Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
General
-
Target
vbc.exe
-
Size
1.2MB
-
MD5
77cd3eac0feb00d232d794c3880b9e91
-
SHA1
e258c7782240346e9a3e9897bd1629bbd40dbd15
-
SHA256
ea4ff2f24588108641954f72800aabab7348ccc64d86f8293dd23cfc45f5faa1
-
SHA512
16162f31e50f6f4025f0e0996338e6fb29c3cb20754da8835637a0e9b7c8bd432e8c4ded9febd97cabd4830c5c3940e6ad9b56afcd73c9d447a3d62d92951911
-
SSDEEP
24576:8/H7YbIqYVAO30t6w0o7UhbrfNvyFqOVcyHGVzbuyb2R/slQPYGp8z:8/H7YbIqYVAO30t6w0ogrTOhHSmybU
Malware Config
Signatures
-
CoreEntity .NET Packer 1 IoCs
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
Processes:
resource yara_rule sample coreentity
Files
-
vbc.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ