vidar | c04eff84543454e3d7a95c347ec04498dccb61aedbbf86ab745179776bff7bf8

Sharing

Copy URL

Twitter E-mail

General

Target

c04eff84543454e3d7a95c347ec04498dccb61aedbbf86ab745179776bff7bf8
Size

6.8MB
MD5

d7d3432c8532fc1c92904e7fe35b66e1
SHA1

d5651d2ae3436e665821ac93f09ab39a65180174
SHA256

c04eff84543454e3d7a95c347ec04498dccb61aedbbf86ab745179776bff7bf8
SHA512

1fffbe9902839ad013ff3c7c14319274e231b65c44f18ef312dc0a6d20c22aea59f4232a36b267d8e6804c5d816ba4b60c99182c861aa0f4cc87e088a49a91e0
SSDEEP

98304:yy7BE7fKuQp/Ocm+XPiosjIsshGw/2gyrEvr1XNKLheZUHZGSZUHZG:h7CWuHcmMuRgGO2g/raLhem5GSm5G

Score

10^/10

stealer ef7c93f7ac14adc149ecaa88aa901eed vidar

Malware Config

Extracted

Family

vidar

Version

9.2

Botnet

ef7c93f7ac14adc149ecaa88aa901eed

https://steamcommunity.com/profiles/76561199677575543

https://t.me/snsb82

Attributes

profile_id_v2
ef7c93f7ac14adc149ecaa88aa901eed
user_agent
Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c04eff84543454e3d7a95c347ec04498dccb61aedbbf86ab745179776bff7bf8

Files

c04eff84543454e3d7a95c347ec04498dccb61aedbbf86ab745179776bff7bf8
.exe windows:5 windows x86 arch:x86

11919d1150a723ed324f77bedbc48581

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strlen

kernel32

IsProcessorFeaturePresent
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharToOemA
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegOpenKeyExA

shell32

SHFileOperationA

ole32

CoInitializeSecurity

oleaut32

VariantInit

shlwapi

ord155

wtsapi32

WTSSendMessageW

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp_(-)
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp_(-)
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

camztlf
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

11919d1150a723ed324f77bedbc48581

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

Sections

.text Size: 155KB - Virtual size: 154KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 4KB - Virtual size: 2.1MB

.vmp_(-) Size: 2.4MB - Virtual size: 2.4MB

.vmp_(-) Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 21KB - Virtual size: 21KB

.rsrc Size: 39KB - Virtual size: 39KB

camztlf Size: 1.1MB - Virtual size: 1.1MB

CODE Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 155KB - Virtual size: 154KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 4KB - Virtual size: 2.1MB

.vmp_(-)
Size: 2.4MB - Virtual size: 2.4MB

.vmp_(-)
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 39KB - Virtual size: 39KB

camztlf
Size: 1.1MB - Virtual size: 1.1MB

CODE
Size: 1.1MB - Virtual size: 1.1MB