MalScore
100/100

vcc.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 20/67 Related 2476
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 1689.00 KB (1729536 bytes)
Compile time: 2004-08-30 13:36:55
MD5: 8d2eb451a9308a5c02b7139e90eb7d4c
SHA1: b07288077e1d887711ea05d4313430547a145387
SHA256: 6b36d1fad356952af8b37e42a237045a724b7d94f4194a3dd7094f7bbc5e9e6a
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-10-31 20:36:05
Last submission: 2018-10-31 20:36:05
Filename detected: - vcc.exe (1)
URL file hosting
hXXp://findlondonhotel.co.uk/wp-content/uploads/vcc.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-10-31 13:42:54 [20/67] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x1a57f4 1726464 c0f46b990ad5aaf99408fa04f5e7e9e9 40a8d87e81bb00fed3ec70050350b60b3d5f2287
.rsrc 0x1a8000 0x68c 2048 417f900667f03c475153db8e80a581f8 655c496466f136d888a14d4f693b9c554d332091
.reloc 0x1aa000 0xc 512 fd749e2b3e13128912afda62641eae33 3b271cd23ea10c911e89e1ef8bfb3e1a1bf0a0b4
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Executable
c8s3.so
FIle type: XML
System.Xml
FIle type: Library
mscoree.dll
IP Found
5.12.26.3
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-10-31 20:31:43 2018-10-31 20:34:39 176

6 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-10-31 20:31:43 2018-10-31 20:34:39 176

8 Summary items with data

Files

C:\Windows\Globalization\Sorting\sortdefault.nls

Read Files

C:\Windows\Globalization\Sorting\sortdefault.nls

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SDfgsdf
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Parameters\Transports
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\Winsock
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Winsock\Mapping
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\Mapping
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Setup Migration\Providers\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\MinSockaddrLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\HelperDllName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Disk\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0

Read Keys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Parameters\Transports
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Winsock\Mapping
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\Mapping
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock\Setup Migration\Providers\Tcpip\WinSock 2.0 Provider ID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\MinSockaddrLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\MaxSockaddrLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\UseDelayedAcceptance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Winsock\HelperDllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SDfgsdf

Delete Keys

Nothing to display

Mutexes

Local\{41435A30-AC43-1BEB-BE05-A07FD209D423}

Resolved APIs

kernel32.dll.IsWow64Process
kernel32.dll.Wow64EnableWow64FsRedirection
ntdll.dll.ZwWow64QueryInformationProcess64
ntdll.dll.ZwWow64ReadVirtualMemory64
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
psapi.dll.GetMappedFileNameA
psapi.dll.GetModuleFileNameExA
psapi.dll.EnumProcessModules
shlwapi.dll.PathRemoveArgsW
shlwapi.dll.PathRemoveBlanksW
shlwapi.dll.PathRemoveArgsA
shlwapi.dll.PathRemoveBlanksA
shlwapi.dll.StrChrW
shlwapi.dll.StrCmpNIW
shlwapi.dll.StrTrimW
shlwapi.dll.StrDupA
shlwapi.dll.StrRChrA
shlwapi.dll.StrChrA
shlwapi.dll.StrRChrW
shlwapi.dll.PathStripPathA
ntdll.dll.NtQuerySystemInformation
ntdll.dll.RtlUnwindEx
ntdll.dll.RtlCompareUnicodeString
ntdll.dll.RtlInitUnicodeString
ntdll.dll.NtResumeProcess
ntdll.dll.NtSuspendProcess
ntdll.dll.NtSetContextThread
ntdll.dll.NtGetContextThread
ntdll.dll.ZwQueryInformationProcess
ntdll.dll.RtlNtStatusToDosError
ntdll.dll.ZwClose
ntdll.dll.NtUnmapViewOfSection
ntdll.dll.NtMapViewOfSection
ntdll.dll.NtCreateSection
ntdll.dll.NtQueryInformationFile
ntdll.dll.NtQueryObject
ntdll.dll.RtlEqualUnicodeString
ntdll.dll.RtlCaptureContext
ntdll.dll.RtlLookupFunctionEntry
ntdll.dll.RtlVirtualUnwind
ntdll.dll.ZwQueryKey
ws2_32.dll.#115
ws2_32.dll.#3
ws2_32.dll.#4
ws2_32.dll.#10
ws2_32.dll.#9
ws2_32.dll.#16
ws2_32.dll.#18
ws2_32.dll.#19
ws2_32.dll.#21
ws2_32.dll.#22
ws2_32.dll.#23
ws2_32.dll.#8
ws2_32.dll.WSAStringToAddressW
ws2_32.dll.#116
crypt32.dll.CertGetNameStringW
crypt32.dll.CertFreeCertificateContext
crypt32.dll.CertFindCertificateInStore
crypt32.dll.CertCloseStore
crypt32.dll.CryptMsgGetParam
crypt32.dll.CryptMsgClose
crypt32.dll.CryptDecodeObject
crypt32.dll.CryptQueryObject
kernel32.dll.GetComputerNameW
kernel32.dll.MultiByteToWideChar
kernel32.dll.FreeLibrary
kernel32.dll.GetProcAddress
kernel32.dll.GetVersion
kernel32.dll.LoadLibraryA
kernel32.dll.GetCurrentProcessId
kernel32.dll.CreateEventA
kernel32.dll.GetModuleHandleA
kernel32.dll.VirtualProtect
kernel32.dll.GetCurrentProcess
kernel32.dll.InitializeCriticalSection
kernel32.dll.EnterCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.DeleteCriticalSection
kernel32.dll.lstrcmpA
kernel32.dll.lstrcpyA
kernel32.dll.lstrlenA
kernel32.dll.SetLastError
kernel32.dll.lstrcmpiW
kernel32.dll.lstrcpyW
kernel32.dll.lstrcatA
kernel32.dll.lstrcatW
kernel32.dll.lstrlenW
kernel32.dll.WideCharToMultiByte
kernel32.dll.LocalFree
kernel32.dll.lstrcmpiA
kernel32.dll.VirtualAlloc
kernel32.dll.VirtualFree
kernel32.dll.SetEvent
kernel32.dll.OpenProcess
kernel32.dll.WaitForSingleObject
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetModuleFileNameA
kernel32.dll.CreateFileA
kernel32.dll.GetCurrentThread
kernel32.dll.TerminateThread
kernel32.dll.GetTickCount
kernel32.dll.SleepEx
kernel32.dll.ReleaseMutex
kernel32.dll.TerminateProcess
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.SetErrorMode
kernel32.dll.WaitForMultipleObjects
kernel32.dll.CreateMutexA
kernel32.dll.IsBadStringPtrA
kernel32.dll.ExpandEnvironmentStringsW
kernel32.dll.GetVersionExA
kernel32.dll.HeapFree
kernel32.dll.HeapReAlloc
kernel32.dll.HeapAlloc
kernel32.dll.HeapDestroy
kernel32.dll.HeapCreate
kernel32.dll.GetModuleHandleW
kernel32.dll.CloseHandle
kernel32.dll.WriteConsoleW
kernel32.dll.SetStdHandle
kernel32.dll.GetConsoleMode
kernel32.dll.GetConsoleCP
kernel32.dll.FlushFileBuffers
kernel32.dll.OutputDebugStringW
kernel32.dll.LoadLibraryExW
kernel32.dll.LCMapStringW
kernel32.dll.GetStringTypeW
kernel32.dll.GetModuleFileNameW
kernel32.dll.GetStdHandle
kernel32.dll.GetModuleHandleExW
kernel32.dll.ExitProcess
kernel32.dll.TlsSetValue
kernel32.dll.TlsGetValue
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.GetCPInfo
kernel32.dll.GetOEMCP
kernel32.dll.GetACP
kernel32.dll.IsValidCodePage
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.Sleep
kernel32.dll.ResumeThread
kernel32.dll.SuspendThread
kernel32.dll.GetThreadContext
kernel32.dll.WriteProcessMemory
kernel32.dll.ReadProcessMemory
kernel32.dll.GetLastError
kernel32.dll.CreateThread
kernel32.dll.SwitchToThread
kernel32.dll.VirtualProtectEx
kernel32.dll.SetFilePointer
kernel32.dll.CreateFileMappingA
kernel32.dll.OpenFileMappingA
kernel32.dll.GlobalAlloc
kernel32.dll.VirtualAllocEx
kernel32.dll.FindClose
kernel32.dll.UnmapViewOfFile
kernel32.dll.IsDebuggerPresent
kernel32.dll.VerLanguageNameW
kernel32.dll.GetLocaleInfoW
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.GetProcessTimes
kernel32.dll.Process32NextW
kernel32.dll.Process32FirstW
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.DeleteFileW
kernel32.dll.RemoveDirectoryW
kernel32.dll.CreateDirectoryW
kernel32.dll.DuplicateHandle
kernel32.dll.SetFilePointerEx
kernel32.dll.SetEndOfFile
kernel32.dll.WriteFile
kernel32.dll.GetFileInformationByHandle
kernel32.dll.GetProcessId
kernel32.dll.MulDiv
kernel32.dll.GetSystemWindowsDirectoryA
kernel32.dll.SystemTimeToFileTime
kernel32.dll.GetSystemTime
kernel32.dll.GetTempPathW
kernel32.dll.GetLongPathNameW
kernel32.dll.GlobalFree
kernel32.dll.GlobalUnlock
kernel32.dll.OpenThread
kernel32.dll.MapViewOfFile
kernel32.dll.lstrcmpW
kernel32.dll.OpenEventA
kernel32.dll.CreateFileW
kernel32.dll.FindFirstFileW
kernel32.dll.FindNextFileW
kernel32.dll.lstrcpynW
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.LoadLibraryW
kernel32.dll.GlobalLock
user32.dll.ChangeClipboardChain
user32.dll.SetClipboardData
user32.dll.SetClipboardViewer
user32.dll.GetClipboardData
user32.dll.EmptyClipboard
user32.dll.ActivateKeyboardLayout
user32.dll.FindWindowExA
user32.dll.GetThreadDesktop
user32.dll.GetWindowThreadProcessId
user32.dll.WindowFromDC
user32.dll.IsWindow
user32.dll.AppendMenuA
user32.dll.UnhookWindowsHookEx
user32.dll.SetWindowsHookExA
user32.dll.GetAncestor
user32.dll.GetWindowInfo
user32.dll.CallNextHookEx
user32.dll.GetClassNameA
user32.dll.FindWindowA
user32.dll.GetParent
user32.dll.SetClassLongPtrA
user32.dll.GetClassLongPtrA
user32.dll.SetWindowLongPtrA
user32.dll.GetWindowLongPtrA
user32.dll.FillRect
user32.dll.ScreenToClient
user32.dll.ClientToScreen
user32.dll.GetClientRect
user32.dll.RedrawWindow
user32.dll.MenuItemFromPoint
user32.dll.GetMenuItemRect
user32.dll.EndMenu
user32.dll.TrackPopupMenuEx
user32.dll.TrackPopupMenu
user32.dll.GetMenuItemCount
user32.dll.GetMenuItemID
user32.dll.GetSubMenu
user32.dll.GetSystemMenu
user32.dll.GetMenuState
user32.dll.HiliteMenuItem
user32.dll.GetMenu
user32.dll.SetKeyboardState
user32.dll.SetLayeredWindowAttributes
user32.dll.PrintWindow
user32.dll.CallWindowProcA
user32.dll.DefWindowProcA
user32.dll.PostMessageA
user32.dll.SendMessageTimeoutA
user32.dll.SendMessageA
user32.dll.GetDC
user32.dll.ReleaseDC
user32.dll.wsprintfW
user32.dll.GetUserObjectInformationA
user32.dll.GetDoubleClickTime
user32.dll.SetWindowPos
user32.dll.GetSystemMetrics
user32.dll.GetMenuItemInfoA
user32.dll.GetMenuDefaultItem
user32.dll.GetWindowRect
user32.dll.MapWindowPoints
user32.dll.IsRectEmpty
user32.dll.GetWindow
user32.dll.SetThreadDesktop
user32.dll.GetMessageA
user32.dll.TranslateMessage
user32.dll.DispatchMessageA
user32.dll.PostThreadMessageA
user32.dll.DestroyWindow
user32.dll.ShowWindow
user32.dll.CreateDialogIndirectParamW
user32.dll.EndDialog
user32.dll.ExitWindowsEx
user32.dll.GetKeyState
user32.dll.CreatePopupMenu
user32.dll.DestroyMenu
user32.dll.GetClipboardOwner
user32.dll.AttachThreadInput
user32.dll.IsWindowVisible
user32.dll.IsIconic
user32.dll.BringWindowToTop
user32.dll.SetFocus
user32.dll.SetActiveWindow
user32.dll.SetForegroundWindow
user32.dll.WindowFromPoint
user32.dll.PtInRect
user32.dll.EnumChildWindows
user32.dll.GetLastActivePopup
user32.dll.GetGUIThreadInfo
user32.dll.RealChildWindowFromPoint
user32.dll.DrawEdge
user32.dll.GetWindowTextA
user32.dll.GetScrollBarInfo
user32.dll.CreateDesktopA
user32.dll.EnumDesktopWindows
user32.dll.CloseDesktop
user32.dll.RegisterWindowMessageA
user32.dll.GetDesktopWindow
user32.dll.GetWindowLongA
user32.dll.SetWindowLongA
user32.dll.IntersectRect
user32.dll.ToUnicodeEx
user32.dll.GetKeyboardLayoutList
user32.dll.GetKeyboardLayout
user32.dll.ToAscii
user32.dll.VkKeyScanA
user32.dll.VkKeyScanExA
user32.dll.VkKeyScanExW
user32.dll.MapVirtualKeyA
user32.dll.MapVirtualKeyExA
user32.dll.ChildWindowFromPointEx
user32.dll.SetWinEventHook
user32.dll.UnhookWinEvent
user32.dll.RegisterClassA
user32.dll.CreateWindowExA
user32.dll.MoveWindow
user32.dll.CharUpperBuffW
user32.dll.SetTimer
user32.dll.KillTimer
user32.dll.DrawTextW
user32.dll.BeginPaint
user32.dll.EndPaint
user32.dll.GetSysColor
user32.dll.SendNotifyMessageA
user32.dll.OpenClipboard
user32.dll.CloseClipboard
user32.dll.wsprintfA
gdi32.dll.GetDIBits
gdi32.dll.GetStockObject
gdi32.dll.CreateBitmap
gdi32.dll.CreateDIBSection
gdi32.dll.SetDIBColorTable
gdi32.dll.CreateFontA
gdi32.dll.GetClipBox
gdi32.dll.SetBkColor
gdi32.dll.SetBkMode
gdi32.dll.SetTextColor
gdi32.dll.CreatePatternBrush
gdi32.dll.ExtTextOutA
gdi32.dll.SelectObject
gdi32.dll.CreateCompatibleDC
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.BitBlt
gdi32.dll.SetViewportOrgEx
gdi32.dll.SelectClipRgn
gdi32.dll.GetViewportOrgEx
gdi32.dll.GetClipRgn
gdi32.dll.DeleteObject
gdi32.dll.CreateRectRgn
gdi32.dll.GetSystemPaletteEntries
gdi32.dll.GetRegionData
gdi32.dll.GdiFlush
gdi32.dll.DeleteDC
gdi32.dll.GetDeviceCaps
gdi32.dll.CombineRgn
gdi32.dll.SetWindowOrgEx
advapi32.dll.RegQueryValueExW
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegCloseKey
advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorA
shell32.dll.ShellExecuteA
ole32.dll.CoUninitialize
ole32.dll.CoInitialize
user32.dll.MessageBoxTimeoutA
mswsock.dll.WSPStartup
wshtcpip.dll.WSHOpenSocket
wshtcpip.dll.WSHOpenSocket2
wshtcpip.dll.WSHJoinLeaf
wshtcpip.dll.WSHNotify
wshtcpip.dll.WSHGetSocketInformation
wshtcpip.dll.WSHSetSocketInformation
wshtcpip.dll.WSHGetSockaddrType
wshtcpip.dll.WSHGetWildcardSockaddr
wshtcpip.dll.WSHGetBroadcastSockaddr
wshtcpip.dll.WSHAddressToString
wshtcpip.dll.WSHStringToAddress
wshtcpip.dll.WSHIoctl
kernel32.dll.GetSystemTimes

Execute Commands

C:\Windows\system32\svchost.exe -k

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2018-10-31 20:31:43 2018-10-31 20:34:39 176

1 Host(s) detected

IP Address Hostname Reverse DNS
18.219.23.91 United States ec2-18-219-23-91.us-east-2.compute.amazonaws.com.

Host(s) by Country

Hosts Country 1
1 United States United States

#infosec #automation

TheSystem Itself @ 2018-10-31 20:36:07