vidar | 0512f22ab35b0f96b0c4aa586c319190N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0512f22ab35b0f96b0c4aa586c319190N.exe
Size

182KB
MD5

0512f22ab35b0f96b0c4aa586c319190
SHA1

723eca61d51d41d0dfce9f21949c7886f289d75f
SHA256

c6c2bcb1f03e9af5e03fc2152420f451c28afcc1ba505c4f7c941360449c003d
SHA512

a851d823a5521f98baa4e32ea7b6482bc687754dcc224b466b449cbbbda5b957edcfadc1e53dd65f9008add008a7866ad3def9676b20067800754674e3d8ede8
SSDEEP

3072:Jiyi/SfJhUwLibCxNKBC6y8WyQQF1h7NOwUPfbldFw0t+Z0vhAVfEgr2Csy5kilr:0bShBLWANKrBWyt3ZOwUPfbldFw0t+Zx

Score

10^/10

stealer vidar

Malware Config

Extracted

Family

vidar

https://steamcommunity.com/profiles/76561199747278259

https://t.me/armad2a

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0512f22ab35b0f96b0c4aa586c319190N.exe

Files

0512f22ab35b0f96b0c4aa586c319190N.exe
.exe windows:5 windows x86 arch:x86

bf0457e30f7172540414ef6152db6209

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

srand
memset
strncpy
malloc
_wtoi64
atexit
??_V@YAXPAX@Z
memchr
strcpy_s
__CxxFrameHandler3
strtok_s
memmove
strchr
memcpy
??_U@YAPAXI@Z
rand

kernel32

WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetCurrentProcess
VirtualProtect
lstrlenA
HeapAlloc
GetProcessHeap
lstrlenW
HeapFree
ReadProcessMemory
VirtualQueryEx
OpenProcess
FileTimeToSystemTime
CloseHandle
CreateProcessA
WaitForSingleObject
CreateThread
GetDriveTypeA
GetLogicalDriveStringsA
CreateDirectoryA
ReadFile
SetFilePointer
GetFileSize
GetFileInformationByHandle
lstrcpyA
MapViewOfFile
CreateFileMappingA
CreateFileA
WriteFile
SystemTimeToFileTime
GetLocalTime
GetTickCount
lstrcatA
LCMapStringW
GetComputerNameA
MultiByteToWideChar
LoadLibraryW
GetStringTypeW
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetProcAddress
GetModuleHandleW
Sleep
GetStdHandle
GetModuleFileNameW
TlsGetValue
TlsSetValue

user32

GetDesktopWindow
wsprintfW
CharToOemA

advapi32

GetUserNameA
RegOpenKeyExA
RegGetValueA
GetCurrentHwProfileA

shell32

SHFileOperationA

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

shlwapi

ord155

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

bf0457e30f7172540414ef6152db6209

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 9KB - Virtual size: 2.1MB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 9KB - Virtual size: 2.1MB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 18KB - Virtual size: 17KB