ScreenShot
| Created | 2024.07.12 16:00 | Machine | s1_win7_x6403 |
| Filename | vidar1207.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 43 detected (AIDetectMalware, Malicious, score, Artemis, Unsafe, Kryptik, Vnyo, Attribute, HighConfidence, high confidence, HXLV, CrypterX, Lazy, s6y2KdE9tVH, VIDAR, YXEGLZ, Real Protect, high, LummaStealer, Detected, ai score=87, Upatre, Eldorado, ZexaF, AyY@aKwN1Sii, BScope, TrojanPSW, Static AI, Malicious PE, susgen, confidence, 100%, HDAT) | ||
| md5 | 51c75077bca69383b83b1c94c2406e05 | ||
| sha256 | f3f2ee666e572cea6eb5bcfd31fbfbc3b0edc9f99db528bb0a640751fb223033 | ||
| ssdeep | 6144:LwcfOnB0WvTtMMR0Q+uGQ8n97bfrd1NFqGOGOwqGz5n3eU7FhdSs4ztWTH8S8EO:CnTvT729zd3RObwqGz5n3VFLqS8EO | ||
| imphash | 54a5cf5c66bf4d0985703442865d04af | ||
| impfuzzy | 24:+9jlKEkBKAWokbJcpVJ+cQDTt8CbJBl39rYDZMv5GMACpOovbOPZX:7v/W/cpVJhIt8C7pZOZG43d | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 43 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
Rules (6cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
USER32.dll
0x427160 OffsetRect
KERNEL32.dll
0x427000 CreateFileW
0x427004 HeapSize
0x427008 SetStdHandle
0x42700c WaitForSingleObject
0x427010 CreateThread
0x427014 VirtualAlloc
0x427018 RaiseException
0x42701c InitOnceBeginInitialize
0x427020 InitOnceComplete
0x427024 CloseHandle
0x427028 GetCurrentThreadId
0x42702c ReleaseSRWLockExclusive
0x427030 AcquireSRWLockExclusive
0x427034 TryAcquireSRWLockExclusive
0x427038 WakeAllConditionVariable
0x42703c SleepConditionVariableSRW
0x427040 WideCharToMultiByte
0x427044 GetLastError
0x427048 FreeLibraryWhenCallbackReturns
0x42704c CreateThreadpoolWork
0x427050 SubmitThreadpoolWork
0x427054 CloseThreadpoolWork
0x427058 GetModuleHandleExW
0x42705c IsProcessorFeaturePresent
0x427060 EnterCriticalSection
0x427064 LeaveCriticalSection
0x427068 InitializeCriticalSectionEx
0x42706c DeleteCriticalSection
0x427070 QueryPerformanceCounter
0x427074 EncodePointer
0x427078 DecodePointer
0x42707c MultiByteToWideChar
0x427080 LCMapStringEx
0x427084 GetSystemTimeAsFileTime
0x427088 GetModuleHandleW
0x42708c GetProcAddress
0x427090 GetStringTypeW
0x427094 GetCPInfo
0x427098 IsDebuggerPresent
0x42709c UnhandledExceptionFilter
0x4270a0 SetUnhandledExceptionFilter
0x4270a4 GetStartupInfoW
0x4270a8 GetCurrentProcess
0x4270ac TerminateProcess
0x4270b0 GetCurrentProcessId
0x4270b4 InitializeSListHead
0x4270b8 GetProcessHeap
0x4270bc RtlUnwind
0x4270c0 SetLastError
0x4270c4 InitializeCriticalSectionAndSpinCount
0x4270c8 TlsAlloc
0x4270cc TlsGetValue
0x4270d0 TlsSetValue
0x4270d4 TlsFree
0x4270d8 FreeLibrary
0x4270dc LoadLibraryExW
0x4270e0 ExitProcess
0x4270e4 GetModuleFileNameW
0x4270e8 GetStdHandle
0x4270ec WriteFile
0x4270f0 HeapAlloc
0x4270f4 HeapFree
0x4270f8 LCMapStringW
0x4270fc GetLocaleInfoW
0x427100 IsValidLocale
0x427104 GetUserDefaultLCID
0x427108 EnumSystemLocalesW
0x42710c GetFileType
0x427110 GetFileSizeEx
0x427114 SetFilePointerEx
0x427118 FlushFileBuffers
0x42711c GetConsoleOutputCP
0x427120 GetConsoleMode
0x427124 ReadFile
0x427128 ReadConsoleW
0x42712c HeapReAlloc
0x427130 FindClose
0x427134 FindFirstFileExW
0x427138 FindNextFileW
0x42713c IsValidCodePage
0x427140 GetACP
0x427144 GetOEMCP
0x427148 GetCommandLineA
0x42714c GetCommandLineW
0x427150 GetEnvironmentStringsW
0x427154 FreeEnvironmentStringsW
0x427158 WriteConsoleW
EAT(Export Address Table) is none
USER32.dll
0x427160 OffsetRect
KERNEL32.dll
0x427000 CreateFileW
0x427004 HeapSize
0x427008 SetStdHandle
0x42700c WaitForSingleObject
0x427010 CreateThread
0x427014 VirtualAlloc
0x427018 RaiseException
0x42701c InitOnceBeginInitialize
0x427020 InitOnceComplete
0x427024 CloseHandle
0x427028 GetCurrentThreadId
0x42702c ReleaseSRWLockExclusive
0x427030 AcquireSRWLockExclusive
0x427034 TryAcquireSRWLockExclusive
0x427038 WakeAllConditionVariable
0x42703c SleepConditionVariableSRW
0x427040 WideCharToMultiByte
0x427044 GetLastError
0x427048 FreeLibraryWhenCallbackReturns
0x42704c CreateThreadpoolWork
0x427050 SubmitThreadpoolWork
0x427054 CloseThreadpoolWork
0x427058 GetModuleHandleExW
0x42705c IsProcessorFeaturePresent
0x427060 EnterCriticalSection
0x427064 LeaveCriticalSection
0x427068 InitializeCriticalSectionEx
0x42706c DeleteCriticalSection
0x427070 QueryPerformanceCounter
0x427074 EncodePointer
0x427078 DecodePointer
0x42707c MultiByteToWideChar
0x427080 LCMapStringEx
0x427084 GetSystemTimeAsFileTime
0x427088 GetModuleHandleW
0x42708c GetProcAddress
0x427090 GetStringTypeW
0x427094 GetCPInfo
0x427098 IsDebuggerPresent
0x42709c UnhandledExceptionFilter
0x4270a0 SetUnhandledExceptionFilter
0x4270a4 GetStartupInfoW
0x4270a8 GetCurrentProcess
0x4270ac TerminateProcess
0x4270b0 GetCurrentProcessId
0x4270b4 InitializeSListHead
0x4270b8 GetProcessHeap
0x4270bc RtlUnwind
0x4270c0 SetLastError
0x4270c4 InitializeCriticalSectionAndSpinCount
0x4270c8 TlsAlloc
0x4270cc TlsGetValue
0x4270d0 TlsSetValue
0x4270d4 TlsFree
0x4270d8 FreeLibrary
0x4270dc LoadLibraryExW
0x4270e0 ExitProcess
0x4270e4 GetModuleFileNameW
0x4270e8 GetStdHandle
0x4270ec WriteFile
0x4270f0 HeapAlloc
0x4270f4 HeapFree
0x4270f8 LCMapStringW
0x4270fc GetLocaleInfoW
0x427100 IsValidLocale
0x427104 GetUserDefaultLCID
0x427108 EnumSystemLocalesW
0x42710c GetFileType
0x427110 GetFileSizeEx
0x427114 SetFilePointerEx
0x427118 FlushFileBuffers
0x42711c GetConsoleOutputCP
0x427120 GetConsoleMode
0x427124 ReadFile
0x427128 ReadConsoleW
0x42712c HeapReAlloc
0x427130 FindClose
0x427134 FindFirstFileExW
0x427138 FindNextFileW
0x42713c IsValidCodePage
0x427140 GetACP
0x427144 GetOEMCP
0x427148 GetCommandLineA
0x42714c GetCommandLineW
0x427150 GetEnvironmentStringsW
0x427154 FreeEnvironmentStringsW
0x427158 WriteConsoleW
EAT(Export Address Table) is none