vidar | 3a29214c3a66734c4213be2307f42e30568548e4f0493eb246be3cdc1345ceb1[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3a29214c3a66734c4213be2307f42e30568548e4f0493eb246be3cdc1345ceb1.exe
Size

5.2MB
MD5

9c49281d063296a545c79bf288d4c3bf
SHA1

403babf2b5811ba796517ce45235d261ad858620
SHA256

3a29214c3a66734c4213be2307f42e30568548e4f0493eb246be3cdc1345ceb1
SHA512

373554c2a6fc6625a0f0154cb17d15bc08117002d95f0c477e0646d44eceb6e9b2ac24f871bd5b402e06db2b9feb7e54379b1b9671c8e5bed2b1e7368591eda0
SSDEEP

98304:Q4Po4Zx7ojYK3zPfNsnigfraV3/x21RNPa9SeR7Tf8J1Q+SS5/nO8:QOxkMK3zPCniYGV48eSS5vO8

Score

10^/10

stealer 22857ff23603709764e7e7e3e4fd64bf vidar

Malware Config

Extracted

Family

vidar

Version

10.8

Botnet

22857ff23603709764e7e7e3e4fd64bf

https://steamcommunity.com/profiles/76561199761128941

https://t.me/iyigunl

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a29214c3a66734c4213be2307f42e30568548e4f0493eb246be3cdc1345ceb1.exe

Files

3a29214c3a66734c4213be2307f42e30568548e4f0493eb246be3cdc1345ceb1.exe
.exe windows:5 windows x86 arch:x86

7b5a8d7a6a007050bb3907e879153095

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_EH_prolog
memset
memcmp
strcmp
rand
strncpy
malloc
_wtoi64
atexit
??_V@YAXPAX@Z
memchr
strcpy_s
_time64
__CxxFrameHandler3
strtok_s
strchr
memcpy
??_U@YAPAXI@Z
strlen
memmove
srand

kernel32

LCMapStringW
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetCurrentProcess
FlsAlloc
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
ConvertDefaultLocale
SetCriticalSectionSpinCount
GetLastError
ReadFile
CloseHandle
WriteFile
CreateFileW
GetTempPathW
Sleep
GetProcAddress
lstrlenA
GetStringTypeW
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
VirtualQueryEx
OpenProcess
GetComputerNameA
FileTimeToSystemTime
CreateProcessA
WaitForSingleObject
CreateThread
GetDriveTypeA
GetLogicalDriveStringsA
CreateDirectoryA
LoadLibraryA
SetFilePointer
GetFileSize
GetFileInformationByHandle
lstrcpyA
MapViewOfFile
CreateFileMappingA
CreateFileA
SystemTimeToFileTime
GetLocalTime
GetTickCount
lstrcatA
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsSetValue
TlsGetValue
GetModuleFileNameW
GetStdHandle
GetModuleHandleW
RtlUnwind
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateProcess
DecodePointer
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer

user32

GetDesktopWindow
wsprintfW
MessageBoxA
GetWindowContextHelpId
GetWindowLongW
RegisterClassW
IsWindowVisible
IsDialogMessageW
CharToOemA

advapi32

RegOpenKeyExA
RegGetValueA
GetUserNameA
GetCurrentHwProfileA

shell32

SHFileOperationA

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

shlwapi

ord155

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.0MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

7b5a8d7a6a007050bb3907e879153095

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 5.0MB - Virtual size: 7.1MB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 5.0MB - Virtual size: 7.1MB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 29KB - Virtual size: 29KB