750173f1b36e502ff17e2c5eec03c602
Hash
- MD5: 750173f1b36e502ff17e2c5eec03c602
- SHA1: 3229e2fb4e50a104054ac1890a236a84e81c713e
- SHA256: 3f40c4a2b816271dd9e0a284b3e55c52b233cbc6b92a2d22ae4b5d70948ef00c
- First Seen: 2026-05-21
- Last Seen: 2026-05-21
-
1
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "3f40c4a2b816271dd9e0a284b3e55c52b233cbc6b92a2d22ae4b5d70948ef00c",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/3f40c4a2b816271dd9e0a284b3e55c52b233cbc6b92a2d22ae4b5d70948ef00c"
},
"attributes": {
"last_submission_date": 1775635739,
"crowdsourced_ids_stats": {
"high": 0,
"medium": 0,
"low": 1,
"info": 0
},
"filecondis": {
"dhash": "00103c1e1e1d1800",
"raw_md5": "4ccd8b47586f0cc02e93dea45cbda589"
},
"signature_info": {
"x509": [
{
"valid usage": "Server Auth, Client Auth",
"thumbprint_sha256": "4295C1B21426725B384513BA48D317EA2F1DD5569721C9AC3C63ABD1A01AE759",
"name": "www.glass.com",
"algorithm": "sha256RSA",
"thumbprint_md5": "E37A268AEE946745ED23DB78655D02B7",
"valid from": "2026-04-02 17:39:30",
"valid to": "2026-07-01 17:39:29",
"serial number": "05 74 51 88 A1 C7 11 32 EC 71 EB D8 66 58 82 1B 2E A9",
"cert issuer": "E8",
"thumbprint": "305ABD7E9C0FC5A5C91D48E88559643C2BE79282"
}
]
},
"last_analysis_results": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "8.2.40(8338)",
"engine_update": "20260507",
"category": "malicious",
"result": "W32.Malware.3250A2EC"
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan.Win32.Vidar.m!c"
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": "v0.1.4",
"engine_update": "20260508",
"category": "undetected",
"result": null
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan.Generic.39783789"
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260508",
"category": "malicious",
"result": "exe.trojan.vidar"
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260507",
"category": "undetected",
"result": null
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260508",
"category": "malicious",
"result": "Trojan.PSW.Vidar"
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260507",
"category": "malicious",
"result": "Unsafe"
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan.Generic.39783789"
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260504",
"category": "malicious",
"result": "Backdoor.Win64.Gsb.Vpjg"
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.51.59435",
"engine_update": "20260507",
"category": "malicious",
"result": "Backdoor ( 006dd9cd1 )"
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260508",
"category": "malicious",
"result": "Trojan.Generic.39783789"
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.51.59435",
"engine_update": "20260507",
"category": "malicious",
"result": "Backdoor ( 006dd9cd1 )"
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20251219",
"category": "malicious",
"result": "win/malicious_confidence_100% (D)"
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "ab35cf2:ab35cf2:548b2e3:548b2e3",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan/Loader.pm"
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1202",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan.Win64.GenX.JML"
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260507",
"category": "malicious",
"result": "ML.Attribute.HighConfidence"
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.261",
"engine_update": "20260507",
"category": "malicious",
"result": "malicious (high confidence)"
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260507",
"category": "malicious",
"result": "WinGo/Kryptik.QH trojan"
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.776",
"engine_update": "20260507",
"category": "undetected",
"result": null
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260508",
"category": "malicious",
"result": "generic.ml"
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260507",
"category": "undetected",
"result": null
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260508",
"category": "malicious",
"result": "UDS:Backdoor.Win64.Gsb.gen"
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "malicious",
"result": "Backdoor:Win32/Kryptik.a75ffb86"
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260507",
"category": "undetected",
"result": null
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260507",
"category": "undetected",
"result": null
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260507",
"category": "malicious",
"result": "Backdoor.Gsb!8.1DB49 (CLOUD)"
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.4.1.0",
"engine_update": "20260507",
"category": "malicious",
"result": "Mal/Generic-S"
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan.TR/W64.Evo"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260508",
"category": "malicious",
"result": "Trojan.PWS.Vidar.395"
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5597",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan.Kryptik.Win32.6018966"
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14532",
"engine_update": "20260508",
"category": "malicious",
"result": "ti!3F40C4A2B816"
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260504",
"category": "undetected",
"result": null
},
"CMC": {
"method": "blacklist",
"engine_name": "CMC",
"engine_version": "2.4.2022.1",
"engine_update": "20260507",
"category": "undetected",
"result": null
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan.Generic.39783789 (B)"
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "malicious",
"result": "Static AI - Suspicious PE"
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44464AVA:64.31193",
"engine_update": "20260508",
"category": "malicious",
"result": "Trojan.Generic.39783789"
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.10.0.2",
"engine_update": "20250227",
"category": "undetected",
"result": null
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1778202090",
"engine_update": "20260508",
"category": "malicious",
"result": "Detected"
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260507",
"category": "undetected",
"result": null
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan[Backdoor]/Win64.Gsb"
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260507",
"category": "malicious",
"result": "Win64.Backdoor.Gsb.gen"
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.245.174",
"engine_update": "20260507",
"category": "undetected",
"result": null
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan.Generic.D25F0D6D"
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260507",
"category": "undetected",
"result": null
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.24-114820737",
"engine_update": "20260507",
"category": "undetected",
"result": null
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26030.3008",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan:Win32/Ravartar!rfn"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260507",
"category": "malicious",
"result": "Malicious (score: 99)"
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260508",
"category": "malicious",
"result": "Infostealer/Win.Vidar.C5863763"
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260506",
"category": "malicious",
"result": "MALICIOUS"
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-05-08.01",
"engine_update": "20260508",
"category": "undetected",
"result": null
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.235",
"engine_update": "20260508",
"category": "malicious",
"result": "Malware.AI.3601215285"
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260508",
"category": "undetected",
"result": null
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260508",
"category": "malicious",
"result": "Malware.Win32.Gencirc.14ac9039"
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260508",
"category": "undetected",
"result": null
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.4.16.0",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan.WinGo.Crypt"
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260507",
"category": "malicious",
"result": "Trojan.Malware.328790041.susgen"
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.30.0",
"engine_update": "20260505",
"category": "malicious",
"result": "W64/Kryptik.QL!tr"
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260507",
"category": "malicious",
"result": "Trj/CI.A"
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "malicious",
"result": "Backdoor:Multi/Gsb.gyf"
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260508",
"category": "failure",
"result": null
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260508",
"category": "failure",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": null,
"engine_update": "20260507",
"category": "failure",
"result": null
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260508",
"category": "failure",
"result": null
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260507",
"category": "failure",
"result": null
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": null,
"engine_update": "20260508",
"category": "failure",
"result": null
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": null,
"engine_update": "20260507",
"category": "failure",
"result": null
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260507",
"category": "failure",
"result": null
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260507",
"category": "failure",
"result": null
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": null,
"engine_update": "20260507",
"category": "failure",
"result": null
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260508",
"category": "type-unsupported",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20251216",
"category": "type-unsupported",
"result": null
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260507-00",
"engine_update": "20260507",
"category": "type-unsupported",
"result": null
}
},
"first_seen_itw_date": 1775639344,
"popular_threat_classification": {
"popular_threat_category": [
{
"count": 28,
"value": "trojan"
}
],
"suggested_threat_label": "trojan.vidar/wingo",
"popular_threat_name": [
{
"count": 5,
"value": "vidar"
},
{
"count": 2,
"value": "wingo"
}
]
},
"ssdeep": "49152:7BT0Byxa/CFOybupleDmIAqFs4TMUVuVP:7kjvuY4TMUVO",
"first_submission_date": 1775635739,
"magic": "PE32+ executable (GUI) x86-64, for MS Windows",
"tags": [
"detect-debug-environment",
"spreader",
"overlay",
"peexe",
"64bits"
],
"pe_info": {
"imphash": "d42595b695fc008ef2c56aabd8efd68e",
"machine_type": 34404,
"entry_point": 427648,
"resource_details": [
{
"lang": "NEUTRAL",
"chi2": 19699.24,
"filetype": "unknown",
"entropy": 5.299565315246582,
"sha256": "2aa51ce8554b9a343183ef6480aa8204496369c525b5f95865d2055f52ba8a34",
"type": "RT_ICON"
},
{
"lang": "NEUTRAL",
"chi2": 72308.39,
"filetype": "unknown",
"entropy": 4.617031097412109,
"sha256": "c60b3fb2385db7611a553782c9f360ac52cfefb9598beaa3edd09d75a8ffd80a",
"type": "RT_ICON"
},
{
"lang": "NEUTRAL",
"chi2": 165892.47,
"filetype": "unknown",
"entropy": 4.419900894165039,
"sha256": "b06e89cacc9334056144553b80de9ea99a5c3776f6b820b48ca7d27b4703df12",
"type": "RT_ICON"
},
{
"lang": "NEUTRAL",
"chi2": 500794.25,
"filetype": "unknown",
"entropy": 3.83624267578125,
"sha256": "cf0ad16b920283a48b031a82f77183d67c012c1359325b54326f791c572d2224",
"type": "RT_ICON"
},
{
"lang": "NEUTRAL",
"chi2": 1004478.06,
"filetype": "unknown",
"entropy": 3.5506324768066406,
"sha256": "e5c1bc76a5f153e314621a39880c13ad051db9b3d30f25ef761269439e73dc1b",
"type": "RT_ICON"
},
{
"lang": "NEUTRAL",
"chi2": 1351404.5,
"filetype": "unknown",
"entropy": 3.345587730407715,
"sha256": "591c78bca37d929ea443b848d87d54ab804bf0b5085dc38cbfa4acccfb0e0ad7",
"type": "RT_ICON"
},
{
"lang": "NEUTRAL",
"chi2": 2478919.5,
"filetype": "unknown",
"entropy": 3.2141549587249756,
"sha256": "33a8da9fe3b04ada3b521dc3ac49006ce8f7ab404149b1420b4abd143df6e631",
"type": "RT_ICON"
},
{
"lang": "NEUTRAL",
"chi2": 4751837.0,
"filetype": "unknown",
"entropy": 2.9702935218811035,
"sha256": "f99e1ae1aeffb74935da4573923410026e32bcd4411b8fcc305a4349d368e312",
"type": "RT_ICON"
},
{
"lang": "NEUTRAL",
"chi2": 1310.92,
"filetype": "PNG",
"entropy": 7.932183265686035,
"sha256": "55a5c7fe523bb1c559cccaa8aee4bf6f01b825ec1a128ed05b87811e06bd9087",
"type": "RT_ICON"
},
{
"lang": "NEUTRAL",
"chi2": 9502.91,
"filetype": "ICO",
"entropy": 3.0346570014953613,
"sha256": "57cd64a9c0c40f804555948e8cb5f0746ec1900acc09db7711891d2f3a4c6196",
"type": "RT_GROUP_ICON"
}
],
"resource_langs": {
"NEUTRAL": 10
},
"resource_types": {
"RT_ICON": 9,
"RT_GROUP_ICON": 1
},
"overlay": {
"chi2": 1364.94,
"filetype": "unknown",
"entropy": 7.702616214752197,
"offset": 2051072,
"size": 2176,
"md5": "70c418194c254db25f285d82899b7dd1"
},
"sections": [
{
"name": ".text",
"chi2": 3920906.0,
"virtual_address": 4096,
"flags": "rx",
"raw_size": 477696,
"entropy": 6.24,
"virtual_size": 477425,
"md5": "d418a6c606231773e09a15f7318eeab9"
},
{
"name": ".rdata",
"chi2": 8009104.0,
"virtual_address": 483328,
"flags": "r",
"raw_size": 1268224,
"entropy": 7.1,
"virtual_size": 1267720,
"md5": "0864e70de24117a4fbb7e4de6809dee1"
},
{
"name": ".data",
"chi2": 4614073.0,
"virtual_address": 1753088,
"flags": "rw",
"raw_size": 28672,
"entropy": 2.18,
"virtual_size": 326368,
"md5": "b8ebaa53e21f1fc97c5c6da9affbf806"
},
{
"name": ".pdata",
"chi2": 573394.25,
"virtual_address": 2080768,
"flags": "r",
"raw_size": 14336,
"entropy": 4.8,
"virtual_size": 14232,
"md5": "b70c5cf957f00137ba1640aa2a292726"
},
{
"name": ".xdata",
"chi2": 78845.0,
"virtual_address": 2097152,
"flags": "r",
"raw_size": 512,
"entropy": 1.69,
"virtual_size": 168,
"md5": "1a09f932e3157f097c281ce7c50f36e7"
},
{
"name": ".idata",
"chi2": 71002.19,
"virtual_address": 2101248,
"flags": "rw",
"raw_size": 1536,
"entropy": 4.02,
"virtual_size": 1342,
"md5": "4f526702377bfbad9c2047493b4a623f"
},
{
"name": ".reloc",
"chi2": 51926.27,
"virtual_address": 2105344,
"flags": "r",
"raw_size": 9216,
"entropy": 5.42,
"virtual_size": 9124,
"md5": "54f07a0d18aafc3a977c777230373077"
},
{
"name": ".symtab",
"chi2": 1757712.88,
"virtual_address": 2117632,
"flags": "r",
"raw_size": 75264,
"entropy": 4.97,
"virtual_size": 75039,
"md5": "40b7d9e60c3c768cf34172f0893234e5"
},
{
"name": ".rsrc",
"chi2": 9748984.0,
"virtual_address": 2195456,
"flags": "r",
"raw_size": 174080,
"entropy": 3.84,
"virtual_size": 173748,
"md5": "5e4d8b87c54796c16832240a0bcd5620"
}
],
"import_list": [
{
"library_name": "kernel32.dll",
"imported_functions": [
"AddVectoredContinueHandler",
"AddVectoredExceptionHandler",
"CloseHandle",
"CreateEventA",
"CreateIoCompletionPort",
"CreateThread",
"CreateWaitableTimerExW",
"DuplicateHandle",
"ExitProcess",
"FreeEnvironmentStringsW",
"GetConsoleMode",
"GetCurrentThreadId",
"GetEnvironmentStringsW",
"GetErrorMode",
"GetProcAddress",
"GetProcessAffinityMask",
"GetQueuedCompletionStatusEx",
"GetStdHandle",
"GetSystemDirectoryA",
"GetSystemInfo",
"GetThreadContext",
"LoadLibraryExW",
"LoadLibraryW",
"PostQueuedCompletionStatus",
"RaiseFailFastException",
"ResumeThread",
"RtlLookupFunctionEntry",
"RtlVirtualUnwind",
"SetConsoleCtrlHandler",
"SetErrorMode",
"SetEvent",
"SetProcessPriorityBoost",
"SetThreadContext",
"SetWaitableTimer",
"SuspendThread",
"SwitchToThread",
"TlsAlloc",
"VirtualAlloc",
"VirtualFree",
"VirtualQuery",
"WaitForMultipleObjects",
"WaitForSingleObject",
"WerGetFlags",
"WerSetFlags",
"WriteConsoleW",
"WriteFile"
]
}
]
},
"last_modification_date": 1778215003,
"type_tag": "peexe",
"sandbox_verdicts": {
"C2AE": {
"category": "undetected",
"malware_classification": [
"UNKNOWN_VERDICT"
],
"sandbox_name": "C2AE"
}
},
"sha1": "3229e2fb4e50a104054ac1890a236a84e81c713e",
"detectiteasy": {
"filetype": "PE64",
"values": [
{
"version": "1.15.0-X.XX.X",
"type": "Compiler",
"name": "Go"
},
{
"info": "PKCS #7",
"version": "2.0",
"type": "Sign tool",
"name": "Windows Authenticode"
}
]
},
"last_analysis_date": 1778207587,
"goresym": {
"summary": {
"total_files": 159,
"total_userFunctions": 54,
"total_stdFunctions": 1325,
"total_dependencies": 0,
"total_types": 0,
"total_interfaces": 0
},
"report_preview": {
"buildId": "RRECXgpQ2Dm9SyJOmFc6/bGP4-h5QVFJRjgLg2wSQ/nllaMwtY971LV679S4A0/UY7KssZPw2JOOi_Q-1AI",
"version": "1.24.5",
"arch": "amd64",
"os": "windows",
"buildInfo": {
"goVersion": "go1.24.5",
"path": "Factory-v3/builder/temp/7e0823552e5d0f209e27a94e4cf45bd9",
"settings": [
{
"key": "-buildmode",
"value": "exe"
},
{
"key": "-compiler",
"value": "gc"
},
{
"key": "-trimpath",
"value": "true"
},
{
"key": "CGO_ENABLED",
"value": "0"
},
{
"key": "GOARCH",
"value": "amd64"
},
{
"key": "GOOS",
"value": "windows"
},
{
"key": "GOAMD64",
"value": "v1"
}
]
}
}
},
"times_submitted": 1,
"md5": "750173f1b36e502ff17e2c5eec03c602",
"type_tags": [
"executable",
"windows",
"win32",
"pe",
"peexe"
],
"tlsh": "T14A957B4B7C906CA7D07A533288A251927BB5BF191B32B3F32E40B6782F77AD41976710",
"authentihash": "5415ba7e8bfe4baf059b5b392a52ad0a187b58507bf430150d2d9d51454f4ead",
"crowdsourced_ids_results": [
{
"alert_severity": "low",
"rule_msg": "SSLBL: Malicious SSL certificate detected (Vidar C&C)",
"rule_id": "1:902209459",
"rule_source": "Abuse.ch SSL Blocklist",
"rule_url": "https://sslbl.abuse.ch/blacklist/sslblacklist.rules",
"rule_raw": "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:\"SSLBL: Malicious SSL certificate detected (Vidar C&C)\"; tls.fingerprint:\"57:be:ea:b4:af:c1:c3:7c:71:70:71:04:89:78:26:6c:9d:48:d9:d5\"; reference:url, sslbl.abuse.ch/ssl-certificates/sha1/57beeab4afc1c37c717071048978266c9d48d9d5/; sid:902209459; rev:1;)",
"rule_references": [
"https://sslbl.abuse.ch/ssl-certificates/sha1/57beeab4afc1c37c717071048978266c9d48d9d5/"
],
"alert_context": [
{
"src_ip": "104.21.9.119",
"src_port": 443,
"ja3": [
"a0e9f5d64349fb13191bc781f81f42e1"
],
"ja3s": [
"6d6b821affda5de6562d217770a7ead0"
]
}
]
}
],
"unique_sources": 1,
"size": 2053248,
"reputation": 0,
"meaningful_name": "2dmbra34a.exe",
"names": [
"2dmbra34a.exe"
],
"vhash": "026096657d15551d15545az2e!z",
"trid": [
{
"file_type": "Win64 Executable (generic)",
"probability": 33.1
},
{
"file_type": "Win16 NE executable (generic)",
"probability": 25.6
},
{
"file_type": "Windows Icons Library (generic)",
"probability": 10.4
},
{
"file_type": "OS/2 Executable (generic)",
"probability": 10.3
},
{
"file_type": "Generic Win/DOS Executable",
"probability": 10.1
}
],
"sha256": "3f40c4a2b816271dd9e0a284b3e55c52b233cbc6b92a2d22ae4b5d70948ef00c",
"type_extension": "exe",
"last_analysis_stats": {
"malicious": 44,
"suspicious": 0,
"undetected": 17,
"harmless": 0,
"timeout": 0,
"confirmed-timeout": 0,
"failure": 10,
"type-unsupported": 4
},
"total_votes": {
"harmless": 0,
"malicious": 0
},
"type_description": "Win32 EXE",
"magika": "PEBIN"
}
}
}