SUSP_User_Folder_PDB_Dec21_1

Rule Info

Name
SUSP_User_Folder_PDB_Dec21_1
Author
Florian Roth
Description
Detects suspicious user name in PE file
Score
65
Reference
https://us-cert.cisa.gov/ncas/alerts/aa21-336a
Date
2021-12-03
Minimum Yara
1.7
Rule Hash
51696cdb92efc6a29e7ff67585d27bcb
Tags
['FILE', 'EXE', 'SUSP']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/susp_user_folder_pdb_dec21_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
38
Suspicious (< 10 engines)
66
Clean (0 engines)
5

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-04-05 18:00:48
27
71
775002a3fcbc1e16d9d60862915bc7db55a816da1eed3f875a4aed12f1173e30
2024-04-02 16:09:14
21
67
7bb47f94f9b352a2b4dd382ce53e24ee41b50a7f0f5d717d1ed1dd03a9aec7ec
2024-04-01 02:02:42
13
70
8528455951c0213490d8415a42a1ce5ddcdcfed3b2476f46c8cfd0a8862a4610
2024-03-23 13:14:42
3
71
14902b53463e20bf9a349a2558c02e6d324126a578492664acd27952d0c90f7c
2024-02-15 18:24:10
4
71
bbe9bb19fce75a1d378c6793986a0ba4b93a41aba24e3ea899e0e582ff1fd931
2024-01-23 17:03:03
24
69
21a8f2b978ed4f7ce78e8e1decf37c4971a59f28bcfecbd6965a2ce68888314e
2024-01-10 03:05:14
3
67
7a28e0943d87fc3404fa1550d77e09757bc66baae5158a92da09be568d40b484
2024-01-10 03:02:28
35
67
4ced59bd2ea880a850ca0e2f7836f03fbbff3f0821cb1be0f8bd57556117f485
2024-01-03 13:30:41
6
72
184b529dc134adebf3b1768de2af65143ea33d7ad1f6d3bde7373da156b726d9
2023-11-09 07:35:53
6
71
ca39569dcfc615f413fc949f9f3661105afb84896d38d7280aa736fb1d21bf83
2023-10-31 12:15:37
9
72
3f3220e6d4ac9c94e4b46a5b506df4fbc4743874bfbfb380ccc95f84402acb89
2023-10-31 12:15:22
24
72
361e84c030ddd08afe6665cfdf1211eb03cc49a36ad50d17be43d91883a5aef0
2023-10-17 10:41:45
9
72
feeb6e8284d8fea9157ec072dfb77276378e5dc00f7ddf06b9c182357662eb00
2023-10-17 10:34:28
8
72
89e07c7d472cf4e8ca5289252ae663cd49b15ee8ee9a383486a4238bb9579884
2023-10-17 10:32:00
8
72
784870ac12808fce0f8a723cfebe25c03ea097ad8f902d3550c16360c57d2675
2023-10-17 10:30:54
9
72
bfebe86cad201545c91726631665ce3df5a8c3338b9625616439d5e9cdfde031
2023-10-17 10:29:49
7
72
450aaa56232f4e00d4f2d0598aec67ec72651f1e3e79ae2b86a43eab82603066
2023-10-17 10:27:43
10
72
bc430c1fd94d8c48bbeb2c6544c548536695fa5e5481e6c565c751fdc19559a1
2023-10-17 10:25:30
9
72
8a54e09765c5550f950ee06c2a5b09af716e0784059d03f1af3f9556200f6d50
2023-10-17 10:22:05
7
72
92846a478766bb828ca9696acdc584ac4e7e5360f33f0755f45ae9130fa06764
2023-10-17 10:19:54
9
72
88d429f231c178fb7a3bbe698cd881de3eb46f8e2d2d30e3bf3e3df14785288d
2023-10-17 10:17:46
9
72
8ba1ee9ac60bcf8118d3349e9e320e4fca8a74314a08a70956b1cf94555885b0
2023-10-17 10:10:46
9
72
2d94ee1ac81d4a10924b32b4315a6c5eb8fefcd23a43bd208eb1ebf09bfe669e
2023-10-17 10:06:06
12
72
6832f2fd2c322ea009c3679918bc11c1dca265c933189e44aad5045cc20fcca1
2023-10-17 07:55:06
8
71
e01ace98f86e0019e652b3392687b576b4a8a9b40189f7fab32e1752397965b0
2023-10-16 12:57:48
11
71
2a2bc3b462a4fa665b48a2f728969c0722092408b7265310a49c2eb39db66ef6
2023-10-16 12:44:35
24
72
db20bee526d785c65fdb21c80227b101118ea791b3c3efbbfdcbf687d0705783
2023-09-29 01:57:45
27
72
a0b74fb5cd9acf3f7baa6a834457323b54c40b95c06c762553f6e61ae6ced4f0
2023-09-28 16:04:06
0
72
c485145e69eb4895708216b4b634cf8ec18a9248d13173b0cf73fba366a6a4c4
2023-09-05 06:03:00
5
71
94f8ade258076e8c37e72965a60b5e299f7c879af4f15cf1033cdb4e6c0fd6fb
2023-08-16 02:40:03
3
71
71509745b4a7d6fdcc0eeb6d0ff3ad4bc8321ec06b68cd8aab86a4211ee9ad4d
2023-06-26 17:00:12
3
71
b0387552f19094a6b0783ce294a2b065e94da209180171e1db3eabead60d03fe
2023-06-26 09:10:18
17
71
fcc88dfa64dd8b9eb891491ed9520b9d8882e220642ec70e19621f4df8b33b7a
2023-06-19 01:20:20
2
71
20ea89cad0c6ce3e1f38e50f8f3e5d37694fb3043862206db573516b47ac3611
2023-06-11 06:08:13
38
71
1d45b4fcc3eeb453ae6cdf4bb39deb94fbeaa79be47d7fdb18ccbd179b926830
2023-05-25 12:07:18
36
71
cccabf1ed7102b4be21384a907030384b4c5d6bb8b7088c43c6d3b8856fd2be4
2023-05-11 15:12:36
5
69
a6e9d664c3ccb3748833cefee70ed3a50fcb3a614bad41b45aa37ec278ee7268
2023-05-09 06:09:34
1
69
5b177350140f06186f6cadb98a4a6fb6c826c5f5f8140de839372fe979acba65
2023-05-06 04:16:58
15
69
69d152201bd7b0e10de74046fea668474b245449f0596bebe0024870f9ed8a7c
2023-04-16 11:13:08
14
69
d6e55805699dcc34dcfd837d49dcee2ee115ccb7504089bb3651684d53d3a340
2023-03-27 20:15:27
16
69
91ddf7063bacf9fc18ea4474e71cbc007718cedda9ca4519db1dae83f0e72a9a
2023-02-27 09:41:04
7
69
434a29a36be7a3a139c3ec8c785c7806ba12d7cbf02f77b779e6b9f803817b90
2023-02-03 04:36:23
5
70
f89952a6bedef6d6079cf56b5f42cca37cde6d795ab85cbf00c9481eb6196567
2023-01-21 13:14:37
13
70
ff2be324e4eba0c975d92c8e4cd32565806cb8fe8b04c3f7ba3db8c775ef69f5
2023-01-20 20:25:38
7
70
a171a7e731f0320a8e90c983ae36075028f3bb9b40cbddf85c28cad5df0a9c8d
2023-01-20 11:07:19
34
68
73ab621d6fb3f95845b05b899adcba35a198364d49dc641baf84a6fdab4886a6
2023-01-19 09:09:53
7
70
405e866c405bdd62c252605490e6450e351f06ed0b63aaa4f612e00eda605123
2023-01-19 09:09:31
0
69
7c429b7abfc456926b296b4fc5a159aebe6003eeb1d925dbbc241fc60d9ea9eb
2023-01-19 09:09:30
8
70
cb98f93ab6daeb4b2325df809965ea685652a1df2eaf9982a534babba1d62a26
2022-12-17 07:09:39
31
70
d65588e04bd35f9b3def7802a3dbeb3ce5ca8e93686ffacff46b84c48d1ce1f2
2022-12-07 05:21:06
39
71
95be5f4ad42c10d6ad70dd12cc35a7a519449841adcfb37811297e2ea43594a3
2022-12-05 17:11:48
9
72
3620fb27aee5cf0cf83698bf9560ea474531489725df554de00c4843654a3f66
2022-11-24 12:19:33
44
71
472c87b3009c119da2b19881a9db7f80045b392676c9b3fb8fa34dca54733301
2022-11-24 11:39:45
15
70
3f1d967064dbcfe5787f582931b35836c242780394dfd2f565f8f8197d15db4c
2022-11-24 11:39:45
18
71
0b3b55509f1514fdac3bf2fdb77323953abf4fa01cd1364f2328251277166249
2022-11-24 11:36:13
37
71
37dded43ffa3aee8f98f9becc9554e05db996ecd7ee987d349174c61604f5d20
2022-11-23 03:08:15
32
71
b7cffba89ce06ef00a435a231c2a5ea7dfcbf9aa0a8acd3b0a64438093bff6c1
2022-11-20 07:25:38
16
70
16c2bc8b1699bf1faf98d027d040af23d1593875a18a31f40a22b273861407fa
2022-11-18 16:42:00
21
66
a64ea1f7de40ebeb39a2a68b98e9ab100c19ed0dbd70442946c479ff42051370
2022-11-15 07:14:17
6
72
e0019b70ff193c2b3c08aab40b3351d912541f50edc408a3c266702399668a43
2022-11-12 13:01:54
4
71
8c19f29079deae61c1053e789818066477d57954af1ae744a439fd16061d6362
2022-11-01 03:19:45
2
71
d1dd02a61e83973c0e2cc2d47fee80cc5e25696b76170befbd53bcce04719ac8
2022-10-14 15:38:24
8
72
ee0f7ed1cffc7818d896b20fdb41afe25eda63599a588b2d4d951b8c274e57df
2022-10-08 21:05:16
20
72
e887a2207ec6eabdb1fb1d51c44a29323598bef99aa2cc461d9d8cb4a2e2b004
2022-10-08 20:35:50
5
72
cf6a2ec696a91e5d94899f9493db5e6af289d27978443c7f96605b598b742bbc
2022-10-07 01:37:03
3
72
0b25b0024efb5fa7423b2d1ba601ba981948df01bce1b4e6f40cc9d98138d999
2022-10-05 19:17:55
25
72
1b689921e7194b33d45291ce6c2f6f44ffc1864f5385b9e6c605432a2d01c16a
2022-09-08 00:20:17
33
71
2490b5e72d2edc1ae5c64169903a1008165a2e866821e9e66bcaf315c3554b4f
2022-08-29 04:09:54
0
60
45e83ec5c2982ba9e48a9417a38a8ce25a3560bee9e7690bc4e1098212e87832
2022-08-28 17:31:18
17
70
200fa253abe7ab63b5e0e56cdd20ebd055c045b4aaaa7cbb2bca2fdda5797a81
2022-08-25 18:26:54
7
70
3770c35b96d937d2cda799713b36dbd8cd2b44a1dd8c44b3a9b7b24eb82046f5
2022-08-19 12:31:48
2
69
9fd08c531a52362d0b4314f8a484440939ea9c81ceab1d4463108979fa05a1d8
2022-05-02 06:44:13
35
68
012f3cd85037dbb0d17eb67107d7b84115282d78889acf9530629ccddaceef23
2022-04-26 09:13:35
0
67
9a99205fb10e934e29d2dffdf7d3adea3cb75095b2739061d70f4d44f6a9e6d9
2022-04-22 09:16:49
1
68
9582d0a18acc42568ca46274450adc02a7085c356fe7b2bd3f7e466f567b9b02
2022-04-22 09:14:35
1
68
0a358853754bf8d7561c29f091eeb3f956fae7086c2c42f09f41e3bca5e040c7
2022-04-22 09:09:10
1
67
526fb27d01744cb74207b2e5e43d799d98974d36fb4ffe9a3d06c4d582a9ac16
2022-04-22 09:08:05
1
68
56965de66b106f5bdc9bf14f5a33281cd7520da558850691fd89b7039d745234
2022-03-13 02:55:26
2
65
39b16132cd131062ebbb514168f3220f4239235f77efd3110f97a13054cf65dc
2022-01-21 07:18:29
1
68
c936361f950ac2e5803557bb28dc2440d0e2b8a9109c4bbd5777d84a340e0583
2021-12-29 08:21:47
50
69
5fcc9f3b514b853e8e9077ed4940538aba7b3044edbba28ca92ed37199292058
2021-12-24 06:27:54
0
65
62e9778957a0bb0c2881f2b72a2b2fb7d72bcebd49cc3e53320962a282ed1766
2021-12-15 18:32:41
33
68
6ffc0da42d9f99e30c599a8bd4bc7dc4b6d54ba8261beefcccbd822b879f3150
2021-12-15 17:35:54
14
66
a1ac13fd23dc8b6291dbf58bc8250206eb3f006af984293e96a0a14ae1ffbdc7
2021-12-15 17:26:08
34
68
b5d2e844eae3aa538970860fb1dc8b440e5fd47dd672c5c09be795ccd7daa035
2021-12-13 12:05:53
1
67
d5b1bc32b30864db05b8cc89861c317144d77005d7f629220b770dc78211d18f
2021-12-08 10:48:55
1
65
43add38af6f1a60df4a4d6c17fa86266021993e157083be5d6b3b5257360adc0
2021-12-08 10:29:39
1
63
57b96b97e3bf04b837422e4aa19beb21927002da86b1641400702ad3ffa391bb
2021-12-08 10:29:39
1
65
646415a3545e665cd50fd2f58f39f89a9bb996f31cf18e4c6fc9260585bfe0ea
2021-12-08 10:29:38
3
64
a9d2257cde89c36aa9f44ee7f8e913ba7bd5949127d55303e1097befc053ca5f
2021-12-08 10:27:23
3
65
b749c4508fc8c6a2be8d5500ef8f4913900c1b4beba96151b1b4824ea5185803
2021-12-07 16:39:11
3
67
17e415e16439a6ccd880c2dda0f593e81c6de4d846287670d55abcbf7b11bb8b
2021-12-07 16:33:14
4
65
6c21a7844d9600ae62f9349baa256d74330a6496119407933c0bef4c30f4fc2f
2021-12-07 16:22:01
4
67
da5b496fb5e44a4e946af2e2f7e3130046ae1c8ff2daf3a51aabd932217c19e8
2021-12-07 16:14:59
2
56
dca72f3387216b56f8de1d8bde8a8da67f71ffe93b2d45a43dce977baa2571db
2021-12-07 16:13:46
3
66
0c88b096681e9750b398c730b23ef0c65fa3b35e30b457e29109da3fc5f348c5
2021-12-07 16:07:50
3
65
e2d4fa353f5f592cb115313f66349bbab1e71715a80f8fb14cec9f56a77bbd4f
2021-12-07 16:04:29
3
64
e9f77a2daed9183abe94c948c8ef1572b4fe43cec2905fcad070dcaf9ed98739
2021-12-07 15:57:28
1
65
65e2ab7d07a61eab83607af24016ba6f76c7b67297f61703b06165fb19c75868
2021-12-07 15:19:57
1
67
77496272e15fe8ed37752ff60b4b49f0f8cc9575ece371a845f4b97eea71c44e
2021-12-07 15:13:53
1
65
4efd4997a94d4b68ee9b625aa2e5c08f98284a4ffa918b58dee03219160dc396
2021-12-07 15:10:07
1
66
237074479a79bbe33f5b04b5133d6297073a860f36193eae3e5bbdfb263e0acc
2021-12-07 15:01:41
2
66
8ca449f8adc6f9e063adfe1eca154baa46d2c49c4ff3a21549429b044c33ff0b
2021-12-07 14:58:30
3
65
267ba268d403788f42944523ed2bd69fd019a35279c0da6981643de59d260103
2021-12-07 14:35:02
1
67
aeec92da722f46dad44fa459c27d7cdf0454c26d17467f9306686a0639fcfbcf
2021-12-07 12:19:08
1
65
4305bc6b6e780d48b0f0553598679479cf77668dade2bcd422d3e913da85d74f
2021-12-07 11:53:19
1
65
df96cb83a911c727a3873eae719c2bfcf17fb6f1c7136a0ddd370035913f4fb6
2021-12-07 11:40:37
2
67
ee492c42398616b76f7c4bbbecfd14fd79b2974f2cb62bb38b5d56cdf9fa2bd2
2021-12-03 13:23:59
12
67
ecd8c9967b0127a12d6db61964a82970ee5d38f82618d5db4d8eddbb3b5726b7

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022