MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f42b5d3c7f9df937aa85838dd67cfe03844b2fb0d912e5c753b1e5a7aa75f3f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Vidar


Vendor detections: 12


Intelligence 12 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f42b5d3c7f9df937aa85838dd67cfe03844b2fb0d912e5c753b1e5a7aa75f3f0
SHA3-384 hash: 4c87ff4fc73b986ab76615ef9bd9474613f8c02dd1ad2e33b49dfe1f7497e8ff12ece09838f041259fb5b46e8cbdd3b3
SHA1 hash: 7933e144d0d9538849571da2600dee494def37ec
MD5 hash: b91e573ccb68bae44455cf04a1617d98
humanhash: montana-lamp-river-london
File name:Esp.exe
Download: download sample
Signature Vidar
Create hunting rule
File size:8'138'182 bytes
First seen:2024-03-27 19:51:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b5a014d7eeb4c2042897567e1288a095 (20 x HijackLoader, 14 x ValleyRAT, 12 x LummaStealer)
ssdeep 196608:YpQYnSHCrHAUb0Dmg+KZM7lCrXQ0G3xPr0r2:YpjRDAECOCrg0G3xl
TLSH T1D08633827788A0D8C314CF364F8DCF3AA7F2E266A6519D03B9D54E151DB31E2A34B4D9
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10523/12/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4504/4/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon c292ecd8f2f6fe1c (15 x HijackLoader, 11 x LummaStealer, 7 x Arechclient2)
Reporter rmceoin
Tags:exe vidar


Avatar
rmceoin
91.92.250.123/Downloads/Rechnung.pdf.lnk
Machine identifier: win-8oa3ccqae4d
LNK -> mshta https://docshare.site/2/rechnungvertrag -> https://docshare.site/2/Esp.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
492
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f2c3f2034f72bcf0d93e56925be2b33aba07b33be026b65a9776b72e30bf9d69.lnk
Verdict:
Malicious activity
Analysis date:
2024-03-27 19:51:54 UTC
Tags:
hijackloader loader
Link:
https://app.any.run/tasks/2f6dcae3-1153-48e6-ab3b-a2dac8b10fd6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% directory
Сreating synchronization primitives
Creating a process from a recently created file
Searching for synchronization primitives
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
fingerprint installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/660478e4749593bccd271b48/reports/d79f7a63-fcbd-48c9-934e-8d6e7c120b61/overview
Verdict:
Malicious
Labled as:
Win/grayware_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/f42b5d3c7f9df937aa85838dd67cfe03844b2fb0d912e5c753b1e5a7aa75f3f0
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/d0c6cc56-b9bf-4f7d-85f7-8af4eefc8cc0
Result
Threat name:
Vidar
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1416732
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected AntiVM3
Yara detected Vidar
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1416732 Sample: Esp.exe Startdate: 27/03/2024 Architecture: WINDOWS Score: 100 46 steamcommunity.com 2->46 58 Found malware configuration 2->58 60 Antivirus detection for URL or domain 2->60 62 Yara detected Vidar 2->62 64 3 other signatures 2->64 9 Esp.exe 50 2->9         started        signatures3 process4 file5 34 C:\Users\user\AppData\Local\...\pxn9zstY.exe, PE32 9->34 dropped 36 C:\Users\user\AppData\Local\Temp\sp.dll, PE32 9->36 dropped 38 C:\Users\user\AppData\Local\Temp\sn.dll, PE32+ 9->38 dropped 40 45 other files (none is malicious) 9->40 dropped 12 pxn9zstY.exe 3 9->12         started        process6 signatures7 74 Maps a DLL or memory area into another process 12->74 76 Found direct / indirect Syscall (likely to bypass EDR) 12->76 15 ftp.exe 3 12->15         started        process8 file9 42 C:\Users\user\AppData\Local\Temp\qhrw, PE32 15->42 dropped 44 C:\Users\user\AppData\Local\Temp\Visa.au3, PE32 15->44 dropped 52 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 15->52 54 Writes to foreign memory regions 15->54 56 Found hidden mapped module (file has been removed from disk) 15->56 19 Visa.au3 37 15->19         started        24 conhost.exe 15->24         started        signatures10 process11 dnsIp12 48 78.46.229.36, 443, 49711, 49712 HETZNER-ASDE Germany 19->48 50 steamcommunity.com 104.102.129.112, 443, 49710 AKAMAI-ASUS United States 19->50 26 C:\Users\user\AppData\Local\...\sqlm[1].dll, PE32 19->26 dropped 28 C:\Users\user\AppData\...\vcruntime140[1].dll, PE32 19->28 dropped 30 C:\Users\user\AppData\...\softokn3[1].dll, PE32 19->30 dropped 32 10 other files (none is malicious) 19->32 dropped 66 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 19->66 68 Found many strings related to Crypto-Wallets (likely being stolen) 19->68 70 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 19->70 72 5 other signatures 19->72 file13 signatures14
Score:
39%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/f42b5d3c7f9df937aa85838dd67cfe03844b2fb0d912e5c753b1e5a7aa75f3f0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f42b5d3c7f9df937aa85838dd67cfe03844b2fb0d912e5c753b1e5a7aa75f3f0/
Threat name:
Win32.Adware.RedCap
Create hunting rule
Status:
Malicious
First seen:
2024-03-27 19:52:08 UTC
File Type:
PE (Exe)
Extracted files:
445
AV detection:
12 of 23 (52.17%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6qvv2pd7tx4tpkufqog5m7h6aocewl5q3ejolr2twhs2pktv6pya._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/240327-yldnvadh6y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
68bee500e0080f21c003126e73b6d07804d23ac98b2376a8b76c26297d467abe
MD5 hash:
d4dae7149d6e4dab65ac554e55868e3b
SHA1 hash:
b3bea0a0a1f0a6f251bcf6a730a97acc933f269a
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
a6edb3fb6d21dd461da3767a7995034e208f7d6b08997f6cf7ee7b0ea833a8f0
MD5 hash:
cabb58bb5694f8b8269a73172c85b717
SHA1 hash:
9ed583c56385fed8e5e0757ddb2fdf025f96c807
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
c318f5703635fceab5a38325b040d52ac957fbe55a26d543a3a101c6e82b25bd
MD5 hash:
a6bb7f68e4979f76e467ae2f8d41ae3e
SHA1 hash:
7d882451aa433f12dcbe5f578906e6db3e7fc9ae
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
Parent samples :
f42b5d3c7f9df937aa85838dd67cfe03844b2fb0d912e5c753b1e5a7aa75f3f0
4f76cd6ec7222833969dcad5f71ab7cbddfd3714bc9adda334413c66c2826209
SH256 hash:
b713ea161b4ce9f2cd5f0b7710d99bfdf797dee3e7555132bea734a03166383d
MD5 hash:
95edf853b21e0074c167ac9315ddae70
SHA1 hash:
0ff0ccbd194c76da3ad31e145569a28278216dd9
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
fd48da616f2d17054bcab961239431d99c247586f96bac69aac5b704ea694352
MD5 hash:
90340ac74d22b9a67237ea52a4dc1c75
SHA1 hash:
75d44b240afd4198b0f3b7256a4a9533ad1ba73f
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
fcf66176b6f7ab86f98f38d5662f61fa61ad3f1e59740d8a1df0e1072248cf6d
MD5 hash:
0651bcd9acadac1d50653be35378a82c
SHA1 hash:
5d1b2233c7acb3915d33f7b29cc2f0cbf34ea1ad
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
f822289ea5a9b0ccf9777a72bc8b73ce68b596fcca811e0cff0adc4031056b20
MD5 hash:
7442e7059f712705d4b97699bf56de35
SHA1 hash:
f924088428eda3b76030091cf59ad38afb590118
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
efd2a8b2d95ce3e513a35ccd0e74a14297cdf1f89f69e31b87b1f0ca0d16f37e
MD5 hash:
f71bb7c962274e15a434d128c953bf1c
SHA1 hash:
6bf62ea5796b9bc757669e4b413be17c4deb7a22
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
e63a096b1ae68a774b1f1afc51b5dbef1a5ac2d79dccc1104112c22841e3e378
MD5 hash:
0713775484e95e5bebcbe807d53488f8
SHA1 hash:
222dcab5f38d72971fad641201ba3ff9a2a0ecdc
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
d95f01fc571294b128d0cfde5e68472b8f6a0b3dd5f0c18b676e3a077df80cc7
MD5 hash:
1c76698d36fce20d2919e67e3f08bfbd
SHA1 hash:
eb85df5d35cad00ee7eda50e8a4eceb2490f9245
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
d78e74087d151454365adf6239967c8ecebe85b1c6c6d3f59e70f0980028b1e7
MD5 hash:
592a65b922d4cd052bae1957be801a4f
SHA1 hash:
8371486ce1b38e692c0abc4a2a9e0c3e1945bb89
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
d08d50eff27e71af2e72655edf22dbdea85346cc14be53c48988a3c039fdf17f
MD5 hash:
9c46e030383d0f85a113a1f3b7477a77
SHA1 hash:
7f762360a7cb9881fa9c153f42f3a39be89db946
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
cb9f01af9ba4b50c604633073e4003652f1e99faff93daacd4502d4c08177688
MD5 hash:
38646cd15ac25a8d71bab09d5b077338
SHA1 hash:
4c153622a3f069480a194bf98add276f9138e168
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
ca2b5493a6699756b3bf63d9bd807b0204419ec3087d02f4bb5c7b01e8fffd4e
MD5 hash:
fc776a56634728a146211939d14187b5
SHA1 hash:
f8372701ba9ee1a51ecf4649c74e27d1e996a45a
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
c5131d1abd188d009e72b8c6474c74a262b7b8ec504470385f7f69428e7ae0e7
MD5 hash:
490c63e6b1aba9a525404067ce3c20b6
SHA1 hash:
04997f8a146284f8369c7db6204949658d6d7180
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
b8d3d45141ad57d917b25d2491a07f20c77b1dfd047e203e26dad591c40b225a
MD5 hash:
d1f28f796bacea3d58eca271fd128758
SHA1 hash:
934efde030a54a441c342af18ab5275e5facd0e8
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
b858256aa6a926f89714f21790d25e90b7dea5096bd9935454a8b4c7abea736c
MD5 hash:
2b3eae5e560be8c87a246d0e8fe3f593
SHA1 hash:
8f9563bb72fbea30d37a27c353daceb552279603
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
b5823ce2d6e600eaf4e2b1353600dca0351c46d014f97ac525c3ee9dafb2bf4c
MD5 hash:
320629a907048b64a99ef484417df721
SHA1 hash:
0de1886eae33bb5f16de27d647048a92586259d4
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
b3caf7155167f5d1d4ada4df4764bc78b85032bb769e5ef586fcab27fd681cb5
MD5 hash:
5e50911343631e123b2de2d19ad5e2ef
SHA1 hash:
48f0330e58e1a17a72bfc9b1283c8eadc96e1ccf
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
b2546e21336714858d2b03d2532b6955dcd7ff46b30435f6d309d8c39d0dc957
MD5 hash:
918b087149a2571d9db1eb04878c3603
SHA1 hash:
aa1d2c7550df6eddd2e99b44ac9de925888281ad
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
a170d9851a1427066d1fd61c32a9ae4b9545aa926be55da7e7d94275be281dc8
MD5 hash:
3b07abbe272e9b9e2989e2d6a400fa53
SHA1 hash:
f925e5e58377dcdc13b6d80ff22c775e2334e372
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
9f0d6efb48c7f8c0f001ec30d45558c5d8675c06573eca7c8125a7d5a1db2634
MD5 hash:
51b851eb7b58ca2c3280def9722a9602
SHA1 hash:
75aa3331eb7da58868f700158df56fb49e3c4507
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
9e153dbf1c157a910dfc62d1f1ae6c728ae3d5f2b767c5659a6881cecd35d8f7
MD5 hash:
796e70f25faf0353eba92c001569c976
SHA1 hash:
2b427d0ad6e6ada06c012860a532da24e3f1a8c0
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
9c57a5fbaa0a57530b988a4aada32e378b1cbd1fe368b90e147f12069c8ae7bc
MD5 hash:
b179b9f02a2a42a92c8eee8722d03745
SHA1 hash:
86021ffb09e59a781e96158c8f5fd7b63ef950e2
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
8b4a9ba2855247adddb4ee1e7f503dad5674ea7bb45015bd69cc83a3332f696b
MD5 hash:
b2eac5c213cc442820167617d568e179
SHA1 hash:
9e61baac12e1a536be5e553530db8957ac606d37
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
85fd25863a60e7c627494dcf14b169480023c0b8e4682a0e495f4f7389407149
MD5 hash:
364d65fe7f976fd00702f5bd63eea9b3
SHA1 hash:
e40359ed2e2deb198caefedc27acf8c7715fc80e
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
7cf73e4f69b3dfd89f3b24167f2f421b17537f3a4e707c63c675457b4fbf850b
MD5 hash:
b685358b3d0f37b68a24a6862f2ab63c
SHA1 hash:
b98d6706b7c922a2c93a75280e599361502697d1
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
7966a70a6113a131c563914f8cc7acfd8b8922d8ef1ddb2a18caede076f1eca5
MD5 hash:
c748312b0f6dfa5440bfecbd094f9180
SHA1 hash:
d991110deb52177634630ab6165e195ea62ab1bd
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
77f2e7e09fe542ea78f4f6f23440014461074b993e50bf75d02b2c6571f5d696
MD5 hash:
410fb7adfc54094b95609747a5376472
SHA1 hash:
e2e79f589a2e71009d9947bb02f05b877e208266
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
67f4d89f85a61b18ac1f5d6d04f625d64bedb252c219ff9785cd1508876bc718
MD5 hash:
4228b8901e130b70052da8562dc7b5b9
SHA1 hash:
5007d4da77465c38d66689312418acbef9c7aace
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
65f2a93490c845833541de1376d5bb65e6e864a1a9232f58f86a7a84408508c9
MD5 hash:
85444893a6553a4dd26150a68fd373d8
SHA1 hash:
ad9b46da45366f13a22173b06e22a45a211e99ec
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
616ac120e3b9abb6f245a09fc17398bef10c5e6aa617849fe68a89efdcddb7fe
MD5 hash:
f6f0270f98f5cf857d1e0667819fc9d6
SHA1 hash:
959209e5e068aa2564f4f777e1c8616a9d4cb6a0
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
55804126146c7c575add104eec386f161672cb740e765eaaf7ec8707a7cd2af6
MD5 hash:
bb66dd4c715754bfa99abbcbee3a4449
SHA1 hash:
21a9bef9112c1a614bf3d5f6eb2d2f0f17b58531
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
4da31e582dc47d46132cc73ad34d5b87dddd2338495ceb2772f7e103a9a32ebc
MD5 hash:
841e4ff9bb531b52218392db1d7cfbe4
SHA1 hash:
5607c2a987436195f1e241a0b29e8fb1f734102f
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
4b00d5be82d9eae3445b559f4eb1c62eb192f5554b9edad50b09f98fbc65c126
MD5 hash:
4ee09ce90a33fc4f885539370d3ab11f
SHA1 hash:
023fb903cb6ddd95e25f18fd72e1b57b4a5ccff2
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
498d2f02f5fe0a73cdaa1617be6bf7b2b550ada0537f8b1673c590ea99429c30
MD5 hash:
f04d8cd1c228b2a9321429bc9d72599e
SHA1 hash:
6695fc5cbee5c73077c59ef514353a4e2d6485f8
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
43e0c37da7bc6b2786f95765f14177651bea534ca4d1d966c79fc301a55ad5df
MD5 hash:
03c2c3d48cba89a77a8c06158056aaa8
SHA1 hash:
3cf294991250721c2100288d4dbcb0343cc04bf2
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
420395ac9ab87accb00fa478be0b73b583a42d406d1341d98a77f6189b556998
MD5 hash:
4d0399f0050b13586b8b04f62e95b16b
SHA1 hash:
407ca079a3bbe2837203beabf41516fdba776a16
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
3ab7f3707a380352c5aff32c0761c5ff86f358f3683b1dd273da8be18f6521a1
MD5 hash:
0e37f414237e14f395f8914ac2532581
SHA1 hash:
2b06c81103d7c94075dd63a8df33b72ffda75d2b
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
3a23171aac49453f931d69cd55f6ec742243f5835386d9e6b18efad96c2be450
MD5 hash:
b52238936bdf50ab985435a176281f68
SHA1 hash:
7bd2be0808c538b6f15f20a9a1228cf4a20adbdd
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
34457a002e90a590b516bbf58530cdddbb618a46bb3e764e18167c44934917dc
MD5 hash:
46aaecdb8d337980c82cb2714a985986
SHA1 hash:
22104d2272b592a344df5b575fcff83ca0e4b161
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
2b151cce07a4d9c8507a1c547fdcb6ad904f9ebeeee71439d6151eeee287984f
MD5 hash:
7ebb75a1000e52570ca55c35dfc7bd6c
SHA1 hash:
764dc860173990e451f6aeb6fd9b0164a86e447e
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
23fbe7263ca595af627fc37e774fc6fd5f66daecb54e38d48486c9df09e438f4
MD5 hash:
ae1eb2e7a5de49e2950cd2f7892d5513
SHA1 hash:
ab7ea36f3c4232f0b3f6036edecffdd4e8603936
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
230da452a8068ff5be158d84618c9d291bf9b8bc878ed5d56318558d52e4966a
MD5 hash:
c542c43d910dd6ae2f4a7cffebccf613
SHA1 hash:
02086fd8e53fcb3ac20cd4aabd730d46458d698f
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
0c25f2284aec3aa7dcf6432ba9416e2fb289e08bbd996bcddadaabe42e361b46
MD5 hash:
e36e88531f284b1135617b91f73e5ec7
SHA1 hash:
dac7d7984c7f906f66a2eadec395207a4fd9a599
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
0b87358da7882fed313facee92bb8f4e45299c63ca557fdfba1478b364575fc5
MD5 hash:
0444624f30e8030d84bb169fc2410444
SHA1 hash:
05c1cd844368ae2c113585b477f91507430d72a0
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
01f6b2760031ed0d521e8d972a6e7b4aa05393934a37266c3f9374042cc97b3b
MD5 hash:
2a21692ef3a54e5f4a016a3a1767a7d9
SHA1 hash:
9890261f7cc42d660371c1b9d3a96c09b1e48783
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
fce824e456f049f2733825e0301be7d53e42bc76c3daa7ceecdf90c4f2ae841c
MD5 hash:
e2160ab73d8c6c6e7de93a94f32212c6
SHA1 hash:
d8390d45174cd9697ce7cb2068df24616666d978
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
SH256 hash:
f42b5d3c7f9df937aa85838dd67cfe03844b2fb0d912e5c753b1e5a7aa75f3f0
MD5 hash:
b91e573ccb68bae44455cf04a1617d98
SHA1 hash:
7933e144d0d9538849571da2600dee494def37ec
Link:
https://www.unpac.me/results/1ee83707-f5f7-43e3-bab0-207ecf57115b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f42b5d3c7f9df937aa85838dd67cfe03844b2fb0d912e5c753b1e5a7aa75f3f0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Vidar

Shortcut (lnk) lnk f2c3f2034f72bcf0d93e56925be2b33aba07b33be026b65a9776b72e30bf9d69

Vidar

Executable exe e47a373b0463000b4c72191a862ff11400887a5b86889620b56d00640eadb783

Vidar

Executable exe f42b5d3c7f9df937aa85838dd67cfe03844b2fb0d912e5c753b1e5a7aa75f3f0

(this sample)

  
Dropped by
SHA256 e47a373b0463000b4c72191a862ff11400887a5b86889620b56d00640eadb783
  
Dropped by
MD5 22d1f82cae9c0e2617dbba49d56b651b

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
ole32.dll::CreateStreamOnHGlobal
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExW
SHELL32.dll::ShellExecuteW
SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetDriveTypeW
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetDiskFreeSpaceExW
KERNEL32.dll::GetCommandLineW
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::GetSystemDirectoryW
KERNEL32.dll::GetFileAttributesW
KERNEL32.dll::FindFirstFileW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::CreateWindowExW

Comments