Threat Database Trojans Trojan.Vidar.PA

Trojan.Vidar.PA

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Vidar.PA
Signature status: Hash Mismatch

Known Samples

MD5: 2d41ebc2d5e1161f4eb664e0280c6ca9
SHA1: 6dff753c979b5e0f4f3a516a1f7d7e88c170e690
SHA256: 3E1ADC6172DB73A351FB172C3D8B4443D44A67073076EB4ED38FB59866136A9D
File Size: 4.12 MB, 4124792 bytes
MD5: 1810194faba0a07a9c6e18bc9b1f4624
SHA1: 5577cde90be63c5dd58f93346c1a1c973e66fc35
SHA256: BCB724C6910E8544A409EA4B61834C7161257BB31B087F5F1FA01A53A1954A20
File Size: 3.27 MB, 3269536 bytes
MD5: c3d802eeea9816602ba0670aad62e777
SHA1: ea9695e9a3cce8ea356e94096b767b0816c07a19
SHA256: D46ED2CC61B0FB1369A2406D775CF5C99F3DD54846CFB2A7DC6D4562A15D77BA
File Size: 3.08 MB, 3076024 bytes
MD5: a35cb62d1d241c9ed9e0738a51c8ec74
SHA1: 6cad37bec5246e7194dbc2f3ea77c47046a35c9b
SHA256: 32F5E5A1332F76A6F4E637CFB7528E8D516E85FCED46EBE10926DB967FBE9C90
File Size: 4.71 MB, 4706845 bytes
MD5: 086bf0556272cae519785fae8b992b7d
SHA1: b3c0cca6f6f57855552a23e02278c04af98701ff
SHA256: 575FB671213AAF40E86AEC096266FF2CB3D9383D65D728BF05393D108F7A6C37
File Size: 4.13 MB, 4128536 bytes
Show More
MD5: 097a64ac9d491a6ee735d069aa7489d1
SHA1: 4e32ca91f0d950c65e0fa4b8737e847c7cbc6df5
SHA256: 42897ED16D70F0DC3DE5EFCDD128587D45DF7C0670DDFBDA6599F478613CC17D
File Size: 3.67 MB, 3667984 bytes
MD5: ff4620335553484168b82e782c781bb1
SHA1: 4e4b6ca955137e2489ae6281e8dd360cb5b23c9e
SHA256: B24634D6A8B696B0832FBF36C540E7D7784C718C9F84D0EA319D65D586C3CFD5
File Size: 3.15 MB, 3151064 bytes
MD5: ff4db66e1022dfe7b2cd6bdc17b0fd2a
SHA1: 013d111e9bbc240a5a61a150aa5ab6fd06da0d4c
SHA256: 2D326606F171968EAEA04148C9F400C110D4DA9EA45F03C22EA587DABD94AB31
File Size: 3.17 MB, 3169920 bytes
MD5: fb6ee675e00ac06cdbb999ba0bf24abd
SHA1: 288273e3f7b8d2cffe15ac3e28d89534ca502e66
SHA256: B92B9A7C3BD5F74CF88E0CDE5450D379ABE80BD70531F0EF55BEA2D33FF06885
File Size: 5.47 MB, 5467024 bytes
MD5: 5fb7a9f8c8be40b52d301be32ca36d9e
SHA1: 5a3cf7934aa7c3bc6a469d7efb16e6734a1d0e17
SHA256: 2CABFFF71DEDFEEECBD29CAF71BB676544E5498D0F4B80CCF3A20584FE92536D
File Size: 5.50 MB, 5504400 bytes
MD5: 2611455095eadc2992c97430598072a1
SHA1: 8def8d87cb50d8ddda7ad2d240e5e3021d28dc74
SHA256: 4E2FB945C54452681571025981351AAFDBFC2B821125C3E43C6852BDE308D1BC
File Size: 4.76 MB, 4761672 bytes
MD5: f9230721d45c1c432cd8cf3b75ec96af
SHA1: c1aebec3d473b10cd7c90060afc4ea845277c2ad
SHA256: D1B7B1D6B460043E0DB9466C07CA48C529FD5134FED04023DACC1F9494CD2C0D
File Size: 3.66 MB, 3663888 bytes
MD5: 228405636c683ea49c21ce1139397978
SHA1: a30eeae8ba14a3a2227f30265042dff7c789205a
SHA256: 096249C0A08DF8ABC0D198B29F09E30152FB57ACFD7125E7CF8524B9221919DA
File Size: 6.52 MB, 6517992 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Assembly Version
  • 2.27.8.0
  • 1.34.8.0
Comments
  • Downloads and runs Zero Install optionally showing a GUI.
  • ideaMaker 5.2.4 - www.raise3d.com
  • VOVSOFT
Company Name
  • CREALITY
  • DBSofts
  • Epic Games, Inc.
  • GlassWire
  • LTQ DIGITAL LIMITED COMPANY
  • Raise3D
  • Sony Interactive Entertainment Inc.
  • Virtual Desktop, Inc.
  • VOVSOFT
  • zero-install
File Description
  • Bootstrapper for DeepL
  • EpicGamesLauncher
  • ESF Database Migration Toolkit
  • GlassWire Setup
  • HALOT BOX
  • ideaMaker 5.2.4 - www.raise3d.com
  • PlayStation® Accessories
  • Televzr Light Desktop
  • VCF Editor
  • Virtual Desktop Streamer
File Version
  • 12.2.0.9
  • 5.2.4.8581
  • 3,7,880,0
  • 2.27.8.0
  • 2.2.0.3
  • 2.0.0.0
  • 1.34.8.0
  • 1.19.1
  • 1.00
  • 1.0
I S Internal Description Setup Launcher Unicode
I S Internal Version 30.0.233
Internal Build Number 214356
Internal Name
  • EpicGamesLauncher
  • ESF Database Migration Toolkit
  • HALOT BOX
  • ideaMaker_5.2.4.8581.exe
  • Setup
  • TJprojMain
  • VCF Editor
  • VirtualDesktop.Streamer.exe
  • zero-install.exe
Legal Copyright
  • (c) 2025 GlassWire
  • Copyright (C) 2023 Raise3D Technologies Inc. All rights reserved.
  • Copyright (C) DBSofts Inc
  • Copyright Bastian Eicher et al.
  • Copyright Epic Games, Inc. All Rights Reserved.
  • Copyright © 2025 LTQ DIGITAL LIMITED COMPANY
  • Copyright © Virtual Desktop, Inc. 2014-2025
  • Creality Company
  • VOVSOFT
  • © 2025 Sony Interactive Entertainment Inc.
Legal Trademarks VOVSOFT
Original Filename
  • DeepLSetup.exe
  • DMTW.exe
  • EpicGamesLauncher.exe
  • glasswire-setup-3.7.880.0-full.exe
  • HALOT_BOX.exe
  • ideaMaker_5.2.4.8581.exe
  • PlayStationAccessoriesInstaller.exe
  • TJprojMain.exe
  • vcfeditor.exe
  • VirtualDesktop.Streamer.exe
Product Name
  • DeepL
  • ESF Database Migration Toolkit
  • GlassWire
  • HALOT_BOX
  • ideaMaker Installer
  • PlayStation® Accessories
  • Project1
  • Televzr Light
  • Unreal Engine
  • VCF Editor
Show More
  • Virtual Desktop
Product Version
  • 18.11.1-46651207+++Portal+Release-Live
  • 12.2.0.9
  • 5.2.4.8581
  • 3,7,880,0
  • 2.2.0.3
  • 2.0.0.0
  • 1.34.8.0
  • 1.19.1
  • 1.00
  • 1.0.0.0
Show More
  • 1.0
Program I D com.vovsoft.vcfeditor

Digital Signatures

Signer Root Status
FATİH RAMAZAN ÇIKAN Certum Code Signing 2021 CA Hash Mismatch
Virtual Desktop, Inc DigiCert Global G3 Code Signing ECC SHA384 2021 CA1 Hash Mismatch
Epic Games Inc. DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Sony Interactive Entertainment LLC DigiCert Trusted Root G4 Hash Mismatch
深圳市创想三维科技股份有限公司 DigiCert Trusted Root G4 Hash Mismatch
Show More
DeepL SE GlobalSign Code Signing Root R45 Hash Mismatch
LTQ DIGITAL LIMITED COMPANY GlobalSign GCC R45 EV CodeSigning CA 2020 Hash Mismatch
Huang Qinyin SSL.com Code Signing Intermediate CA ECC R2 Hash Mismatch
Raise 3D Technologies, Inc. Sectigo Public Code Signing Root R46 Hash Mismatch
domotz inc Sectigo Public Code Signing Root R46 Hash Mismatch

File Traits

  • golang
  • Installer Version
  • x64

Block Information

Total Blocks: 4,706
Potentially Malicious Blocks: 1,107
Whitelisted Blocks: 3,599
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.FRFC
  • Agent.IDA
  • Agent.JFH
  • Agent.JFJ
  • Agent.KOFA
Show More
  • Agent.TKJ
  • ClipBanker.KF
  • CobaltStrike.FZ
  • Coinminer.GABB
  • Coinminer.LO
  • Coinminer.RQ
  • Dropper.FF
  • Dropper.FFB
  • Dropper.JA
  • Dropper.JD
  • Filecoder.EY
  • Filecoder.GFD
  • Filecoder.JKB
  • Gamehack.OFA
  • Goshell.E
  • Kryptik.GSH
  • Marte.FE
  • Quasar.BC
  • Quasar.BCA
  • Quasar.LD
  • Quasar.RA
  • Quasar.SA
  • ShellcodeRunner.Gen.C
  • ShellcodeRunner.Gen.K
  • ShellcodeRunner.TO
  • ShellcodeRunner.TV
  • Stealer.IFDE
  • Trojan.Downloader.Gen.JS
  • Trojan.ShellcodeRunner.Gen.HK
  • Trojan.ShellcodeRunner.Gen.JX
  • Vidar.PA
  • Vidar.PB

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
Show More
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRemoveIoCompletionEx
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetIoCompletion
  • ntdll.dll!NtSetTimerEx
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Manipulation Evasion
  • NtUnmapViewOfSection
User Data Access
  • GetComputerName
  • GetUserName
  • GetUserObjectInformation
Network Wininet
  • HttpOpenRequest
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetReadFile
  • InternetSetOption
Network Winhttp
  • WinHttpOpen
Anti Debug
  • IsDebuggerPresent
Other Suspicious
  • SetWindowsHookEx

Trending

Most Viewed

Loading...