ScreenShot
| Created | 2021.08.10 17:49 | Machine | s1_win7_x6402 |
| Filename | Vidik.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (malicious, high confidence, ZexaF, QuW@ayyIHIeG, Kryptik, Eldorado, Attribute, HighConfidence, GenKryptik, FISI, score, Chapak, MalwareX, CLASSIC, Static AI, Malicious PE, Sabsik, BScope, Glupteba, confidence, 100%, HwoCKocA) | ||
| md5 | d307a9934a5fd7513c731373c5786579 | ||
| sha256 | 32635b6aa5bcbdd18166e5a9b9469104ccc57a19bfe72dc3e3caca761ebc311a | ||
| ssdeep | 12288:1IDf9akx0SNIQAb8vOOzZf9H70pKpf3klQzoIgWslIg5DIAkhq:y1ak4b8Guf9+GklQhgZlI6I9o | ||
| imphash | 3808cf5755aac20ce0592be1a9bc0f0d | ||
| impfuzzy | 48:BLPZ8+7N7OU1O2nYdtLaE0jcGIJcFu2XWIxU:nN7OU1FYdtOE0jcGIJcbXWv | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x424008 GetFileSize
0x42400c SetPriorityClass
0x424010 GetNativeSystemInfo
0x424014 SetFilePointer
0x424018 CopyFileExW
0x42401c InterlockedIncrement
0x424020 InterlockedDecrement
0x424024 WaitNamedPipeA
0x424028 WriteConsoleInputA
0x42402c GetComputerNameW
0x424030 SetEvent
0x424034 FreeEnvironmentStringsA
0x424038 CreateNamedPipeW
0x42403c VirtualFree
0x424040 GetConsoleAliasesLengthA
0x424044 GetPrivateProfileStringW
0x424048 FindResourceExA
0x42404c GlobalAlloc
0x424050 LoadLibraryW
0x424054 GetConsoleAliasExesLengthW
0x424058 InitAtomTable
0x42405c GetFileAttributesA
0x424060 SetConsoleCursorPosition
0x424064 GetBinaryTypeA
0x424068 GetSystemDirectoryA
0x42406c GetOverlappedResult
0x424070 CompareStringW
0x424074 lstrlenW
0x424078 GlobalUnlock
0x42407c CreateDirectoryA
0x424080 ReleaseActCtx
0x424084 EnumResourceNamesW
0x424088 OpenMutexW
0x42408c GetHandleInformation
0x424090 GetProcAddress
0x424094 GetProcessHeaps
0x424098 ReadFileEx
0x42409c SetComputerNameA
0x4240a0 LoadLibraryA
0x4240a4 CreateSemaphoreW
0x4240a8 GetConsoleScreenBufferInfo
0x4240ac GetExitCodeThread
0x4240b0 SetCurrentDirectoryW
0x4240b4 PostQueuedCompletionStatus
0x4240b8 WriteProfileSectionW
0x4240bc SetEnvironmentVariableA
0x4240c0 WriteProfileStringA
0x4240c4 CreateIoCompletionPort
0x4240c8 GetCurrentDirectoryA
0x4240cc FatalAppExitA
0x4240d0 GetCurrentThreadId
0x4240d4 GetCPInfoExA
0x4240d8 GetVersionExA
0x4240dc TlsAlloc
0x4240e0 FindAtomW
0x4240e4 DeleteFileW
0x4240e8 UnregisterWaitEx
0x4240ec GetSystemTime
0x4240f0 LCMapStringW
0x4240f4 AreFileApisANSI
0x4240f8 GetStartupInfoA
0x4240fc FileTimeToDosDateTime
0x424100 CreateFileA
0x424104 UnhandledExceptionFilter
0x424108 SetUnhandledExceptionFilter
0x42410c GetLastError
0x424110 MoveFileA
0x424114 GetStartupInfoW
0x424118 HeapValidate
0x42411c IsBadReadPtr
0x424120 RaiseException
0x424124 GetModuleHandleW
0x424128 Sleep
0x42412c ExitProcess
0x424130 GetModuleFileNameA
0x424134 WriteFile
0x424138 GetStdHandle
0x42413c EnterCriticalSection
0x424140 LeaveCriticalSection
0x424144 TerminateProcess
0x424148 GetCurrentProcess
0x42414c IsDebuggerPresent
0x424150 GetModuleFileNameW
0x424154 RtlUnwind
0x424158 GetACP
0x42415c GetOEMCP
0x424160 GetCPInfo
0x424164 IsValidCodePage
0x424168 TlsGetValue
0x42416c TlsSetValue
0x424170 TlsFree
0x424174 SetLastError
0x424178 DeleteCriticalSection
0x42417c QueryPerformanceCounter
0x424180 GetTickCount
0x424184 GetCurrentProcessId
0x424188 GetSystemTimeAsFileTime
0x42418c FreeEnvironmentStringsW
0x424190 GetEnvironmentStringsW
0x424194 GetCommandLineW
0x424198 SetHandleCount
0x42419c GetFileType
0x4241a0 HeapDestroy
0x4241a4 HeapCreate
0x4241a8 HeapFree
0x4241ac HeapAlloc
0x4241b0 HeapSize
0x4241b4 HeapReAlloc
0x4241b8 VirtualAlloc
0x4241bc InitializeCriticalSectionAndSpinCount
0x4241c0 DebugBreak
0x4241c4 OutputDebugStringA
0x4241c8 WriteConsoleW
0x4241cc OutputDebugStringW
0x4241d0 MultiByteToWideChar
0x4241d4 GetStringTypeA
0x4241d8 GetStringTypeW
0x4241dc GetLocaleInfoA
0x4241e0 WideCharToMultiByte
0x4241e4 LCMapStringA
0x4241e8 FlushFileBuffers
0x4241ec GetConsoleCP
0x4241f0 GetConsoleMode
0x4241f4 ReadFile
0x4241f8 CloseHandle
0x4241fc SetStdHandle
0x424200 WriteConsoleA
0x424204 GetConsoleOutputCP
0x424208 GetModuleHandleA
USER32.dll
0x424218 GetMonitorInfoA
GDI32.dll
0x424000 GetCharWidthW
MSIMG32.dll
0x424210 TransparentBlt
EAT(Export Address Table) is none
KERNEL32.dll
0x424008 GetFileSize
0x42400c SetPriorityClass
0x424010 GetNativeSystemInfo
0x424014 SetFilePointer
0x424018 CopyFileExW
0x42401c InterlockedIncrement
0x424020 InterlockedDecrement
0x424024 WaitNamedPipeA
0x424028 WriteConsoleInputA
0x42402c GetComputerNameW
0x424030 SetEvent
0x424034 FreeEnvironmentStringsA
0x424038 CreateNamedPipeW
0x42403c VirtualFree
0x424040 GetConsoleAliasesLengthA
0x424044 GetPrivateProfileStringW
0x424048 FindResourceExA
0x42404c GlobalAlloc
0x424050 LoadLibraryW
0x424054 GetConsoleAliasExesLengthW
0x424058 InitAtomTable
0x42405c GetFileAttributesA
0x424060 SetConsoleCursorPosition
0x424064 GetBinaryTypeA
0x424068 GetSystemDirectoryA
0x42406c GetOverlappedResult
0x424070 CompareStringW
0x424074 lstrlenW
0x424078 GlobalUnlock
0x42407c CreateDirectoryA
0x424080 ReleaseActCtx
0x424084 EnumResourceNamesW
0x424088 OpenMutexW
0x42408c GetHandleInformation
0x424090 GetProcAddress
0x424094 GetProcessHeaps
0x424098 ReadFileEx
0x42409c SetComputerNameA
0x4240a0 LoadLibraryA
0x4240a4 CreateSemaphoreW
0x4240a8 GetConsoleScreenBufferInfo
0x4240ac GetExitCodeThread
0x4240b0 SetCurrentDirectoryW
0x4240b4 PostQueuedCompletionStatus
0x4240b8 WriteProfileSectionW
0x4240bc SetEnvironmentVariableA
0x4240c0 WriteProfileStringA
0x4240c4 CreateIoCompletionPort
0x4240c8 GetCurrentDirectoryA
0x4240cc FatalAppExitA
0x4240d0 GetCurrentThreadId
0x4240d4 GetCPInfoExA
0x4240d8 GetVersionExA
0x4240dc TlsAlloc
0x4240e0 FindAtomW
0x4240e4 DeleteFileW
0x4240e8 UnregisterWaitEx
0x4240ec GetSystemTime
0x4240f0 LCMapStringW
0x4240f4 AreFileApisANSI
0x4240f8 GetStartupInfoA
0x4240fc FileTimeToDosDateTime
0x424100 CreateFileA
0x424104 UnhandledExceptionFilter
0x424108 SetUnhandledExceptionFilter
0x42410c GetLastError
0x424110 MoveFileA
0x424114 GetStartupInfoW
0x424118 HeapValidate
0x42411c IsBadReadPtr
0x424120 RaiseException
0x424124 GetModuleHandleW
0x424128 Sleep
0x42412c ExitProcess
0x424130 GetModuleFileNameA
0x424134 WriteFile
0x424138 GetStdHandle
0x42413c EnterCriticalSection
0x424140 LeaveCriticalSection
0x424144 TerminateProcess
0x424148 GetCurrentProcess
0x42414c IsDebuggerPresent
0x424150 GetModuleFileNameW
0x424154 RtlUnwind
0x424158 GetACP
0x42415c GetOEMCP
0x424160 GetCPInfo
0x424164 IsValidCodePage
0x424168 TlsGetValue
0x42416c TlsSetValue
0x424170 TlsFree
0x424174 SetLastError
0x424178 DeleteCriticalSection
0x42417c QueryPerformanceCounter
0x424180 GetTickCount
0x424184 GetCurrentProcessId
0x424188 GetSystemTimeAsFileTime
0x42418c FreeEnvironmentStringsW
0x424190 GetEnvironmentStringsW
0x424194 GetCommandLineW
0x424198 SetHandleCount
0x42419c GetFileType
0x4241a0 HeapDestroy
0x4241a4 HeapCreate
0x4241a8 HeapFree
0x4241ac HeapAlloc
0x4241b0 HeapSize
0x4241b4 HeapReAlloc
0x4241b8 VirtualAlloc
0x4241bc InitializeCriticalSectionAndSpinCount
0x4241c0 DebugBreak
0x4241c4 OutputDebugStringA
0x4241c8 WriteConsoleW
0x4241cc OutputDebugStringW
0x4241d0 MultiByteToWideChar
0x4241d4 GetStringTypeA
0x4241d8 GetStringTypeW
0x4241dc GetLocaleInfoA
0x4241e0 WideCharToMultiByte
0x4241e4 LCMapStringA
0x4241e8 FlushFileBuffers
0x4241ec GetConsoleCP
0x4241f0 GetConsoleMode
0x4241f4 ReadFile
0x4241f8 CloseHandle
0x4241fc SetStdHandle
0x424200 WriteConsoleA
0x424204 GetConsoleOutputCP
0x424208 GetModuleHandleA
USER32.dll
0x424218 GetMonitorInfoA
GDI32.dll
0x424000 GetCharWidthW
MSIMG32.dll
0x424210 TransparentBlt
EAT(Export Address Table) is none