ScreenShot
| Created | 2024.06.26 07:34 | Machine | s1_win7_x6403 |
| Filename | vidar2406.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 59 detected (AIDetectMalware, Reline, malicious, high confidence, score, Trojanpws, Lazy, Unsafe, Save, Attribute, HighConfidence, Kryptik, HXDB, Artemis, PWSX, TrojanPSW, LummaStealer, Convagent, pUo2DbC9GnG, nibeh, RISEPRO, YXEFXZ, high, Stealerc, Detected, ai score=82, Eldorado, ZexaCO, AuW@aqgGGEg, BScope, Vidar, GdSda, QQPass, QQRob, Uwhl, Static AI, Malicious PE, susgen, confidence, 100%, HD#J) | ||
| md5 | c64af626c4ed0784e010f5f2210e97f4 | ||
| sha256 | 2da1abbc4cc0cb6c5819206da60dbb09d72b02034ef375cd40ce289bdf2dc417 | ||
| ssdeep | 12288:tAZeNp7Ik3kXzCNAt8T7yejH2KlN2fq3S9:tAop5KCNEoWS3 | ||
| imphash | e4019b337e6aa53400bb9378be49b858 | ||
| impfuzzy | 24:i+A9jlxEkBKAWLkbJcpVJ+jQDTt8CbJBl39r9OovbOIHFZMv5GMACEZHu9U:tcv/W+cpVJIIt8C7pZo3gFZGK | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 59 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | Command line console output was observed |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
GDI32.dll
0x428000 Polyline
0x428004 RectVisible
USER32.dll
0x428178 OffsetRect
KERNEL32.dll
0x42800c CreateFileW
0x428010 HeapSize
0x428014 SetStdHandle
0x428018 WaitForSingleObject
0x42801c CreateThread
0x428020 VirtualAlloc
0x428024 FreeConsole
0x428028 RaiseException
0x42802c InitOnceBeginInitialize
0x428030 InitOnceComplete
0x428034 CloseHandle
0x428038 GetCurrentThreadId
0x42803c ReleaseSRWLockExclusive
0x428040 AcquireSRWLockExclusive
0x428044 TryAcquireSRWLockExclusive
0x428048 WakeAllConditionVariable
0x42804c SleepConditionVariableSRW
0x428050 GetLastError
0x428054 FreeLibraryWhenCallbackReturns
0x428058 CreateThreadpoolWork
0x42805c SubmitThreadpoolWork
0x428060 CloseThreadpoolWork
0x428064 GetModuleHandleExW
0x428068 IsProcessorFeaturePresent
0x42806c EnterCriticalSection
0x428070 LeaveCriticalSection
0x428074 InitializeCriticalSectionEx
0x428078 DeleteCriticalSection
0x42807c QueryPerformanceCounter
0x428080 EncodePointer
0x428084 DecodePointer
0x428088 MultiByteToWideChar
0x42808c WideCharToMultiByte
0x428090 LCMapStringEx
0x428094 GetSystemTimeAsFileTime
0x428098 GetModuleHandleW
0x42809c GetProcAddress
0x4280a0 GetStringTypeW
0x4280a4 GetCPInfo
0x4280a8 IsDebuggerPresent
0x4280ac UnhandledExceptionFilter
0x4280b0 SetUnhandledExceptionFilter
0x4280b4 GetStartupInfoW
0x4280b8 GetCurrentProcess
0x4280bc TerminateProcess
0x4280c0 GetCurrentProcessId
0x4280c4 InitializeSListHead
0x4280c8 GetProcessHeap
0x4280cc RtlUnwind
0x4280d0 SetLastError
0x4280d4 InitializeCriticalSectionAndSpinCount
0x4280d8 TlsAlloc
0x4280dc TlsGetValue
0x4280e0 TlsSetValue
0x4280e4 TlsFree
0x4280e8 FreeLibrary
0x4280ec LoadLibraryExW
0x4280f0 ExitProcess
0x4280f4 GetModuleFileNameW
0x4280f8 GetStdHandle
0x4280fc WriteFile
0x428100 GetCommandLineA
0x428104 GetCommandLineW
0x428108 HeapFree
0x42810c HeapAlloc
0x428110 CompareStringW
0x428114 LCMapStringW
0x428118 GetLocaleInfoW
0x42811c IsValidLocale
0x428120 GetUserDefaultLCID
0x428124 EnumSystemLocalesW
0x428128 GetFileType
0x42812c GetFileSizeEx
0x428130 SetFilePointerEx
0x428134 FlushFileBuffers
0x428138 GetConsoleOutputCP
0x42813c GetConsoleMode
0x428140 ReadFile
0x428144 ReadConsoleW
0x428148 HeapReAlloc
0x42814c FindClose
0x428150 FindFirstFileExW
0x428154 FindNextFileW
0x428158 IsValidCodePage
0x42815c GetACP
0x428160 GetOEMCP
0x428164 GetEnvironmentStringsW
0x428168 FreeEnvironmentStringsW
0x42816c SetEnvironmentVariableW
0x428170 WriteConsoleW
EAT(Export Address Table) is none
GDI32.dll
0x428000 Polyline
0x428004 RectVisible
USER32.dll
0x428178 OffsetRect
KERNEL32.dll
0x42800c CreateFileW
0x428010 HeapSize
0x428014 SetStdHandle
0x428018 WaitForSingleObject
0x42801c CreateThread
0x428020 VirtualAlloc
0x428024 FreeConsole
0x428028 RaiseException
0x42802c InitOnceBeginInitialize
0x428030 InitOnceComplete
0x428034 CloseHandle
0x428038 GetCurrentThreadId
0x42803c ReleaseSRWLockExclusive
0x428040 AcquireSRWLockExclusive
0x428044 TryAcquireSRWLockExclusive
0x428048 WakeAllConditionVariable
0x42804c SleepConditionVariableSRW
0x428050 GetLastError
0x428054 FreeLibraryWhenCallbackReturns
0x428058 CreateThreadpoolWork
0x42805c SubmitThreadpoolWork
0x428060 CloseThreadpoolWork
0x428064 GetModuleHandleExW
0x428068 IsProcessorFeaturePresent
0x42806c EnterCriticalSection
0x428070 LeaveCriticalSection
0x428074 InitializeCriticalSectionEx
0x428078 DeleteCriticalSection
0x42807c QueryPerformanceCounter
0x428080 EncodePointer
0x428084 DecodePointer
0x428088 MultiByteToWideChar
0x42808c WideCharToMultiByte
0x428090 LCMapStringEx
0x428094 GetSystemTimeAsFileTime
0x428098 GetModuleHandleW
0x42809c GetProcAddress
0x4280a0 GetStringTypeW
0x4280a4 GetCPInfo
0x4280a8 IsDebuggerPresent
0x4280ac UnhandledExceptionFilter
0x4280b0 SetUnhandledExceptionFilter
0x4280b4 GetStartupInfoW
0x4280b8 GetCurrentProcess
0x4280bc TerminateProcess
0x4280c0 GetCurrentProcessId
0x4280c4 InitializeSListHead
0x4280c8 GetProcessHeap
0x4280cc RtlUnwind
0x4280d0 SetLastError
0x4280d4 InitializeCriticalSectionAndSpinCount
0x4280d8 TlsAlloc
0x4280dc TlsGetValue
0x4280e0 TlsSetValue
0x4280e4 TlsFree
0x4280e8 FreeLibrary
0x4280ec LoadLibraryExW
0x4280f0 ExitProcess
0x4280f4 GetModuleFileNameW
0x4280f8 GetStdHandle
0x4280fc WriteFile
0x428100 GetCommandLineA
0x428104 GetCommandLineW
0x428108 HeapFree
0x42810c HeapAlloc
0x428110 CompareStringW
0x428114 LCMapStringW
0x428118 GetLocaleInfoW
0x42811c IsValidLocale
0x428120 GetUserDefaultLCID
0x428124 EnumSystemLocalesW
0x428128 GetFileType
0x42812c GetFileSizeEx
0x428130 SetFilePointerEx
0x428134 FlushFileBuffers
0x428138 GetConsoleOutputCP
0x42813c GetConsoleMode
0x428140 ReadFile
0x428144 ReadConsoleW
0x428148 HeapReAlloc
0x42814c FindClose
0x428150 FindFirstFileExW
0x428154 FindNextFileW
0x428158 IsValidCodePage
0x42815c GetACP
0x428160 GetOEMCP
0x428164 GetEnvironmentStringsW
0x428168 FreeEnvironmentStringsW
0x42816c SetEnvironmentVariableW
0x428170 WriteConsoleW
EAT(Export Address Table) is none