vidar | Setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Setup.exe
Size

5.3MB
MD5

4aaf2e832ac2692f92267eafb2f0259c
SHA1

910b22abbc8c112f0544dac618bc22e8fbb5e665
SHA256

2905b8f710a246ea4493fe0168cba9fb2c90252d5ddb407b8a4814b25746f562
SHA512

ea5ce09f6034c70a31f3b29ed35020bfa79c5000adf4f93399adeba0075eeee7a9da8176045ed2d3ec6c4abe4428175c082edfd089f7baf14dd89aba2557055a
SSDEEP

98304:eOScbwMZ2smFStm2FdT01aipIvIgWMy/jpBMbjbSVP8K1OX7U:5wMtdTU/pERmjpBMzmPFOXo

Score

10^/10

1491 vidar

Malware Config

Extracted

Family

vidar

Version

55.5

Botnet

1491

https://t.me/tg_turgay

https://ioc.exchange/@xiteb15011

Attributes

profile_id
1491

Signatures

Vidar family
vidar

Files

Setup.exe
.exe windows x86

01fd094fb9e4b07e5e4f6f7230e4d780

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

crypt32

CryptStringToBinaryA

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

U+1F971
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

U+1F971
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

01fd094fb9e4b07e5e4f6f7230e4d780

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

wtsapi32

user32

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 7KB - Virtual size: 84KB

_ Size: 544KB - Virtual size: 543KB

U+1F971 Size: 2.6MB - Virtual size: 2.6MB

U+1F971 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 24KB - Virtual size: 24KB

.rsrc Size: 42KB - Virtual size: 42KB

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 7KB - Virtual size: 84KB

_
Size: 544KB - Virtual size: 543KB

U+1F971
Size: 2.6MB - Virtual size: 2.6MB

U+1F971
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 42KB - Virtual size: 42KB