vbc.exe

First submission 2022-08-03 17:47:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
File type:	182.0 KB (186368 bytes)
Compile time:	2021-12-06 04:01:23
MD5:	cc76ce2b86f70e72509e0b1400f9654b
SHA1:	08ee70586a0939201f517d5673d71e642e007ddb
SHA256:	58eacc46d0b0cea33f72048362effd466fddda3a98e5b190102e0f74abb4356d
Import Hash :	16efb6b0368de80f5b2f8ee7ed5ecc80
Sections 3	.text .data .rsrc
Directories 3	import resource debug
Virus Total:	35/71 VT report date: 2022-08-03 13:25:05

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://192.3.152.158/45/vbc.exe	192.3.152.158	2022-08-03 17:47:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x22b40	142336	3d26ccc8a578f20a9b97ed3baf581a9ac4eb7558	a83181ea7a9d3821b094966285160ad5
.data	0x24000	0x2083ad0	12288	8a175b62d24360c8ad891b991e50af314723ac12	1d9ae01110fec31fb8c4a50aa30b1932
.rsrc	0x20a8000	0x76d8	30720	28d9e4cc1d44a35891b3b91a974443f599ec5548	f1d3c6de2db0292624f2334d29721aff

PE Resources 6

Name	Language	Sublanguage	Offset	Size	Data
AFX_DIALOG_LAYOUT	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x20ae4e0	14
RT_ICON	LANG_KANNADA	SUBLANG_DEFAULT	0x20ae000	1128	PE Resource: RT_ICON - Data ( zJP~aa}N~a}}q{dRzL]\|d{OzM~JXpU}O\|]}W]e}{gl}\~F}z}J{~\|S}~QfyH~}lf}~yzza\|\|\|z]WQ~X\~P}~{\|{lf{uQ{\|K}}tzrJhzR}Zopl\|]zfX]}~Ygm\|_]{\|\|?.&?JMSYa\|U~PO}Js~WI~=!zz}[X}\|W~c{~ccQ9/dM~~\|\|{_\|i~bg`({k\z~\|}eieFFIb\|}[~~_~\|~}e>0.U~3PT^KRkax_X<IQH$AAAAAAAAAAAAAAAA
RT_STRING	LANG_FRENCH	SUBLANG_FRENCH_SWISS	0x20af270	1128	PE Resource: RT_STRING - Data !Werajudawa tapazaxela hogizumebex$Lajopoxivoce bacaze fezo huk rehiyun-Goxapayevekehad fewomexedecugo goluyapucepaduBodafevicamasiKFal kudulezeza pepalitorulu titedeniguzoda mibotanukuyuku rarera haheniwafeWPimonuveke xuvavei zovom sumipuwipi zicumibayomod ligiw jihifagusivabo citozapo wafibikIRexiyosununuti rihoxorowopal vemerey fawunujokog foco xacovuku luhofaneru3Fucizedusimoma zex pisizasamena tagowowetapu mecawe8Dohawugox lavihitur hubusojifuzi vumebuwazuvey pebaxitisNSezegikacozetec meritujuveri maxaloyivokoz somewopo jahekilojej mimurekamihatu
RT_GROUP_ICON	LANG_KANNADA	SUBLANG_DEFAULT	0x20ae468	104
RT_VERSION	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x20ae4f0	404
None	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x20ae4d0	10

Meta infos 3

FileVersions:	48.90.12.34
Copyrighz:	Copyright (C) 2022, pozkarte
ProjectVersion:	82.79.7.9

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
USER32.dll

Strings analysis - Possible IPs found 2

48.90.12.34
82.79.7.9

Import functions

KERNEL32.dll 116 USER32.dll 1

Function	Address	Souspicious	Anti Debug
FoldStringA	0x401000
GetSystemTime	0x401004
GetLocalTime	0x401008
InterlockedDecrement	0x40100c
GetLocaleInfoW	0x401010
InterlockedCompareExchange	0x401014
_hwrite	0x401018
SetWaitableTimer	0x40101c
GetSystemDirectoryA	0x401020
CreateEventW	0x401024
ReadConsoleA	0x401028
VerifyVersionInfoA	0x40102c
BuildCommDCBA	0x401030
GetConsoleAliasExesLengthA	0x401034
SetSystemTimeAdjustment	0x401038
PeekConsoleInputA	0x40103c
EnumDateFormatsA	0x401040
CreateFileA	0x401044
RegisterWaitForSingleObjectEx	0x401048
LoadLibraryA	0x40104c
WaitNamedPipeA	0x401050
GetEnvironmentStrings	0x401054
FindResourceExA	0x401058
VirtualFree	0x40105c
GetFirmwareEnvironmentVariableW	0x401060
GetModuleFileNameW	0x401064
BeginUpdateResourceW	0x401068
EnumCalendarInfoExW	0x40106c
WriteConsoleOutputCharacterW	0x401070
WriteConsoleA	0x401074
LoadLibraryW	0x401078
DeleteFileW	0x40107c
LocalAlloc	0x401080
GetProcAddress	0x401084
GetUserDefaultLCID	0x401088
FindFirstChangeNotificationW	0x40108c
HeapUnlock	0x401090
GetCalendarInfoW	0x401094
SetConsoleTitleA	0x401098
GetBinaryTypeW	0x40109c
GetComputerNameExA	0x4010a0
FindNextFileA	0x4010a4
OpenJobObjectA	0x4010a8
HeapValidate	0x4010ac
_lclose	0x4010b0
GetComputerNameW	0x4010b4
SetFileShortNameW	0x4010b8
TlsSetValue	0x4010bc
SetCalendarInfoW	0x4010c0
SetComputerNameW	0x4010c4
CreateDirectoryExA	0x4010c8
DeleteCriticalSection	0x4010cc
FindFirstChangeNotificationA	0x4010d0
GetVolumePathNameW	0x4010d4
GetProcessHandleCount	0x4010d8
GetCurrentProcess	0x4010dc
GetThreadLocale	0x4010e0
GetSystemDefaultLangID	0x4010e4
ReadFile	0x4010e8
GetStringTypeW	0x4010ec
HeapSize	0x4010f0
GetDiskFreeSpaceA	0x4010f4
RaiseException	0x4010f8
RtlUnwind	0x4010fc
MultiByteToWideChar	0x401100
GetCommandLineW	0x401104
HeapSetInformation	0x401108
GetStartupInfoW	0x40110c
EncodePointer	0x401110
HeapAlloc	0x401114
GetLastError	0x401118
HeapFree	0x40111c
IsProcessorFeaturePresent	0x401120
SetFilePointer	0x401124
EnterCriticalSection	0x401128
LeaveCriticalSection	0x40112c
UnhandledExceptionFilter	0x401130
SetUnhandledExceptionFilter	0x401134
IsDebuggerPresent	0x401138
DecodePointer	0x40113c
TerminateProcess	0x401140
TlsAlloc	0x401144
TlsGetValue	0x401148
TlsFree	0x40114c
InterlockedIncrement	0x401150
GetModuleHandleW	0x401154
SetLastError	0x401158
GetCurrentThreadId	0x40115c
ExitProcess	0x401160
GetCPInfo	0x401164
GetACP	0x401168
GetOEMCP	0x40116c
IsValidCodePage	0x401170
CloseHandle	0x401174
WriteFile	0x401178
GetStdHandle	0x40117c
FreeEnvironmentStringsW	0x401180
GetEnvironmentStringsW	0x401184
SetHandleCount	0x401188
InitializeCriticalSectionAndSpinCount	0x40118c
GetFileType	0x401190
HeapCreate	0x401194
QueryPerformanceCounter	0x401198
GetTickCount	0x40119c
GetCurrentProcessId	0x4011a0
GetSystemTimeAsFileTime	0x4011a4
SetStdHandle	0x4011a8
WideCharToMultiByte	0x4011ac
GetConsoleCP	0x4011b0
GetConsoleMode	0x4011b4
FlushFileBuffers	0x4011b8
Sleep	0x4011bc
LCMapStringW	0x4011c0
WriteConsoleW	0x4011c4
HeapReAlloc	0x4011c8
CreateFileW	0x4011cc

Function	Address	Souspicious	Anti Debug
ClientToScreen	0x4011d4