Behavioral task
behavioral1
Sample
vidar.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
vidar.exe
Resource
win10v2004-20230220-en
General
-
Target
vidar.zip
-
Size
181KB
-
MD5
9cffe5e611e0c7a7f962fead60dec2fe
-
SHA1
010e56d6a662b752cab066160e1782169162dc99
-
SHA256
82cb632ced89b0889a606805e5bddf3912fcd20067d673c5b897b5122ae2763f
-
SHA512
c8c66f833832e472e2e629b11fb5157c09d9e5263db3f971340108038c4c583b2b6b589c71cbf04daa271845891e67d5eae0a9a2c2cafb37b015fc0108bae174
-
SSDEEP
3072:NpBx468ljp21FgfW4NQAZw8IZR7szXni0CTXd7LeJXJdafQ9oMzkK8u7miqnKe+i:N7t8ljM+Zw8k7oXnj6N7CZJAfQ9rzko4
Malware Config
Extracted
vidar
2.5
408
-
profile_id
408
Signatures
-
Vidar family
Files
-
vidar.zip.zip
Password: infected
-
vidar.exe.exe windows x86
Password: infected
62374eb623a42f583f62e0a54b7bc20c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
VirtualAllocExNuma
Sleep
VirtualAlloc
GlobalMemoryStatusEx
LocalAlloc
GetProcAddress
LoadLibraryA
VirtualProtect
lstrcatA
VirtualFree
FindFirstFileW
Process32First
Process32Next
FindNextFileW
CreateToolhelp32Snapshot
CloseHandle
GetProcessHeap
GetCurrentProcess
GetLogicalProcessorInformationEx
ExitProcess
SetEndOfFile
CreateFileW
CreateFileA
WriteConsoleW
SetStdHandle
LoadLibraryW
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetLastError
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoW
GetUserDefaultLCID
ole32
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
oleaut32
VariantInit
VariantClear
SysAllocString
SysFreeString
Sections
.text Size: 273KB - Virtual size: 273KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ