vidar | Testing[.]exe

General

Target

Testing.exe
Size

284KB
MD5

e3d683096b4a922b25b6e5211ebe077c
SHA1

e9855f8c9153215dfce551e8e2efc076ffed0fe6
SHA256

b5901427291514eafd7b0cdc586eda75ebc4636b1bb4bb9c46ee0a3392373e25
SHA512

9ac61e658ea82514ab24982d70d30eb86bb63338f01a359710f8da2cbd51e60d409a294f2600e4e3b7ea1957310e0ec74ab5b6960788dc27013daaf46fc2a410
SSDEEP

3072:RQ0sVh/JuxnSgg7hGfjlKiTHNi4g0/uy/uQFljw0782A24IQpdUAUXvXUwTTQaOG:R/aj3wbg0nF5mQwgONbUzXUwTThOG

Score

10^/10

1531 vidar

Malware Config

Extracted

Family

vidar

Version

55.3

Botnet

1531

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
1531

Signatures

Vidar family
vidar

Files

Testing.exe
.exe windows x86

c077cbd301385f90686574e099ed815c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
LocalAlloc
GetProcAddress
LoadLibraryA
FindFirstFileW
MultiByteToWideChar
FindNextFileW
GetProcessHeap
SetEndOfFile
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileA
CreateFileW

Sections

.text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

c077cbd301385f90686574e099ed815c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 200KB - Virtual size: 200KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 7KB - Virtual size: 84KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 200KB - Virtual size: 200KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 7KB - Virtual size: 84KB

.reloc
Size: 19KB - Virtual size: 18KB