Overview

overview

10

Static

static

10

vir.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vir.exe

  • Size

    36.2MB

  • MD5

    e6b63aaa698c58c56aed4a6de08e23be

  • SHA1

    eb6b1ce4f0616d8fa06a7ad94c8aa5fe72bf2088

  • SHA256

    00a59076c9b2e28cb01fa02359466c85fbd82c70cc867482dfb6cec45a9065ef

  • SHA512

    1d5da508dab1da4516804768648048e8773ae83f0ab6e3dabcdb82513ca1c6a89f1af393f5bcf326fb2f1ba0a96905f65335be96002f270a10c03e907f4b6dd8

  • SSDEEP

    786432:O4RerlLa3nwEwrkACTe6YQbjGEhM6XHXkvj:rulW3wEoALHUr

Score
10/10
pdflinkquasarumbralnjrat

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Signatures

  • Detect Umbral payload 1 IoCs
  • Njrat family
    njrat
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Umbral family
    umbral
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • vir.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections