Overview
overview
10Static
static
7Licenses/1...12.rtf
windows10-1703-x64
6Licenses/1...12.rtf
windows10-1703-x64
1Licenses/1...es.rtf
windows10-1703-x64
1Licenses/1...ls.rtf
windows10-1703-x64
1Licenses/1...ct.rtf
windows10-1703-x64
1Licenses/1...rk.rtf
windows10-1703-x64
1Licenses/1...ls.rtf
windows10-1703-x64
1Licenses/1...ss.rtf
windows10-1703-x64
1Licenses/1...R2.rtf
windows10-1703-x64
1Licenses/1...DB.rtf
windows10-1703-x64
1Licenses/1...LI.rtf
windows10-1703-x64
1Licenses/1...ts.rtf
windows10-1703-x64
1Licenses/1...ce.rtf
windows10-1703-x64
1Licenses/1...ce.rtf
windows10-1703-x64
1Licenses/1...om.rtf
windows10-1703-x64
1Licenses/1...er.rtf
windows10-1703-x64
1Licenses/s...se.rtf
windows10-1703-x64
1Licenses/s...es.rtf
windows10-1703-x64
1Setup.exe
windows10-1703-x64
10Team Tools...es.dll
windows10-1703-x64
1Team Tools...ge.exe
windows10-1703-x64
1Team Tools...64.dll
windows10-1703-x64
1Team Tools...10.dll
windows10-1703-x64
7Team Tools...32.dll
windows10-1703-x64
1Team Tools...10.dll
windows10-1703-x64
1Team Tools...es.dll
windows10-1703-x64
1Team Tools...UI.dll
windows10-1703-x64
1Team Tools...ui.dll
windows10-1703-x64
1Team Tools...ui.dll
windows10-1703-x64
1Team Tools...ui.dll
windows10-1703-x64
1Team Tools...ol.dll
windows10-1703-x64
1Team Tools...er.dll
windows10-1703-x64
1General
-
Target
Setup_Pswd_1234.rar
-
Size
22.1MB
-
Sample
240630-2ejs3a1cpj
-
MD5
f4a8a5bf7741f1596d91892eb082eae8
-
SHA1
5f79b8b7c7e5075505b69ee43d337df5b701c445
-
SHA256
b51105615d31ef7388b9ffbf670133cb173d1e7a7100bfef0b93e2b6e58b9142
-
SHA512
33763fb9ab784152831eb3e28c32986e4fc425132ebdfd5c68c796e8905899b8abc3f2d95c57a7cee5bc7b68a086c916fa82831572de03fb75c7f4c03cde8ad6
-
SSDEEP
393216:u4gMVQjdQM2hN5cubJ4NOPnlYRxtIkZT2Pvf5dXQtik0T2v94z9RU6i3Hv9:DVCYhN3J4NOPlYdY5dAIj7UD3Hv9
Behavioral task
behavioral1
Sample
Licenses/1049/EntityFrameworkDesignerForVisualStudio2012.rtf
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Licenses/1049/ReportViewerAddOnForVisualStudio2012.rtf
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Licenses/1049/SQL08CLRtypes.rtf
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
Licenses/1049/SQLCmdLnUtils.rtf
Resource
win10-20240611-en
Behavioral task
behavioral5
Sample
Licenses/1049/SQLServerCompact.rtf
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
Licenses/1049/SQLServerDACFramework.rtf
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
Licenses/1049/SQLServerDataTools.rtf
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
Licenses/1049/SQLServerExpress.rtf
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
Licenses/1049/SQLServerExpress2008R2.rtf
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
Licenses/1049/SQLServerLocalDB.rtf
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
Licenses/1049/SQLServerNativeCLI.rtf
Resource
win10-20240611-en
Behavioral task
behavioral12
Sample
Licenses/1049/SQLServerSharedManagementObjects.rtf
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
Licenses/1049/SQLServerTSQLCompilerservice.rtf
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
Licenses/1049/SQLServerTSQLlanguageservice.rtf
Resource
win10-20240404-en
Behavioral task
behavioral15
Sample
Licenses/1049/SQLServerTransact-SQLScriptDom.rtf
Resource
win10-20240404-en
Behavioral task
behavioral16
Sample
Licenses/1049/SysClrTypes_SQLServer.rtf
Resource
win10-20240404-en
Behavioral task
behavioral17
Sample
Licenses/sdk_license.rtf
Resource
win10-20240404-en
Behavioral task
behavioral18
Sample
Licenses/sdk_third_party_notices.rtf
Resource
win10-20240611-en
Behavioral task
behavioral19
Sample
Setup.exe
Resource
win10-20240404-en
Behavioral task
behavioral20
Sample
Team Tools/Dynamic Code Coverage Tools/CodeCoverageMessages.dll
Resource
win10-20240404-en
Behavioral task
behavioral21
Sample
Team Tools/Dynamic Code Coverage Tools/amd64/CodeCoverage.exe
Resource
win10-20240404-en
Behavioral task
behavioral22
Sample
Team Tools/Dynamic Code Coverage Tools/amd64/covrun64.dll
Resource
win10-20240404-en
Behavioral task
behavioral23
Sample
Team Tools/Dynamic Code Coverage Tools/amd64/msdia110.dll
Resource
win10-20240404-en
Behavioral task
behavioral24
Sample
Team Tools/Dynamic Code Coverage Tools/covrun32.dll
Resource
win10-20240404-en
Behavioral task
behavioral25
Sample
Team Tools/Dynamic Code Coverage Tools/msdia110.dll
Resource
win10-20240611-en
Behavioral task
behavioral26
Sample
Team Tools/Dynamic Code Coverage Tools/ru/CodeCoverageMessages.dll
Resource
win10-20240404-en
Behavioral task
behavioral27
Sample
Team Tools/Performance Tools/1049/TSDevPkgUI.dll
Resource
win10-20240404-en
Behavioral task
behavioral28
Sample
Team Tools/Performance Tools/1049/perfpkgui.dll
Resource
win10-20240404-en
Behavioral task
behavioral29
Sample
Team Tools/Performance Tools/1049/vsinstrui.dll
Resource
win10-20240404-en
Behavioral task
behavioral30
Sample
Team Tools/Performance Tools/1049/vspmsgui.dll
Resource
win10-20240404-en
Behavioral task
behavioral31
Sample
Team Tools/Performance Tools/KernelTraceControl.dll
Resource
win10-20240404-en
Behavioral task
behavioral32
Sample
Team Tools/Performance Tools/Microsoft.VisualStudio.Enterprise.AspNetHelper.dll
Resource
win10-20240611-en
Malware Config
Extracted
vidar
https://t.me/g067n
https://steamcommunity.com/profiles/76561199707802586
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0
Targets
-
-
Target
Licenses/1049/EntityFrameworkDesignerForVisualStudio2012.rtf
-
Size
37KB
-
MD5
aebed4e9ffebd6d94e4d2f147339b542
-
SHA1
192168b8f57c8243b20971480d0276ba6463367c
-
SHA256
4a222073413cd8fcca970c9a60038dfb87747dc50a05e69a5332a8d9b0df7300
-
SHA512
26f1708f2515515dfecc0d4bb1e8732c68211458e72eb8409a63ec0da363f4050c93bb884c7e5036d58e7dbe8b1ef5c0bdb9b5c100b1c50b11cf19055473e7ff
-
SSDEEP
384:USETlVTdFy05H+wIwHpMFUENE7ajfQaLITavfvzyszpe0K8k13DiCeohN7Uii6s/:M/B8Y+/wHh7zaLB7DUejk+/d
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
Licenses/1049/ReportViewerAddOnForVisualStudio2012.rtf
-
Size
16KB
-
MD5
aaf0f66072b4190b7dd8be5ba0eff7ae
-
SHA1
5e3eec90c3b4db2b33e6d798a7b92294bae7c15c
-
SHA256
f38ffa3737d6bc0bc62e26879f56913c75d0108531f1fc7fdd5026b018e2a8c6
-
SHA512
a9c6dd06f0312d7226b6ce6849cfef7f533e1e4e1826a016c0ff7e40d63628d424fa84b64ca15e1259adde945a16826ac64c1babd96c31a6decdbe9bd15d1659
-
SSDEEP
192:bfrtIuCAFXVacaFIaCXtMOd6DjNaORtxRpRNw+Y1YqKajyfMZgZja0gkpEGyesYH:XbCEoU8tvAVCEztAgW/IpSidBKeV2
Score1/10 -
-
-
Target
Licenses/1049/SQL08CLRtypes.rtf
-
Size
202KB
-
MD5
e4c46a10abc102a9467869dc3e3735da
-
SHA1
efe4f402c1fbac87a3e21c649d3977a8729f58c4
-
SHA256
fe2bab338b1006fee0f78d22b08cb0e82512ea4f688f444b0fa338d4b0e0fba5
-
SHA512
48256984fe2f5e32da2eb38b758eb12a7a3fe08861bca7ba6c279e156c52d69613e5a98ebe3583250ab6340ee24201dc903e7e6cfd52bdf4bf6734a3e0252846
-
SSDEEP
1536:tkyMNaalQWBIU80cvtcXZ1SJJ4RRJAoJPAzO3EmAOAKjI1RdMGZaj92VjJ:7MbRJAoJPAzO3EmAOAKjI1RdMGZaj92v
Score1/10 -
-
-
Target
Licenses/1049/SQLCmdLnUtils.rtf
-
Size
34KB
-
MD5
27f3d76b22cb7f572074d025f85f021a
-
SHA1
41eed1c4929472f6759d5a0cf81cbf2e899f478a
-
SHA256
1a27d91c40e96e84a68149413a3195e591de7bbd961128a94a618ad6326380b6
-
SHA512
121f470665e25f85604648b0a990d6f076301c1dd38d4527a6e3a39258cec9eb0e73abef1701c1e2dbf15a66f09e8deb5b2e09bf84d2563b6e2257750aa3ac0f
-
SSDEEP
768:f/J7np/ysZMV11pQ0eF5u2JKRTmrVeQW4zh+:pkmrkQW4zI
Score1/10 -
-
-
Target
Licenses/1049/SQLServerCompact.rtf
-
Size
38KB
-
MD5
a6c62155669f9220017f2e84dcff50f5
-
SHA1
2ffc64f5c1a7e276613927d040cef57bf9a3d9b3
-
SHA256
d521e19c1cf8f4a3d1e694cb63555277a02a0de0345c8ae077664ce9b07ea1f4
-
SHA512
473a348fa96fdd0495557fe54220224c10b9a21b2fd3898544e553307d0a64a152c3e84b61b1504a063b5824db0ae26192dbd81100124c18e90e5f593b81f808
-
SSDEEP
768:vEiER/HNuz7P/hnX/sZ3Wao/ozWF/UVl13sZBw4ROVPQOe8OoprWW:8i8uHNP1gYUnqTw4c1QOe8OopCW
Score1/10 -
-
-
Target
Licenses/1049/SQLServerDACFramework.rtf
-
Size
34KB
-
MD5
86cbba72f3bcbaa40db660f78a19db7a
-
SHA1
e2e710f35442d77dc0bc24938d2fda40c8c742bd
-
SHA256
eda696fc7db33cb04abce421aaa82d42c183a859750e0928d3ae89730a74ff01
-
SHA512
aeba78ba29aa569c63241d096570665df6b0df380a24c28b11bd5d999218ab57b6d7abffbdce0a0d38d7b78751000d3884b5747553c5e6486a3a1cbc8b6617c4
-
SSDEEP
768:i//7np/ysZMV11pQzF5ugjBRTmrVeQW4zh+:IpmrkQW4zI
Score1/10 -
-
-
Target
Licenses/1049/SQLServerDataTools.rtf
-
Size
149KB
-
MD5
09ad30853fe51bd9e66bfcbc2df1d1ad
-
SHA1
3461a9670f4887e6c84f63e45382ed7bfea397c4
-
SHA256
556af6aa652e317b1c6eb4a502d11f5280b0ed0ecd6b0f11d27685500c3aa404
-
SHA512
f4f890b7c1d1a4cd14a136f86a254927a98f5457e57bfbaecfc4eb00bcda0c9add683b0f5e53a94a927b07418e2aa79acc31e1736b9f5cb1b3cf637c75d48bc8
-
SSDEEP
1536:rP4r8QWvz3DeLrkQWKzKMoHvVT4eC69F8Q5e:ZHI
Score1/10 -
-
-
Target
Licenses/1049/SQLServerExpress.rtf
-
Size
38KB
-
MD5
2822a9a1c2b81b5cf78d255f61f0d2ff
-
SHA1
b3e288a1cfb11306835b735ae97d1fe3eb65b7cf
-
SHA256
cd6020e838ef9322d76fba426fe69504c1e721d2d847cbf6014a7d4c22d975b5
-
SHA512
5d1f813fdd4224327183de8d40edbf826c224bdd69116186e8a1d1a99216c11f51d3c55f8c8dc630292b7937719a0d0e0269a128c03264940b3245236eccf888
-
SSDEEP
768:mMkyRnXVLVHQd8A18IhKlHTA8TvR4rVMdPWnzc1:GyTV4rgPWnzy
Score1/10 -
-
-
Target
Licenses/1049/SQLServerExpress2008R2.rtf
-
Size
38KB
-
MD5
447999d085ea9b3ecea1fd63b7afaf79
-
SHA1
465f61f24cb829e3308d73da9dd32c7ffbb06b16
-
SHA256
c0088a569202fe81d1ce9c99dc12909e8866029ad4d925a333a4440ecac29bcd
-
SHA512
050944b836594a520bc725f8485ef8998e5e6a31d88f9ec057a3b04d0a07f4cc00189e14ed0539b5c1e4be62c764256b30581f305f882f21821b4607be597840
-
SSDEEP
768:HMkyRnXVLVHQd8A18IhKlHTb8TF4rVMdPWkzcG:/yT04rgPWkzh
Score1/10 -
-
-
Target
Licenses/1049/SQLServerLocalDB.rtf
-
Size
34KB
-
MD5
797e8703ced517fdfda176aa1d47a364
-
SHA1
d28b78b74e1a5df1d3163d0c8588bcd726c0ba1b
-
SHA256
5d2a702908c92d5806088f0218438d2e2ce0438dbb69e1b97d82c33ead742c32
-
SHA512
8552fddb5451fdd235cdbbdda0771a5fb7e5fd9208df9256dc4387fdbaf1d46a0297c2130ba9f0765701fc78ea979c7e1ace2138d6135a730ea090fdc4353b6b
-
SSDEEP
768:5/w7n5/OsZMV1DpQzF5ZcTPydDmrVmQW4zh+:mJmr8QW4zI
Score1/10 -
-
-
Target
Licenses/1049/SQLServerNativeCLI.rtf
-
Size
36KB
-
MD5
967260c6874be8065eaaf1e77c3e9aec
-
SHA1
f1635a1570ccb98c49971455c5f7a81a70ddb284
-
SHA256
5dbf184fc60f7dba8d1dc2bd6982436472858417767aa0a4b8db93c008139233
-
SHA512
7ecb38a13e1395bee006a78f138cd65d848e311872136630e6c71e99f5315a1184d3c921320e27d7139c6faa4babf8401be0929ef3d882c1a9d1ea87c44a2e4e
-
SSDEEP
768:y/J7n5/nsZMV1xpQDF5f7x8LdlmrVmQWYzh+:Obmr8QWYzI
Score1/10 -
-
-
Target
Licenses/1049/SQLServerSharedManagementObjects.rtf
-
Size
77KB
-
MD5
545c33b84d5ae00fd4ce3163f0423739
-
SHA1
158f8147f79babce76c9f148424a97860f4599a5
-
SHA256
7ae38f9b3ba998a1d425fbb615a8b813d94f03282b43c4035ec0d275ab0998ce
-
SHA512
554bb0c50d67e93b77e7abb1c6dc895a09a28dffdb910393e55cb7a092ebbf60c89367a30685c9b2ebbf292da6da20656e893eaea3bbe5a092203bebc8997775
-
SSDEEP
768:m07Pnb1uY+BFCxOjjBsycAw9a7Md4rVmQW7zWme7P8Y29FqoOjRBTYcr/7qyOlU:534r8QW7zS3
Score1/10 -
-
-
Target
Licenses/1049/SQLServerTSQLCompilerservice.rtf
-
Size
35KB
-
MD5
43466d16f1360d06142fd07fa731ceac
-
SHA1
2f808dc1713e453cf8417a65ccfadcc343ca44cf
-
SHA256
964e20127b9f881909aaa65e3f0691bbb8699793510300da0b8be854d92aedc5
-
SHA512
286738d701dfd31e98217c43339e1c03ff3d0b0539cf98f898f1bc04a283465f4ae6c4f555383157c6e817188b41a7a5724768f099f0c4e8857a9a93736e2db1
-
SSDEEP
768:X/J7n5/EsZMF1OpQ0eFXU7xOlZXC+mrVeQW4zh+:xWmrkQW4zI
Score1/10 -
-
-
Target
Licenses/1049/SQLServerTSQLlanguageservice.rtf
-
Size
35KB
-
MD5
9d6a4ddccdf55aef835b969e9dc896c9
-
SHA1
fd6ab03a2cc5c1b40f0c4f9ee606a37a639825d3
-
SHA256
62047be1fc0f19584845e5e2e151321fa3ffaf7e02ab88d60833142e2ed77051
-
SHA512
229af7a556575ae3b154d24a40e322adec00f397659341e22f2bedaec437781cc5b37b38eaffb14230f455681535f0d1a9e0cc97b08027be7ea3ab916d55149b
-
SSDEEP
768:a/+7n5/OslMV1xpQ0rFCD7x6yC+mrVeQW4zh+:57mrkQW4zI
Score1/10 -
-
-
Target
Licenses/1049/SQLServerTransact-SQLScriptDom.rtf
-
Size
35KB
-
MD5
590af30e40a85ad9c9795e90ce2cc7a6
-
SHA1
19296f4a72f73c27ec4dcd05405bab267e609ea7
-
SHA256
e4de7988720271c69797bde0305c8358f65b04d354bf1917eaf88a8253d5ddb7
-
SHA512
49532fe5559a5d621479fa0a009276d8012f7dec3da6b4da45843e177528ddbd64cff60914ddd2a122b6ed826f8c9f7111ae021082cf5a24d97cf1ed83842814
-
SSDEEP
768:U/47n5/EigiVdepQ0rFX37xOPQXClzmrVeQW4zh+:NLmrkQW4zI
Score1/10 -
-
-
Target
Licenses/1049/SysClrTypes_SQLServer.rtf
-
Size
35KB
-
MD5
33ce27520f4a92dee28fdd45ac763b34
-
SHA1
f22f9a261e8b19632aaa9b2555a737fb45934a27
-
SHA256
48250529bebb096c8f5b7cd1917fe7aaa670d781ff9d8e2482c4d2795eb44de5
-
SHA512
0af3e8fbdce2a2bc0136e37c8f840e0dc98d687b3904a0349a2256de30ca959e0cd6f4c916cd26ba7410af0ff2a21fe115df67a1eacc5d003a0c098add14f602
-
SSDEEP
768:X/47nuOsZMF1xpQ0eFXU7xOPmC+mrVeQW4zh+:QFmrkQW4zI
Score1/10 -
-
-
Target
Licenses/sdk_license.rtf
-
Size
60KB
-
MD5
f5e22a46bb7eb753232cd804d64b8fda
-
SHA1
edf5362134a3dd565d75ff076ca556ce5e317902
-
SHA256
970ba72d388edefa96cd05eadcfd25002f18040bf9267cabc243c1ff47ee2282
-
SHA512
4f1cc8cff30c297ffa0fd745546446821e2d729d45608e3760b8d7ae0b42198d5dda79f1ca579c20ebfd373898981ff4b2b7f29ecd0fbec02a569903d8deae67
-
SSDEEP
768:RtSg9Oxf3ZybsaXCL1v4VlsU9dDPu33znIINuCLeiO3HnIPWhYBvvv4g1+qideiZ:Rt5ef3XaXuQc4P7VNiXOKB3QQjyNi1O
Score1/10 -
-
-
Target
Licenses/sdk_third_party_notices.rtf
-
Size
60KB
-
MD5
111cfce947c70a8cfd05c5d3fbb04fe2
-
SHA1
e1ae3970c6f3f7feb2fc2f42fdb899e12709a5a4
-
SHA256
4d78ad682381dc3572b8dc12f11fc6ce571587fe3d5ea8caabe8ed1fc638c966
-
SHA512
80dac8bb2c24ddddfd23ef6ef76b60d2bf8f8184232462bcc4261bab3254e5520a34c353bc86eead0510669bd36bf529e1bfedf5b144d235d7700d799aab44b5
-
SSDEEP
1536:V7EpQ6FMA7JjYnCBBEBr9xdQPK+ucGaCcNYg53Z/f5MAd/3N4a78d/C1xn3qLe1n:VAppFMA7JjYnCBBEBr9xdQPK+ucGaCcn
Score1/10 -
-
-
Target
Setup.exe
-
Size
2.0MB
-
MD5
8fa393540a587e758138645fa689f390
-
SHA1
0214c205e0c1fc792c94235d221bccf2b6af5057
-
SHA256
452f779d72e74bbf249d92926e9b17cdcc2910bd214469f664947f797e4dc33f
-
SHA512
874862e022f11e90d308c307ef806b5b0d7077ea1a058541b0b7c7821b0d12a5e45ee1e045c75ae915a41d343b1c08480830718aa2b9c7b905e2d063f22831f6
-
SSDEEP
49152:KDjlabwz9wDjlabwz906mqnRYVd1AUyvKDGoEBs8Ya6:6qw2qwi6XnRYj1byCKoEBs8YZ
-
Detect Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Team Tools/Dynamic Code Coverage Tools/CodeCoverageMessages.dll
-
Size
35KB
-
MD5
566dec71428a874d2443ed4bc73427e6
-
SHA1
2e6411c3a1d26e381bb428f2bb32e2fac9ebe4f8
-
SHA256
c9b0d5fcff5367c8ebcde542fd2f5660004354c904104f25d6c8f94359edaf13
-
SHA512
aa19c2dda8a93824f970b9e1e227e2ece57d892e510e9968b5f184923ce01e0568ef3de533facda64000a3dc4056bd2748a4e001c53754de337209211c06ac07
-
SSDEEP
384:pWgMWGPNAcOHm5XzjUC4lbLGkERPrSEExYRSatpdIoCTlqx491LHB0GftpBjU6Fy:twPCYiTZWi2h1H5UW
Score1/10 -
-
-
Target
Team Tools/Dynamic Code Coverage Tools/amd64/CodeCoverage.exe
-
Size
605KB
-
MD5
11922a715f64321a17df87086c066e2d
-
SHA1
d784d99b4a12cda825ae5fc0f512d786b843f8f3
-
SHA256
df3be72be588f2b532738f0e78ea853f79facfb8bb26d4e5882de3fe1481780a
-
SHA512
6035e3bf103783ae7f27e2a101e7f78f6ee498ac68b7fcbcb8b9bb0d483034c0980367078096e2fbfcefca96e438fbf19f7ed68967b9f292ce545b63e69b94a0
-
SSDEEP
12288:yMxi67r+QYvL/mPNWLehJFeLk0K3JbbJLfaOB/NjVWbFs8yK92:yMxi6/+QYvL/mlWLeAk0KNVWbJyK92
Score1/10 -
-
-
Target
Team Tools/Dynamic Code Coverage Tools/amd64/covrun64.dll
-
Size
1.2MB
-
MD5
da3dd91a69731813db624ab08c29d091
-
SHA1
3672a1c0a508a2ac4b1ba65a00157e14dea305f2
-
SHA256
5632955e1658221daeaa44757911d7c9d9edaf97c195018f76bdc8d3112dee47
-
SHA512
ac623cbc36e406975204c0ad21a03ab76c2fcae8d4d414d31fbda358fa18462c855b7db6a1363b78e147a7a04688d9a31db98bb6f9f02641770e99aec0fc4bd9
-
SSDEEP
24576:Fw18i5ybbMUv+rMFsUneRPJhF9+enKAKLo:L/ZeMcPJhF9+enJ
Score1/10 -
-
-
Target
Team Tools/Dynamic Code Coverage Tools/amd64/msdia110.dll
-
Size
1.0MB
-
MD5
24ac8872b2ce510e3b615e3a50059fdb
-
SHA1
d06915c57a24b2bc6f806b3d9b944742b9f161af
-
SHA256
1d5d4a3c0d149966835e3832ccf16bacdc0b4fa799e4cfab0c7852ead59e9d24
-
SHA512
9b62c352eac4fb1317fd1d6390c99bf88a64700651b9c37d95482a41f02c36bc587ff14bdef8223a1b1f178539e7bffd928da60de7a6b982e3831cb17e7b93de
-
SSDEEP
12288:agyupQeL8wx8XhiaMQUjEAdwATQessvmp5ukkgr5yeYcc5eFN1pxxVwHBNiERA:agyuGMzjEAdwAUpBkJeY15k1VwHBNiD
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
Team Tools/Dynamic Code Coverage Tools/covrun32.dll
-
Size
806KB
-
MD5
274f61254be878e944c41b78af3dc2e1
-
SHA1
b864f63e4753458b8caa64cc8e554dbd07c8ff1c
-
SHA256
6c6b153584465b6756d33de82b0b51da75eec2c96373862ca5ca0412991a1c87
-
SHA512
a27daab85b00be27da0651b40b165d371942e59d02c0e5dfbae6512a260264f4f966af59770760244c2bb6d3923467ed1307008c01ccdbf1891506c663958339
-
SSDEEP
24576:pRtIpJbYtjeoOufeFibRcJUDL1m2+QYTeMQII:9IpJbYdzBDL1m2+QYTeMQII
Score1/10 -
-
-
Target
Team Tools/Dynamic Code Coverage Tools/msdia110.dll
-
Size
868KB
-
MD5
3c2c91154546602b70c82069d31bee7e
-
SHA1
cb0067ebc8a6ef8f5b3d8eb7ef91a24d262af04d
-
SHA256
3170c85159f32ffc93edb752b34003859904da64e2e4da54e9fa03e1142bb7d7
-
SHA512
ceabec5f60dc1e3d423eeb0ad069104f668982460baa5845728cf6fd4f7322c6095f74550fbdc7da9a754db400602274b6a9cf0399f5071de1fdb047a1e3bddb
-
SSDEEP
12288:hch7L05KLSukOtyAX841kLTU291YXGYug6ouBR620oG5h7BAEdR:hwhIW84mL07FoutA
Score1/10 -
-
-
Target
Team Tools/Dynamic Code Coverage Tools/ru/CodeCoverageMessages.dll
-
Size
37KB
-
MD5
cd9c322edc56fe295f7ba3d905d7d7ec
-
SHA1
d8004eb26bebc179ec1d83d7bd53bbdc0bd32bf8
-
SHA256
52e02bba88b4e12f50d31016518053b6bc76ce852de220a35c91919fb22e13fc
-
SHA512
834fc68cfcabcdf3c4358a6f0098e501e618780247eae8f5809e4494731194019a113308b9cbdb4f74d7ee4fdecc1d6eb7f5bad8bfa41b8086d833f4dee6b552
-
SSDEEP
384:/5/0qBxW7rsYJEFBoEUIsK0sTi1OWQaAtMW/1LHB0GftpBjsFIMFtAHRN7NelR8Z:/NfxWEBoJMDWiqGLNYhxm
Score1/10 -
-
-
Target
Team Tools/Performance Tools/1049/TSDevPkgUI.dll
-
Size
28KB
-
MD5
14f531bbf1dfc33cbb76f3e2329a315f
-
SHA1
10249cc0d999f87f861a5fa024b3c861237357f3
-
SHA256
1fdd495b1d08858982479fa87f8a3bebab780849886b9902637684ac1e1af002
-
SHA512
56e6de7aa132f98824731f9ca36b661d1ba73348ee8238795496ddd629cdc7f8c7eb63cf49e5ece88b11810269dd5bba928f1e4ef5ce53bc5735018355edcf0f
-
SSDEEP
384:Nm1mXWv1k440GftpBjy9BFtAHRN7J8PlEB0/5:NmYIDipJhe5
Score1/10 -
-
-
Target
Team Tools/Performance Tools/1049/perfpkgui.dll
-
Size
119KB
-
MD5
3032869f2692f9e13629a2026775b479
-
SHA1
4307e1b257e28592d9287103d991fb3da3acf8f9
-
SHA256
ad6be0c8ad23961b8b3824cd66db0d5c828827b148f82e92ad12f1b692ca6322
-
SHA512
cf5a32ef1b29205765509c64cd2ed96b38b42525ccb4bcc194425ac516ebd9ea7859ac7491e474fdcee2dbd46495e1f4c4306bab31cb2fdb38ec97f28e2d0992
-
SSDEEP
768:hFJPucMum7yLgigKgRUM00wmuK6m7HhLYasi9Mhx5:hFJWcXs5RXJQ0MX5
Score1/10 -
-
-
Target
Team Tools/Performance Tools/1049/vsinstrui.dll
-
Size
69KB
-
MD5
42c2d411ec34cbb32ee1140228187c81
-
SHA1
39269a066b83c5eebb4428375ef16d5850209e24
-
SHA256
9c5d2602ce9947dbb0aad2a2e878a72938b2e701b26d5542621121f028c96e68
-
SHA512
4bef11c45a6c7d28b0294cbe46f00884401c46206e17b00da0b5b8c7af12ee8f3754710148ebeff390e79222782b78f6106c88c5c122c76e62db424d1574fa28
-
SSDEEP
768:Rde23M4R4eDn3DWFR3MG9zNc8BMr/PMvJ8B5wiQYolG7WiCkWq+:RIlb9zNbm4Cw77Pvbq+
Score1/10 -
-
-
Target
Team Tools/Performance Tools/1049/vspmsgui.dll
-
Size
123KB
-
MD5
297274dfc039e9c9efb8fc1a39753585
-
SHA1
65cd7f915966cd260c7d3e913b580934e4a9bc29
-
SHA256
e7aa5723e9596a06bedf1ca402becdd3033cbdb4395b97172e9d7fd4001956b0
-
SHA512
fee20c2b8a67ee2010cbd225bb7383b497678f34829e317e029213d0a612963ff73728da1d070a1c11b8a44135dd4f97768e112d0ec957991a83a60565b68f1b
-
SSDEEP
768:Gjv0rUArazWNu++a8dgLuMZ/GlkR0yEcRv4wfjQjCDjxul8OVV/Li6yWIpY1dLWM:CpfwfMuDtuTO6/1diVFI
Score1/10 -
-
-
Target
Team Tools/Performance Tools/KernelTraceControl.dll
-
Size
180KB
-
MD5
7609229e1a8adcac0aa6cfb6db618f87
-
SHA1
601ab37c5d0d7946b83d86f7b7e20617a41af63b
-
SHA256
31d7dad4b7ec122d0ca50b6e4c97ad47ae64b093a6d63ce2ea92f5467e099226
-
SHA512
1466f652a8ddccdac97893364466a95d5f81715302f7d567740d500bdbe433deb688803c6daa05fe04f0c42c0cc0e3497ae0a642642fcdc97eec033537c3c3e7
-
SSDEEP
3072:lJTIa03rCNOLYNc1bxfYLZW6epRIMBVDPETDi1vxlw2vmi9o:l2eNOLYq1bAZWNLJsgjvmi9o
Score1/10 -
-
-
Target
Team Tools/Performance Tools/Microsoft.VisualStudio.Enterprise.AspNetHelper.dll
-
Size
98KB
-
MD5
6e1a8946ea119aac63229ed11596701e
-
SHA1
7a60fb04270b2eb2877a7ff1176aad03a1895560
-
SHA256
b90343962ac631903f281bee58e1f350203691962a661a0fbaca2660c4dad562
-
SHA512
208168207ecfdacc668a8c6ec2fa437fe7a570c41f7d2ba6927ec47e180f4d186f398bdbc438b04109144c4c6b486df5a0076216150ad86b10207ae7305ca9d2
-
SSDEEP
1536:xJ5COh+mJKMBkDByUEIKc+BCnosoEgsF9o5YWPjmyQdbTXu9Z:XOWKMBzYXosbgU9o5YWPjmysbTe9Z
Score1/10 -