vidar | AppFile_1234_Pass[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

AppFile_1234_Pass.rar
Size

4.8MB
MD5

bbd04e9ad6885f9edde4158fa13df0b1
SHA1

fb5dc689cafcb6f33008ddd42ac819d64cce4080
SHA256

d20b46306f33618c74479da7c63f9159256b9b98b6580884bfec469595d4ca0d
SHA512

690281b6c4d976955965b4f166921316b48d017a4b7309ae82f1d1ea6f89acbabc46b49d4b03fe7a75d74ec717b48846dfa84391945c5acbbad50476c35bd93f
SSDEEP

98304:14OzBKzhF/9he12PGGOM7ztXZNqnbvmdPoF/5qqAPnxn2QQtEROJ:1pBcX/9he12P7p7hXZNqbvuPoF/sVLQd

Score

10^/10

1491 vidar

Malware Config

Extracted

Family

vidar

Version

55.5

Botnet

1491

https://t.me/tg_turgay

https://ioc.exchange/@xiteb15011

Attributes

profile_id
1491

Signatures

Vidar family
vidar

Files

AppFile_1234_Pass.rar
.rar

Password: 1234
Setup.exe
.exe windows x86

Password: 1234

01fd094fb9e4b07e5e4f6f7230e4d780

Code Sign

58:41:f6:8e:ea:9f:09:99:4d:75:b9:a8:d0:91:a1:55
Certificate

Issuer

CN=HDD Toshiba X SATA-III 8Tb HDWG460EZSTA N300 (7200rpm) 2048Mb 3.5 RTl

Not Before

05/11/2022, 12:43

Not After

06/11/2032, 12:43

Subject

CN=HDD Toshiba X SATA-III 8Tb HDWG460EZSTA N300 (7200rpm) 2048Mb 3.5 RTl

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:7c:d4:83:39:1d:39:f3:3e:5c:e8:ed:b3:eb:dd:90:f7:db:0e:95:5f:f7:6d:1b:fa:2d:9a:32:30:bc:82:03
Signer

Actual PE Digest

2f:7c:d4:83:39:1d:39:f3:3e:5c:e8:ed:b3:eb:dd:90:f7:db:0e:95:5f:f7:6d:1b:fa:2d:9a:32:30:bc:82:03

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=HDD Toshiba X SATA-III 8Tb HDWG460EZSTA N300 (7200rpm) 2048Mb 3.5 RTl

04/11/2022, 15:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

crypt32

CryptStringToBinaryA

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

U+1F971
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

U+1F971
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
langs/Croatian.ini
langs/Danish.ini
langs/English.ini
langs/Finnish.ini
langs/Hebrew.ini
langs/Hungarian.ini
.ps1
langs/Indonesian.ini
langs/Japanese.ini
langs/Kazakh.ini
langs/Korean.ini
.ps1
langs/Kurdish.ini
langs/Norwegian.ini
langs/SimpChinese.ini
langs/Sinhala.ini
langs/Slovak.ini
langs/Swedish.ini
langs/Thai.ini
langs/TradChinese.ini
langs/Ukrainian.ini
langs/UyghurLatin.ini
langs/Uzbek.ini
langs/Vietnamese.ini

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: 1234

Password: 1234

01fd094fb9e4b07e5e4f6f7230e4d780

Code Sign

58:41:f6:8e:ea:9f:09:99:4d:75:b9:a8:d0:91:a1:55Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

2f:7c:d4:83:39:1d:39:f3:3e:5c:e8:ed:b3:eb:dd:90:f7:db:0e:95:5f:f7:6d:1b:fa:2d:9a:32:30:bc:82:03Signer

Signature Validations

Verification

04/11/2022, 15:41 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

wtsapi32

user32

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 7KB - Virtual size: 84KB

_ Size: 544KB - Virtual size: 543KB

U+1F971 Size: 2.6MB - Virtual size: 2.6MB

U+1F971 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 24KB - Virtual size: 24KB

.rsrc Size: 42KB - Virtual size: 42KB

58:41:f6:8e:ea:9f:09:99:4d:75:b9:a8:d0:91:a1:55
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

2f:7c:d4:83:39:1d:39:f3:3e:5c:e8:ed:b3:eb:dd:90:f7:db:0e:95:5f:f7:6d:1b:fa:2d:9a:32:30:bc:82:03
Signer

04/11/2022, 15:41
Valid: false

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 7KB - Virtual size: 84KB

_
Size: 544KB - Virtual size: 543KB

U+1F971
Size: 2.6MB - Virtual size: 2.6MB

U+1F971
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 42KB - Virtual size: 42KB