vidar | fffff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fffff
Size

279KB
MD5

3a59844677f7a48eb1bba745ba3f1c4f
SHA1

cbe73e7129a51e5dfcc96c8c99dd2db5d8bee809
SHA256

714ac24428de558081d737e2649f64379950183b3ef6d1dd785b7a0ce9cee9cb
SHA512

50d92e8f0818c74d896f1dde7d8c4b7f3ac4c6ebf617cd6d192940413ef6590edd9c94693a4f12edd8f3ba8155a627f16a297d39748724a949565ed36d66550e
SSDEEP

6144:Akjaza2uPQoK2I4YCKMU0iaOgCZg3I94Gn:Ao2uPQoK+e0iaOgn30

Score

10^/10

915 vidar

Malware Config

Extracted

Family

vidar

Version

54.7

Botnet

915

https://t.me/trampapanam

https://nerdculture.de/@yoxhyp

Attributes

profile_id
915

Signatures

Vidar family
vidar

Files

fffff
.exe windows x86

99fe2b0df0755e6c126dcb5172ad437d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetProcAddress
LoadLibraryA
lstrcmpA
MultiByteToWideChar
FindNextFileW
HeapAlloc
SetEndOfFile
CreateFileW
CreateFileA
SetStdHandle
FindFirstFileW
VirtualProtect
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetLastError
HeapFree
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeW
GetLocaleInfoW
HeapReAlloc
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
WriteConsoleW

shell32

ShellExecuteA

crypt32

CryptStringToBinaryA

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

99fe2b0df0755e6c126dcb5172ad437d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

crypt32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 7KB - Virtual size: 84KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 7KB - Virtual size: 84KB

.reloc
Size: 19KB - Virtual size: 18KB