ScreenShot
| Created | 2024.07.08 07:58 | Machine | s1_win7_x6401 |
| Filename | vidar0607.exe | ||
| Type | PE32 executable (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 39 detected (AIDetectMalware, malicious, high confidence, score, Artemis, Unsafe, Save, Jaik, Attribute, HighConfidence, Kryptik, HXDB, CrypterX, Lazy, Nd9iHzdZn0S, vidar, ojldj, Locky, high, LummaStealer, Detected, ai score=84, Sabsik, Z97C59, Eldorado, ZexaE, ByW@aa474bei, BScope, TrojanPSW, Convagent, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | 47a4c6547aaa57510c4d02ce8a6ae548 | ||
| sha256 | 86e575388e355071efce2321d937b50793a353bf8f6cbbcbd7a9305fe293683e | ||
| ssdeep | 12288:w23hQpxY3Tf3jnRqQ4CfcjOh5aerlVAgnFDYh//5NyVx:w23qpxYDLRuCHbamTAgnFs//36 | ||
| imphash | b1fdca67f9b8dae5c0fa30f8218d4955 | ||
| impfuzzy | 24:+9jKxE7jMaKAWJkbJcpVJ+ZQDvt8CbJBl39R9OovbO3kFZMv5GMACEZHu9U:5JCWccpVJ2kt8C7pPo30FZGK | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x42c180 OffsetRect
KERNEL32.dll
0x42c000 CreateFileW
0x42c004 HeapSize
0x42c008 SetStdHandle
0x42c00c WaitForSingleObject
0x42c010 Sleep
0x42c014 CreateThread
0x42c018 VirtualAlloc
0x42c01c FreeConsole
0x42c020 RaiseException
0x42c024 InitOnceBeginInitialize
0x42c028 InitOnceComplete
0x42c02c CloseHandle
0x42c030 WaitForSingleObjectEx
0x42c034 GetCurrentThreadId
0x42c038 GetExitCodeThread
0x42c03c ReleaseSRWLockExclusive
0x42c040 AcquireSRWLockExclusive
0x42c044 TryAcquireSRWLockExclusive
0x42c048 WakeAllConditionVariable
0x42c04c SleepConditionVariableSRW
0x42c050 WideCharToMultiByte
0x42c054 MultiByteToWideChar
0x42c058 GetStringTypeW
0x42c05c GetLastError
0x42c060 FreeLibraryWhenCallbackReturns
0x42c064 CreateThreadpoolWork
0x42c068 SubmitThreadpoolWork
0x42c06c CloseThreadpoolWork
0x42c070 GetModuleHandleExW
0x42c074 IsProcessorFeaturePresent
0x42c078 EnterCriticalSection
0x42c07c LeaveCriticalSection
0x42c080 InitializeCriticalSectionEx
0x42c084 DeleteCriticalSection
0x42c088 QueryPerformanceCounter
0x42c08c EncodePointer
0x42c090 DecodePointer
0x42c094 LCMapStringEx
0x42c098 GetSystemTimeAsFileTime
0x42c09c GetModuleHandleW
0x42c0a0 GetProcAddress
0x42c0a4 GetCPInfo
0x42c0a8 IsDebuggerPresent
0x42c0ac UnhandledExceptionFilter
0x42c0b0 SetUnhandledExceptionFilter
0x42c0b4 GetStartupInfoW
0x42c0b8 GetCurrentProcess
0x42c0bc TerminateProcess
0x42c0c0 GetCurrentProcessId
0x42c0c4 InitializeSListHead
0x42c0c8 GetProcessHeap
0x42c0cc RtlUnwind
0x42c0d0 SetLastError
0x42c0d4 InitializeCriticalSectionAndSpinCount
0x42c0d8 TlsAlloc
0x42c0dc TlsGetValue
0x42c0e0 TlsSetValue
0x42c0e4 TlsFree
0x42c0e8 FreeLibrary
0x42c0ec LoadLibraryExW
0x42c0f0 ExitThread
0x42c0f4 FreeLibraryAndExitThread
0x42c0f8 ExitProcess
0x42c0fc GetModuleFileNameW
0x42c100 GetStdHandle
0x42c104 WriteFile
0x42c108 GetCommandLineA
0x42c10c GetCommandLineW
0x42c110 HeapAlloc
0x42c114 HeapFree
0x42c118 CompareStringW
0x42c11c LCMapStringW
0x42c120 GetLocaleInfoW
0x42c124 IsValidLocale
0x42c128 GetUserDefaultLCID
0x42c12c EnumSystemLocalesW
0x42c130 GetFileType
0x42c134 GetFileSizeEx
0x42c138 SetFilePointerEx
0x42c13c FlushFileBuffers
0x42c140 GetConsoleOutputCP
0x42c144 GetConsoleMode
0x42c148 ReadFile
0x42c14c ReadConsoleW
0x42c150 HeapReAlloc
0x42c154 FindClose
0x42c158 FindFirstFileExW
0x42c15c FindNextFileW
0x42c160 IsValidCodePage
0x42c164 GetACP
0x42c168 GetOEMCP
0x42c16c GetEnvironmentStringsW
0x42c170 FreeEnvironmentStringsW
0x42c174 SetEnvironmentVariableW
0x42c178 WriteConsoleW
EAT(Export Address Table) Library
0x42b7b2 AwakeSound
USER32.dll
0x42c180 OffsetRect
KERNEL32.dll
0x42c000 CreateFileW
0x42c004 HeapSize
0x42c008 SetStdHandle
0x42c00c WaitForSingleObject
0x42c010 Sleep
0x42c014 CreateThread
0x42c018 VirtualAlloc
0x42c01c FreeConsole
0x42c020 RaiseException
0x42c024 InitOnceBeginInitialize
0x42c028 InitOnceComplete
0x42c02c CloseHandle
0x42c030 WaitForSingleObjectEx
0x42c034 GetCurrentThreadId
0x42c038 GetExitCodeThread
0x42c03c ReleaseSRWLockExclusive
0x42c040 AcquireSRWLockExclusive
0x42c044 TryAcquireSRWLockExclusive
0x42c048 WakeAllConditionVariable
0x42c04c SleepConditionVariableSRW
0x42c050 WideCharToMultiByte
0x42c054 MultiByteToWideChar
0x42c058 GetStringTypeW
0x42c05c GetLastError
0x42c060 FreeLibraryWhenCallbackReturns
0x42c064 CreateThreadpoolWork
0x42c068 SubmitThreadpoolWork
0x42c06c CloseThreadpoolWork
0x42c070 GetModuleHandleExW
0x42c074 IsProcessorFeaturePresent
0x42c078 EnterCriticalSection
0x42c07c LeaveCriticalSection
0x42c080 InitializeCriticalSectionEx
0x42c084 DeleteCriticalSection
0x42c088 QueryPerformanceCounter
0x42c08c EncodePointer
0x42c090 DecodePointer
0x42c094 LCMapStringEx
0x42c098 GetSystemTimeAsFileTime
0x42c09c GetModuleHandleW
0x42c0a0 GetProcAddress
0x42c0a4 GetCPInfo
0x42c0a8 IsDebuggerPresent
0x42c0ac UnhandledExceptionFilter
0x42c0b0 SetUnhandledExceptionFilter
0x42c0b4 GetStartupInfoW
0x42c0b8 GetCurrentProcess
0x42c0bc TerminateProcess
0x42c0c0 GetCurrentProcessId
0x42c0c4 InitializeSListHead
0x42c0c8 GetProcessHeap
0x42c0cc RtlUnwind
0x42c0d0 SetLastError
0x42c0d4 InitializeCriticalSectionAndSpinCount
0x42c0d8 TlsAlloc
0x42c0dc TlsGetValue
0x42c0e0 TlsSetValue
0x42c0e4 TlsFree
0x42c0e8 FreeLibrary
0x42c0ec LoadLibraryExW
0x42c0f0 ExitThread
0x42c0f4 FreeLibraryAndExitThread
0x42c0f8 ExitProcess
0x42c0fc GetModuleFileNameW
0x42c100 GetStdHandle
0x42c104 WriteFile
0x42c108 GetCommandLineA
0x42c10c GetCommandLineW
0x42c110 HeapAlloc
0x42c114 HeapFree
0x42c118 CompareStringW
0x42c11c LCMapStringW
0x42c120 GetLocaleInfoW
0x42c124 IsValidLocale
0x42c128 GetUserDefaultLCID
0x42c12c EnumSystemLocalesW
0x42c130 GetFileType
0x42c134 GetFileSizeEx
0x42c138 SetFilePointerEx
0x42c13c FlushFileBuffers
0x42c140 GetConsoleOutputCP
0x42c144 GetConsoleMode
0x42c148 ReadFile
0x42c14c ReadConsoleW
0x42c150 HeapReAlloc
0x42c154 FindClose
0x42c158 FindFirstFileExW
0x42c15c FindNextFileW
0x42c160 IsValidCodePage
0x42c164 GetACP
0x42c168 GetOEMCP
0x42c16c GetEnvironmentStringsW
0x42c170 FreeEnvironmentStringsW
0x42c174 SetEnvironmentVariableW
0x42c178 WriteConsoleW
EAT(Export Address Table) Library
0x42b7b2 AwakeSound