Threat Database Trojans Trojan.Vidar.P

Trojan.Vidar.P

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Vidar.P
Signature status: No Signature

Known Samples

MD5: 3b568327fd9296fd13574929e1dbab6f
SHA1: 738b8ce70a317ad7f09e133963e5f6e822495e54
SHA256: E2CCA9E6E5FF65D48BECB126E9CE6E53F84D071E23E615CB63EEE5D3B1E9574B
File Size: 762.37 KB, 762368 bytes
MD5: 9c0e90b9f0e616edefc163012d2e247a
SHA1: 4b425e1a3abd5aa0f9f153fd4c60bbfcbdeb5caf
SHA256: 234F3E117A07EC0A2F386E45C310E5EEB57D37D8F55EC30F06F3E14419EF320C
File Size: 1.23 MB, 1230888 bytes
MD5: 0ce1be737f928e431b46e2e4cebce418
SHA1: 197683027e050f4843c1b54f243c2abe71a99df7
SHA256: 1D54123F5ECD8FB515E1C7490CFE1D9B7EE531AFA184639EEC9FA73EA18E5B43
File Size: 1.36 MB, 1364480 bytes
MD5: 5e8c50efb740c0d261e999f6d8a15943
SHA1: 131abd0cce197856140011c06836a9c4c99b1fbb
SHA256: 7E4CC0D6BD1B6B896E64955DDBE8A7D4D56ED042176429E8FA3E7A2A60B6FCF0
File Size: 774.66 KB, 774656 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer Root Status
NVIDIA Corporation DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch

File Traits

  • HighEntropy
  • No Version Info
  • x86

Block Information

Total Blocks: 2,992
Potentially Malicious Blocks: 1,385
Whitelisted Blocks: 1,607
Unknown Blocks: 0

Visual Map

x x x x x x x x x 0 x x 0 x 0 0 0 x x x 0 x x 0 0 0 x x 0 x 0 x x 0 x x x x x x 0 x x x x x x x x x 0 0 x x x x x x 0 0 x 0 x x x 0 x x 0 0 x x x 0 x x x x 0 x 0 x x x x 0 0 0 x 0 x 0 x 0 0 x 0 0 x 0 x x 0 0 0 x 0 x x 0 0 0 x x x x x 0 x x x 0 x 0 x x x x 0 x 0 x x x x x x x 0 x x x 0 x x 0 x x 0 x x 0 x 0 x 0 x x x x x x x 0 0 x 0 0 0 x x 0 0 x 0 0 x x x x x 0 x x x 0 0 x x 0 0 x x 0 x x x x x x x 0 0 x 0 x 0 x 0 x x x x x 0 x x x 0 x 0 0 x x x x 0 0 x x 0 x x 0 x x 0 x 0 x x x x x 0 0 x x x x x x x 0 x x x x x x x 0 0 x 0 x x 0 x x x x x x x x 0 x x 0 x x 0 0 0 0 x 0 x 0 x 0 0 x x 0 0 x x x 0 0 x x x x x 0 0 0 0 x x 0 x x 0 x 0 x x 0 x 0 x 0 x x x x 0 0 x x x 0 0 x 0 0 x 0 x x 0 x 0 x 0 0 x x x 0 x x x 0 x x x 0 x x 0 x x x x x x x x x 0 x 0 0 0 0 x 0 x x x x 0 0 x x 0 x 0 0 x x x x 0 x 0 0 x x x x x x 0 0 x 0 x x 0 x 0 0 x 0 x x x x 0 x x 0 x x x 0 x x x x x x x x x x 0 0 0 x 0 0 x x 0 0 x 0 x 0 x x x x 0 0 0 0 x x x x x 0 x x x x x x x x 0 x x x x x x x 0 x x 0 x x x x x x x x x x x 0 x x 0 x x 0 x x x x x x 0 0 x x x x x x x x 0 x 0 x x x 0 0 0 x x x 0 x x x x x 0 0 x x 0 x x 0 0 x 0 0 x 0 x x x x x x 0 x x x 0 x x x x x 0 0 0 x x x x x 0 0 x 0 x 0 x 0 0 x x x 0 x x 0 x x x 0 x x x 0 x x x x x x 0 0 x x x x 0 x x x x x 0 0 x x x x 0 x x x x 0 x x x x 0 x 0 0 0 0 x x x x 0 0 x 0 x 0 0 0 0 x x x x x 0 x x 0 0 0 0 0 0 x 0 x 0 0 x x 0 x 0 x 0 0 x x x 0 x 0 x 0 x 0 0 x x x x x 0 0 x 0 x 0 x x 0 0 x x x x 0 x x x 0 x x x x x x x x 0 x 0 x 0 0 x x x x x x 0 x x 0 0 x 0 x 0 x x x x 0 x 0 x x x x x 0 x x x 0 x 0 x 0 x x x x x x 0 x 0 0 0 x x 0 x x x x x x x 0 x 0 x x x x x 0 x x x x x x 0 x x 0 x x x x x 0 x 0 x x x x 0 0 x x x x x x x x x x 0 x x x x 0 x x x x x x x x x 0 x x x 0 0 x x 0 x x x x x x 0 x 0 x 0 0 x x 0 x x 0 x 0 x x 0 x x 0 0 x 0 x x x x 0 x 0 x x x 0 0 x 0 0 0 x 0 0 x 0 0 0 0 0 0 x x x 0 x 0 x 0 x x x 0 x 0 0 x 0 x x 0 0 x x x x x 0 x x x 0 x 0 0 x x x 0 x x x 0 x 0 0 0 x 0 0 x 0 0 x 0 x x x 0 x 0 x x 0 x 0 0 x x x x x x x x 0 x x 0 x x 0 0 0 0 x x x 0 x x x 0 x 0 x 0 x x 0 x x 0 0 x 0 x x x x x 0 x 0 x x 0 x 0 x x x x 0 x 0 x x x 0 x x x x 0 0 x 0 0 x x 0 0 x x x 0 x x x x 0 x 0 0 x 0 x x x 0 x x 0 x x 0 x x 0 x 0 0 0 0 x x x x x x 0 0 x x x 0 x x x x x x x 0 0 0 x x 0 0 0 x x 0 0 0 x x 0 0 0 x x x 0 x x x x 0 x x x x x x x 0 0 0 0 x 0 x x x 0 x x x x x x 0 x x x x x 0 x 0 x 0 x x x 0 x 0 x 0 0 x x x x x 0 x 0 0 x 0 x 0 0 x x x x x x 0 x 0 0 0 0 x x x x x x x x 0 x 0 0 x x 0 x x x x x x x x 0 x x 0 x x x x 0 x x x x 0 0 x x 0 x x x x x 0 x 0 x 0 x x 0 x x 0 0 0 x x x 0 x x x x x 0 0 0 x x x x 0 x x x x x x 0 x 0 x 0 x 0 x x x x 0 x x 0 x 0 x 0 x x x x x x x 0 x x x 0 0 x x x x 0 x x 0 x 0 x x x 0 0 x 0 x x x x x 0 x 0 x 0 x x x x 0 0 0 x x 0 0 0 x 0 0 x 0 x 0 x x x 0 x x 0 x 0 0 x x x x x x 0 x x 0 x x x x x 0 x x x x 0 x 0 x 0 x x x x x 0 x x x x x x x x x x x 0 x x x x x 0 0 x x x 0 x x 0 0 x x 0 0 x x x x x 0 x 0 x x x x x x 0 x 0 x x 0 x 0 x 0 x 0 0 x x 0 x 0 x 0 x 0 x 0 x x 0 x x x 0 x 0 x 0 x x x x x x 0 x x x x x 0 x x x x x x x x 0 x x x x x x x x x x 0 x x 0 x 0 x x 0 x x 0 0 x 0 0 x x 0 x x x 0 x x x 0 x 0 x x x x x 0 0 0 0 x x x x x x 0 0 x 0 0 x x 0 x 0 x x x x x 0 x 0 x 0 x x x x x x 0 0 x 0 x x x x x x x x x x x 0 x x x x x 0 0 x x 0 x 0 x x 0 0 x x x x x x x x 0 x 0 x x x 0 x x x x x 0 x x 0 x x x x x x x 0 x 0 x x x 0 x x x 0 x x x 0 x x x 0 x 0 x x x x 0 x x x x x x x x x 0 x x x x x x 0 x 0 x 0 0 x x 0 x x x 0 0 x x x 0 x x 0 x x x x x x x 0 x 0 x x x 0 x x x x x x 0 x 0 x x x 0 x x 0 0 x x 0 x x x x 0 x x x 0 0 0 x 0 x 0 x x 0 x 0 x 0 x x 0 x 0 0 x x x x x x x x x x x 0 0 x 0 x 0 x x x x 0 x x 0 0 x 0 0 x 0 x x x x 0 x x 0 x x x 0 x 0 x 0 x x 0 x 0 0 x x x x x x x x x 0 x x x 0 0 x 0 0 x 0 x x x x 0 x x x 0 x x 0 0 x x x 0 x x x x x x 0 x x 0 x x x x 0 x x x x 0 x x 0 x x x x 0 0 0 x 0 x x x 0 x 0 0 x x x x 0 x x x x 0 0 x 0 x x 0 x 0 0 0 x x x x x x x 0 0 0 0 x x x x 0 0 x x x 0 x x x x 0 0 x 0 x x 0 x 0 x x 0 0 x x x x 0 x x 0 x x x 0 x x x 0 x x x 0 x x x x x 0 x x x x 0 x 0 x 0 x x x x x 0 x x 0 x 0 0 0 x x x x x x x x 0 x x x x 0 x x x x 0 x x 0 x x 0 x 0 x 0 x x 0 0 0 x x x x x x x x x 0 x 0 0 x x x 0 x x 0 x x x x 0 x x x x 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Vidar.P

Files Modified

File Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\3acf660917f73e764d4410bf1eaa48f5 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\3acf660917f73e764d4410bf1eaa48f5 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\systemcertificates\ca\certificates\31600991ed5fec63d355a5484a6dcc787ead89bc::blob RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection

Related Posts

Trending

Most Viewed

Loading...