vbc.exe

First submission 2022-08-04 02:14:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 2071.41 KB (2121128 bytes)
Compile time: 2017-12-13 04:52:38
MD5: dd1a5ce8ee49b0a55d9d2e23e6e9c70c
SHA1: 1b34a53d46e16dc0d64963092f19042a2d73c5b1
SHA256: 77ed7f099d383a993b3ee6383ec343a3eda6b117f53febd01a1dc10c63cfea09
Import Hash : 6e1cd1b01423add5b44ce51c1be430bd
Sections 3 .text .data .rsrc
Directories 4 import resource debug security
Virus Total: 29/71 VT report date: 2022-08-03 23:34:42

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://84.38.129.115/99/vbc.exe VirusTotal Report 84.38.129.115 VirusTotal Report 2022-08-04 02:14:02

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1e2782 1976320 dcf8a09c0fe6089d92e9f4ad8519cf4c1fb659e9 2f1d82001a91bb84c6723aa2439511ab
.data 0x1e4000 0x3f2c 4096 41884b9506c9becdca5592fc5193fee10f8dd916 4df7745fea0df96b85664dce3c2a6de7
.rsrc 0x1e8000 0x20d28 134656 dcc1bdf9138f3cdf6ac612f9748e526a99eaf216 2581f5cc4289707a26d6cea49b38dcf2

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ALBANIAN SUBLANG_NEUTRAL 0x206990 1128
RT_STRING LANG_ALBANIAN SUBLANG_NEUTRAL 0x208860 1224
RT_GROUP_ICON LANG_ALBANIAN SUBLANG_NEUTRAL 0x206df8 90
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x206e58 748

Meta infos 9

FileDescription: yov.
LegalCopyright: Copyright (c) 2013-2022 All Rights Reserved.
Translation: 0x0000 0x04e5
InternalName: unsFwepHWt
ProductName: Yodiyini
CompanyName: Seg
FileVersion: 32.93.48.18
OriginalFilename: anatromicFakully.exe
ProductVersion: 62.21.62.73

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
707c9150a0094ddb14aeaf41487594f4 a7704dc716e0c680d46a46be77476b88d6dc0087 5032 2116096

Strings analysis - File found

Library
KERNEL32.dll
MSIMG32.dll
WUSER32.DLL
nKERNEL32.DLL
mkernel32.dll
mscoree.dll
USER32.dll

Strings analysis - Possible IPs found 2

62.21.62.73
32.93.48.18

Strings analysis - Possible URLs found 8

http://s.symcb.com/universal-root.crl0
https://d.symcb.com/cps0%
http://s.symcd.com06
http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
http://ts-ocsp.ws.symantec.com0;
https://d.symcb.com/rpa0@
https://d.symcb.com/rpa0.
http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0

Import functions