dcsimg
Results 1 to 6 of 6

Thread: VB6 testing in virustotal the new "Behaviour" tab

  1. #1

    Thread Starter
    Fanatic Member
    Join Date
    Jan 2013
    Posts
    788

    VB6 testing in virustotal the new "Behaviour" tab

    I was testing my own software in virus total "behaviour" option.

    and found this.

    Code:
    ntdll.dll!NtOpenKey#native(#1512) important_document.exe
    Arguments:
    {"objectName":"\\Registry\\Machine\\Software\\Microsoft\\Windows\\Windows Error Reporting\\WMR","DesiredAccess":"0x1","KeyHandle":"0x18f128"}
    Returned value:
    0x0
    ntdll.dll!NtQueryAttributesFile#native(#1512) important_document.exe
    Arguments:
    {"objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
    Returned value:
    0xc0000034
    ntdll.dll!NtQueryAttributesFile#native(#1512) important_document.exe
    Arguments:
    {"objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
    Returned value:
    0xc0000034
    ntdll.dll!NtOpenFile#native(#1512) important_document.exe
    Arguments:
    {"objectName":"\\Device\\KsecDD","FileHandle":"0x18f9a4"}
    Returned value:
    null
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"OleLoadPictureEx"}
    Returned value:
    0x6fc97de4
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"DispCallFunc"}
    Returned value:
    0x6fc4cb0d
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"LoadTypeLibEx"}
    Returned value:
    0x6fc41a21
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"UnRegisterTypeLib"}
    Returned value:
    0x6fc61a48
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"CreateTypeLib2"}
    Returned value:
    0x6fc4742f
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDateFromUdate"}
    Returned value:
    0x6fc45cd9
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarUdateFromDate"}
    Returned value:
    0x6fc4ac90
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"GetAltMonthNames"}
    Returned value:
    0x6fc79752
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarNumFromParseNum"}
    Returned value:
    0x6fc49a4e
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarParseNumFromStr"}
    Returned value:
    0x6fc49807
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDecFromR4"}
    Returned value:
    0x6fc53dec
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDecFromR8"}
    Returned value:
    0x6fc54c3e
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDecFromDate"}
    Returned value:
    0x6fc7e4a4
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDecFromI4"}
    Returned value:
    0x6fc62828
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDecFromCy"}
    Returned value:
    0x6fc7e067
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarR4FromDec"}
    Returned value:
    0x6fc7e94d
    ntdll.dll!NtOpenKey#native(#1512) important_document.exe
    Arguments:
    {"objectName":"\\Registry\\Machine\\Software\\Microsoft\\Windows\\Windows Error Reporting\\WMR","DesiredAccess":"0x1","KeyHandle":"0x18f128"}
    Returned value:
    0x0
    ntdll.dll!NtQueryAttributesFile#native(#1512) important_document.exe
    Arguments:
    {"objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
    Returned value:
    0xc0000034
    ntdll.dll!NtQueryAttributesFile#native(#1512) important_document.exe
    Arguments:
    {"objectName":"\\??\\C:\\Windows\\system32\\rpcss.dll"}
    Returned value:
    0xc0000034
    ntdll.dll!NtOpenFile#native(#1512) important_document.exe
    Arguments:
    {"objectName":"\\Device\\KsecDD","FileHandle":"0x18f9a4"}
    Returned value:
    null
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"OleLoadPictureEx"}
    Returned value:
    0x6fc97de4
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"DispCallFunc"}
    Returned value:
    0x6fc4cb0d
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"LoadTypeLibEx"}
    Returned value:
    0x6fc41a21
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"UnRegisterTypeLib"}
    Returned value:
    0x6fc61a48
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"CreateTypeLib2"}
    Returned value:
    0x6fc4742f
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDateFromUdate"}
    Returned value:
    0x6fc45cd9
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarUdateFromDate"}
    Returned value:
    0x6fc4ac90
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"GetAltMonthNames"}
    Returned value:
    0x6fc79752
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarNumFromParseNum"}
    Returned value:
    0x6fc49a4e
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarParseNumFromStr"}
    Returned value:
    0x6fc49807
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDecFromR4"}
    Returned value:
    0x6fc53dec
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDecFromR8"}
    Returned value:
    0x6fc54c3e
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDecFromDate"}
    Returned value:
    0x6fc7e4a4
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDecFromI4"}
    Returned value:
    0x6fc62828
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDecFromCy"}
    Returned value:
    0x6fc7e067
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarR4FromDec"}
    Returned value:
    0x6fc7e94d
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"GetRecordInfoFromTypeInfo"}
    Returned value:
    0x6fc7d349
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"GetRecordInfoFromGuids"}
    Returned value:
    0x6fc7d8d0
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"SafeArrayGetRecordInfo"}
    Returned value:
    0x6fc7dbf4
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"SafeArraySetRecordInfo"}
    Returned value:
    0x6fc7dc2e
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"SafeArrayGetIID"}
    Returned value:
    0x6fc7dc71
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"SafeArraySetIID"}
    Returned value:
    0x6fc41947
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"SafeArrayCopyData"}
    Returned value:
    0x6fc401f1
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"SafeArrayAllocDescriptorEx"}
    Returned value:
    0x6fc3fb5e
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"SafeArrayCreateEx"}
    Returned value:
    0x6fc7ddcd
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarFormat"}
    Returned value:
    0x6fc82bfd
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarFormatDateTime"}
    Returned value:
    0x6fc82c92
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarFormatNumber"}
    Returned value:
    0x6fc82cf9
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarFormatPercent"}
    Returned value:
    0x6fc82d9d
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarFormatCurrency"}
    Returned value:
    0x6fc82e30
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarWeekdayName"}
    Returned value:
    0x6fc82edd
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarMonthName"}
    Returned value:
    0x6fc82f7d
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarAdd"}
    Returned value:
    0x6fc556d4
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarAnd"}
    Returned value:
    0x6fc55838
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarCat"}
    Returned value:
    0x6fc55754
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDiv"}
    Returned value:
    0x6fcaf13d
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarEqv"}
    Returned value:
    0x6fcafc3f
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarIdiv"}
    Returned value:
    0x6fcafd42
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarImp"}
    Returned value:
    0x6fcafc7f
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarMod"}
    Returned value:
    0x6fcafe96
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarMul"}
    Returned value:
    0x6fcae90c
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarOr"}
    Returned value:
    0x6fcafa32
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarPow"}
    Returned value:
    0x6fcaf79e
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarSub"}
    Returned value:
    0x6fcae06a
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarXor"}
    Returned value:
    0x6fcafb66
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarAbs"}
    Returned value:
    0x6fcad74e
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarFix"}
    Returned value:
    0x6fcad99c
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarInt"}
    Returned value:
    0x6fcadb24
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarNeg"}
    Returned value:
    0x6fcad53f
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarNot"}
    Returned value:
    0x6fcaf99e
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarRound"}
    Returned value:
    0x6fcade8d
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarCmp"}
    Returned value:
    0x6fc4bcf5
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDecAdd"}
    Returned value:
    0x6fc65cea
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarDecCmp"}
    Returned value:
    0x6fc54d70
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarBstrCat"}
    Returned value:
    0x6fc50d12
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarCyMulI4"}
    Returned value:
    0x6fc65799
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"oleaut32.dll","lpProcName":"VarBstrCmp"}
    Returned value:
    0x6fc3f7be
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"ole32.dll","lpProcName":"CoCreateInstanceEx"}
    Returned value:
    0x72589ed3
    KernelBase.dll!GetProcAddress#misc(#1512) important_document.exe
    Arguments:
    {"hModule":"ole32.dll","lpProcName":"CLSIDFromProgIDEx"}
    Returned value:
    0x725506da
    ntdll.dll!NtQueryAttributesFile#native(#1512) important_document.exe
    Arguments:
    {"objectName":"\\??\\C:\\Users\\\\Downloads\\important_document.exe.cfg"}
    Returned value:
    0xc0000034
    ntdll.dll!NtQueryAttributesFile#native(#1512) important_document.exe
    Arguments:
    {"objectName":"\\??\\C:\\Users\\\\Downloads\\SXS.DLL"}
    Returned value:
    0xc0000034
    what the hell is that lasts ones, my software has nothing to do with the download directory, or file called "important document.exe" , what is that?

  2. #2

  3. #3

    Thread Starter
    Fanatic Member
    Join Date
    Jan 2013
    Posts
    788

    Re: VB6 testing in virustotal the new "Behaviour" tab

    Quote Originally Posted by wqweto View Post
    Which download directory?

    This log looks fairly innocuous.. .

    cheers,
    </wqw>
    can be that they download in the sandbox your file like "important_document.exe"?

    ntdll.dll!NtQueryAttributesFile#native(#1512) important_document.exe
    Arguments:
    {"objectName":"\\??\\C:\\Users\\\\Downloads\\important_document.exe.cfg"}
    Returned value:
    0xc0000034
    ntdll.dll!NtQueryAttributesFile#native(#1512) important_document.exe
    Arguments:
    {"objectName":"\\??\\C:\\Users\\\\Downloads\\SXS.DLL"}
    Returned value:
    0xc0000034

    ?

  4. #4
    Lively Member
    Join Date
    May 2017
    Posts
    79

    Re: VB6 testing in virustotal the new "Behaviour" tab

    Have you run a full Virus Scan of your whole system? I recommend a scan with an off-line scanner (CD boot). e.g. Kaspersky has a free .ISO Bootable scanner, https://support.kaspersky.com/14226

  5. #5
    Fanatic Member
    Join Date
    Nov 2017
    Posts
    1,009

    Re: VB6 testing in virustotal the new "Behaviour" tab

    I haven't used that feature of Virustotal at all, but, assuming it is a new feature as the title of this thread suggests, then my gut instinct is that this new feature of the site has some sort of a bug, and that what the OP was seeing was data regarding an exe file that someone else uploaded called "important_document.exe" - which, based on the filename alone, looks like the kind of malware that is distributed via email.

  6. #6

    Thread Starter
    Fanatic Member
    Join Date
    Jan 2013
    Posts
    788

    Re: VB6 testing in virustotal the new "Behaviour" tab

    https://www.virustotal.com/gui/file/...otal%20Jujubox

    it has a link called "full report", and then at the top is a SCREENSHOT link of the app, and no, the report is from my app, no error, just look at that sandbox, they included STEAM in the sandbox!!!!!


    Google setting up steam in the virus total sandboxes!
    Last edited by flyguille; Jul 16th, 2019 at 01:18 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width