vidar | 4cacb0ece736e53294ae443c81de2863_mafia_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4cacb0ece736e53294ae443c81de2863_mafia_JC.exe
Size

361KB
MD5

4cacb0ece736e53294ae443c81de2863
SHA1

44d1873c9ef22f54a6fbc1068e00f0963bb0939e
SHA256

eb709af8c9e8f2cc4a6769f886b088d7c46907a987a357b9e1b292ccf96fbcac
SHA512

d34c1e4ad8d8192eb8e4cc7570223ddf9535f6a40c5a604531df3f4804236491f4871a3c1380650eda0eff1ee525a8d914f3a00c6a8528ca530cfd6321f7e4e4
SSDEEP

6144:DObaqLJTVu+9QTOVe8AmC1S5WeCnwKIDQLpoG9h/dLS/6WUU54WhK:gJTVLTY8AO554IDQ9oG9dVS/6y0

Score

10^/10

c510ee2ea2fd590813412e32c84288a7 vidar

Malware Config

Extracted

Family

vidar

Version

2.7

Botnet

c510ee2ea2fd590813412e32c84288a7

https://t.me/robertotalks

https://steamcommunity.com/profiles/76561199480821604

http://95.217.157.160:80

Attributes

profile_id_v2
c510ee2ea2fd590813412e32c84288a7
user_agent
Mozilla/5.0 (X11; CrOS x86_64 14685.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.4992.0 Safari/537.36

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cacb0ece736e53294ae443c81de2863_mafia_JC.exe

Files

4cacb0ece736e53294ae443c81de2863_mafia_JC.exe
.exe windows x86

0d526314bd0b533093d33d4e87dfcf76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
lstrlenW
LocalAlloc
lstrcatW
GetProcAddress
LoadLibraryA
VirtualProtect
FindFirstFileW
FindNextFileW
CloseHandle
GetProcessHeap
GetCurrentProcess
GetLogicalProcessorInformationEx
ExitProcess
SetEndOfFile
CreateFileW
CreateFileA
WriteConsoleW
SetStdHandle
LoadLibraryW
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetLastError
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoW
GetUserDefaultLCID

user32

ReleaseDC

gdi32

CreateDCA
GetDeviceCaps

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

0d526314bd0b533093d33d4e87dfcf76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 267KB - Virtual size: 266KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 7KB - Virtual size: 84KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 267KB - Virtual size: 266KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 7KB - Virtual size: 84KB

.reloc
Size: 22KB - Virtual size: 22KB