ScreenShot
| Created | 2024.06.07 09:45 | Machine | s1_win7_x6403 |
| Filename | vidar0506.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 56 detected (AIDetectMalware, Stealerc, Malicious, score, Zusy, Unsafe, Save, GenusT, DWZB, Attribute, HighConfidence, high confidence, Kryptik, HXDB, Artemis, PWSX, TrojanPSW, Vidar, gxuPXyiFM2Q, cygcd, RISEPRO, YXEFEZ, Real Protect, high, Krypt, Detected, ai score=82, Eldorado, ZexaF, AuW@a0Qq1Mo, BScope, GdSda, Gencirc, Static AI, Malicious PE, susgen, HD#J) | ||
| md5 | 277923785bb9e137228d51c5685ee0ab | ||
| sha256 | 02eac2d8c04bfbabf5285b5fb1badf755e16ae50899f6bd7b788654e85a20613 | ||
| ssdeep | 6144:DanQ+kOsq4Dfvn3ai0+02l4CSOh+mF7OPm8vvcsIExBvqioI//3CC3bxwq/FKizC:D6f4DfvniMHF7YcsIWkA/yCVdKiW | ||
| imphash | 4a047a336589f73e9c0c05150f21321a | ||
| impfuzzy | 24:WjsxECKAWfakbJcpVJYcQD0GtZbJBl39LLOovbO3kFZMv5GMACEZHu9J:ZjWf5cpVJfxGtZ7pJ630FZGj | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x428000 WaitForSingleObjectEx
0x428004 CreateThread
0x428008 VirtualAlloc
0x42800c FreeConsole
0x428010 RaiseException
0x428014 InitOnceBeginInitialize
0x428018 InitOnceComplete
0x42801c ReleaseSRWLockExclusive
0x428020 AcquireSRWLockExclusive
0x428024 TryAcquireSRWLockExclusive
0x428028 GetCurrentThreadId
0x42802c WakeAllConditionVariable
0x428030 SleepConditionVariableSRW
0x428034 WideCharToMultiByte
0x428038 GetLastError
0x42803c FreeLibraryWhenCallbackReturns
0x428040 CreateThreadpoolWork
0x428044 SubmitThreadpoolWork
0x428048 CloseThreadpoolWork
0x42804c GetModuleHandleExW
0x428050 IsProcessorFeaturePresent
0x428054 EnterCriticalSection
0x428058 LeaveCriticalSection
0x42805c InitializeCriticalSectionEx
0x428060 DeleteCriticalSection
0x428064 QueryPerformanceCounter
0x428068 CloseHandle
0x42806c EncodePointer
0x428070 DecodePointer
0x428074 MultiByteToWideChar
0x428078 LCMapStringEx
0x42807c GetSystemTimeAsFileTime
0x428080 GetModuleHandleW
0x428084 GetProcAddress
0x428088 GetStringTypeW
0x42808c GetCPInfo
0x428090 GetCurrentProcessId
0x428094 InitializeSListHead
0x428098 IsDebuggerPresent
0x42809c UnhandledExceptionFilter
0x4280a0 SetUnhandledExceptionFilter
0x4280a4 GetStartupInfoW
0x4280a8 GetCurrentProcess
0x4280ac TerminateProcess
0x4280b0 CreateFileW
0x4280b4 RtlUnwind
0x4280b8 SetLastError
0x4280bc InitializeCriticalSectionAndSpinCount
0x4280c0 TlsAlloc
0x4280c4 TlsGetValue
0x4280c8 TlsSetValue
0x4280cc TlsFree
0x4280d0 FreeLibrary
0x4280d4 LoadLibraryExW
0x4280d8 GetStdHandle
0x4280dc WriteFile
0x4280e0 GetModuleFileNameW
0x4280e4 ExitProcess
0x4280e8 GetCommandLineA
0x4280ec GetCommandLineW
0x4280f0 HeapAlloc
0x4280f4 HeapFree
0x4280f8 CompareStringW
0x4280fc LCMapStringW
0x428100 GetLocaleInfoW
0x428104 IsValidLocale
0x428108 GetUserDefaultLCID
0x42810c EnumSystemLocalesW
0x428110 GetFileType
0x428114 GetFileSizeEx
0x428118 SetFilePointerEx
0x42811c FlushFileBuffers
0x428120 GetConsoleOutputCP
0x428124 GetConsoleMode
0x428128 ReadFile
0x42812c ReadConsoleW
0x428130 HeapReAlloc
0x428134 FindClose
0x428138 FindFirstFileExW
0x42813c FindNextFileW
0x428140 IsValidCodePage
0x428144 GetACP
0x428148 GetOEMCP
0x42814c GetEnvironmentStringsW
0x428150 FreeEnvironmentStringsW
0x428154 SetEnvironmentVariableW
0x428158 SetStdHandle
0x42815c GetProcessHeap
0x428160 HeapSize
0x428164 WriteConsoleW
EAT(Export Address Table) is none
KERNEL32.dll
0x428000 WaitForSingleObjectEx
0x428004 CreateThread
0x428008 VirtualAlloc
0x42800c FreeConsole
0x428010 RaiseException
0x428014 InitOnceBeginInitialize
0x428018 InitOnceComplete
0x42801c ReleaseSRWLockExclusive
0x428020 AcquireSRWLockExclusive
0x428024 TryAcquireSRWLockExclusive
0x428028 GetCurrentThreadId
0x42802c WakeAllConditionVariable
0x428030 SleepConditionVariableSRW
0x428034 WideCharToMultiByte
0x428038 GetLastError
0x42803c FreeLibraryWhenCallbackReturns
0x428040 CreateThreadpoolWork
0x428044 SubmitThreadpoolWork
0x428048 CloseThreadpoolWork
0x42804c GetModuleHandleExW
0x428050 IsProcessorFeaturePresent
0x428054 EnterCriticalSection
0x428058 LeaveCriticalSection
0x42805c InitializeCriticalSectionEx
0x428060 DeleteCriticalSection
0x428064 QueryPerformanceCounter
0x428068 CloseHandle
0x42806c EncodePointer
0x428070 DecodePointer
0x428074 MultiByteToWideChar
0x428078 LCMapStringEx
0x42807c GetSystemTimeAsFileTime
0x428080 GetModuleHandleW
0x428084 GetProcAddress
0x428088 GetStringTypeW
0x42808c GetCPInfo
0x428090 GetCurrentProcessId
0x428094 InitializeSListHead
0x428098 IsDebuggerPresent
0x42809c UnhandledExceptionFilter
0x4280a0 SetUnhandledExceptionFilter
0x4280a4 GetStartupInfoW
0x4280a8 GetCurrentProcess
0x4280ac TerminateProcess
0x4280b0 CreateFileW
0x4280b4 RtlUnwind
0x4280b8 SetLastError
0x4280bc InitializeCriticalSectionAndSpinCount
0x4280c0 TlsAlloc
0x4280c4 TlsGetValue
0x4280c8 TlsSetValue
0x4280cc TlsFree
0x4280d0 FreeLibrary
0x4280d4 LoadLibraryExW
0x4280d8 GetStdHandle
0x4280dc WriteFile
0x4280e0 GetModuleFileNameW
0x4280e4 ExitProcess
0x4280e8 GetCommandLineA
0x4280ec GetCommandLineW
0x4280f0 HeapAlloc
0x4280f4 HeapFree
0x4280f8 CompareStringW
0x4280fc LCMapStringW
0x428100 GetLocaleInfoW
0x428104 IsValidLocale
0x428108 GetUserDefaultLCID
0x42810c EnumSystemLocalesW
0x428110 GetFileType
0x428114 GetFileSizeEx
0x428118 SetFilePointerEx
0x42811c FlushFileBuffers
0x428120 GetConsoleOutputCP
0x428124 GetConsoleMode
0x428128 ReadFile
0x42812c ReadConsoleW
0x428130 HeapReAlloc
0x428134 FindClose
0x428138 FindFirstFileExW
0x42813c FindNextFileW
0x428140 IsValidCodePage
0x428144 GetACP
0x428148 GetOEMCP
0x42814c GetEnvironmentStringsW
0x428150 FreeEnvironmentStringsW
0x428154 SetEnvironmentVariableW
0x428158 SetStdHandle
0x42815c GetProcessHeap
0x428160 HeapSize
0x428164 WriteConsoleW
EAT(Export Address Table) is none