vbc[.]exe | Triage

Sharing

General

Target

vbc.exe
Size

1.2MB
MD5

77cd3eac0feb00d232d794c3880b9e91
SHA1

e258c7782240346e9a3e9897bd1629bbd40dbd15
SHA256

ea4ff2f24588108641954f72800aabab7348ccc64d86f8293dd23cfc45f5faa1
SHA512

16162f31e50f6f4025f0e0996338e6fb29c3cb20754da8835637a0e9b7c8bd432e8c4ded9febd97cabd4830c5c3940e6ad9b56afcd73c9d447a3d62d92951911
SSDEEP

24576:8/H7YbIqYVAO30t6w0o7UhbrfNvyFqOVcyHGVzbuyb2R/slQPYGp8z:8/H7YbIqYVAO30t6w0ogrTOhHSmybU

Score

10^/10

coreentity

Malware Config

Signatures

CoreEntity .NET Packer 1 IoCs
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
coreentity

Processes:

resource yara_rule

sample coreentity

Files

vbc.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ