.9

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
USER32.dll

Strings analysis - Possible IPs found 2

48.90.12.34
82.79.7.9

Import functions