Malicious
Malicious

4f46075552500da5b19b711285a5152d

PE Executable
MD5: 4f46075552500da5b19b711285a5152d
Size: 216.58 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics
Hash
Hash Value
MD5
4f46075552500da5b19b711285a5152d
Sha1
0fda1bfcc63a8198882a0bbfcfdc1e40bc001df8
Sha256
ea37cf74d52ae3a829b32b3c91f940132a649ec854b2d2377ef82c523fff7fe4
Sha384
69ad02b04e3df66e5cf5598e105fc3b7b55d64f406c7bd5bcde9419afe53e9365a765121f82edf34dabde2b8ec34f910
Sha512
092c97f3c56fd836ca77a64cae7b8de6ba538831ff3404bf6316d9b0d9dc0813abcf9725392767ae1fd6f1de67f7250bab71eed48e8359e7b170197d8aca8683
SSDeep
6144:n3WOArZU5HEl9YKmfeHvkZWNEbgN4YYYYE:3fA1U5HEl8eHvkZWNEHYYYY
TLSH
C3246B217680C13BC19B1A3196BF9FB618BCAA35176581CBB7904EB91E707D1FE3470A

PeID

MS Visual C++ v7.0 DLL
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ v6.0 DLL
Private EXE Protector V2.30-V2.3X -> SetiSoft Team
Visual C++ 2003 DLL -> Microsoft
Visual C++ 2005 DLL -> Microsoft
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0002
ID:1033
Malware Configuration - Vidar Config. Remote Dll Download #1
Config. Field
Value
C2

https://ifconfig.me/ip��https://api.ipify.org���k�e�r�n�e�l�3�2�.�d�l�l���������%�d�����G�r�o�u�p�N�a�m�e��� � �����c�l�i�e�n�t�.�g�r�o�u�p�����C�l�i�e�n�t�����C�o�n�s�o�l�e���P�u�b�l�i�c�W�a�n�I�p���LoginModule� ���????����R�E�M�A�R�K�����A�p�p�E�v�e�n�t

Botnet

s���N�e�t�w�o�r�k���x�6�4���x�8�6���X�8�6� �%�s����� g��X���??:�%�s� ��_:�%�d�.�%�d�.�%�d� �%�d�:�%�d�:�%�d�����X�8�6���Am??����A�p�a�t�e�D�N�S�����M�a�l�w�a�r�e�b�y�t�e�s�����T�C�P�E�y�e�����T�a�s�k�E�x�p�l�o�r�e�r�����C�u�r�r�P�o�r�t�s���P�o�r�t�����M�e

UserAgent

t�a�s�c�a�n�����W�i�r�e�s�h�a�r�k���?N?R?{thV��D??n?v??hV��Q?~R?g����F�i�d�d�l�e�r���kp?~����C�a�p�s�a���S�n�i�f�f���P�r�o�c�e�s�s���?c:y&{��o�p�e�n�����k�e�y���1���%�4�d�.�%�2�d�.�%�2�d�-�%�2�d�:�%�2�d�:�%�2�d��� �������C�L�S�I�D�\�{�%�.�8�X�-�%�.�4�X

[Configuration Offset]

0x000282E0

Malware Configuration - Vidar Config. Remote Dll Download #2
Config. Field
Value
C2

https://api.ipify.org���k�e�r�n�e�l�3�2�.�d�l�l���������%�d�����G�r�o�u�p�N�a�m�e��� � �����c�l�i�e�n�t�.�g�r�o�u�p�����C�l�i�e�n�t�����C�o�n�s�o�l�e���P�u�b�l�i�c�W�a�n�I�p���LoginModule� ���????����R�E�M�A�R�K�����A�p�p�E�v�e�n�t�s���N�e�t�w�o�r�k���x�6

Botnet

4���x�8�6���X�8�6� �%�s����� g��X���??:�%�s� ��_:�%�d�.�%�d�.�%�d� �%�d�:�%�d�:�%�d�����X�8�6���Am??����A�p�a�t�e�D�N�S�����M�a�l�w�a�r�e�b�y�t�e�s�����T�C�P�E�y�e�����T�a�s�k�E�x�p�l�o�r�e�r�����C�u�r�r�P�o�r�t�s���P�o�r�t�����M�e�t�a�s�c�a�n�����W�i�r�e

UserAgent

s�h�a�r�k���?N?R?{thV��D??n?v??hV��Q?~R?g����F�i�d�d�l�e�r���kp?~����C�a�p�s�a���S�n�i�f�f���P�r�o�c�e�s�s���?c:y&{��o�p�e�n�����k�e�y���1���%�4�d�.�%�2�d�.�%�2�d�-�%�2�d�:�%�2�d�:�%�2�d��� �������C�L�S�I�D�\�{�%�.�8�X�-�%�.�4�X�-�%�.�4�X�-�%�.�2�X�%�.

[Configuration Offset]

0x000282F8

Informations
Name
Value
Info

PE Detect: PeReader OK (file layout)

4f46075552500da5b19b711285a5152d (216.58 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙