Neconfirmat 977073.crdownload Stealer Vidar Analysis
| Online Virus Checker | v.1.0.172.174 |
| DB Version: | 2024-04-19 23:00:25 |
Spy.Win64.Vidar.tr
Vidar is a highly dangerous malware that specializes in stealing both personal information and cryptocurrency from infected users. Named after the ancient Scandinavian god of Vengeance, Vidar lives up to its name by silently infiltrating systems, logging keystrokes, and extracting valuable data. It also targets cryptocurrency wallets and can drain victims' digital assets, making it a dire threat to online privacy and financial security.
| File | Neconfirmat 977073.crdownload |
| Checked | 2024-04-19 23:58:08 |
| MD5 | 1a1c728fc6d1eb46d64dff3858488b42 |
| SHA1 | 008194eb6a429096a745d205cc6eff2d05d709cf |
| SHA256 | 3c67ddeb2426bfd91144dd8ca4ec06ee20578105514ad629c830e194bfd65893 |
| SHA512 | b9e0095010c8e53bc7b8bc7e2b97e10da7a0cd4443758a44d82c7ffd7cc1e49b575fe3a5be832c02ac67d194ec45f97614c944ed731c819225088ca4230a4857 |
| Imphash | 5842498648e6235b14c52019b9eb5c2b |
| File Size | 4539272 bytes |
Spy.Win64.Vidar.tr Removal
Gridinsoft has the capability to identify and eliminate Spy.Win64.Vidar.tr without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
| Comments | Notepad3 |
| FileDescription | Notepad3 |
| InternalName | Notepad3 |
| ProductName | Notepad3 |
| CompanyName | © Rizonesoft |
| FileVersion | 6.23.203.2 |
| ProductVersion | 6.23.203.2 |
| LegalCopyright | Copyright © 2008-2023 Rizonesoft |
| OriginalFilename | Notepad3.exe |
| Translation | 0x0409 0x04b0 |
Portable Executable Info
 |
879c398be168801c7b1be4dcec09fdea bf8b8a189605e51fbb680609ba2b00fd f8c4d4c8c8c4c0c1 |
| Image Base: | 0x140000000 |
| Entry Point: | 0x14028d8b4 |
| Compilation: | 2023-02-03 19:53:27 |
| Checksum: | 0x00457869 (Actual: 0x00457869) |
| OS Version: | 6.0 |
| PDB Path: | D:\Rizonesoft\Develop\Notepad3\Bin\Release_x64_v143\Notepad3.pdb |
| PEiD: | PE32+ executable (GUI) x86-64, for MS Windows |
| Sign: | The expected hash does not match the digest in SpcInfo |
| Sections: | 7 |
| Imports: | ntdll, COMCTL32, SHLWAPI, USER32, KERNEL32, GDI32, COMDLG32, ADVAPI32, SHELL32, ole32, OLEAUT32, IMM32, |
| Exports: | 14 |
| Resources: | 130 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x002e3fd6 | 0x002e4000 | 9b7bfc7fdacbbb819af50c21a53278fd | 6.56 |
| .data | 0x002e5000 | 0x000a3780 | 0x0008e400 | 84130d4c56e1f27461f11bc25665720a | 1.22 |
| .pdata | 0x00389000 | 0x00012a8c | 0x00012c00 | b3d674afa034b2ec84a16cf6a3eec2c2 | 6.22 |
| .idata | 0x0039c000 | 0x00004994 | 0x00004a00 | f6e70d2d992f45650f9aa25fa553f89d | 4.87 |
| _RDATA | 0x003a1000 | 0x0000015c | 0x00000200 | d7c278b64106389b67723546cd60da12 | 5.19 |
| .rsrc | 0x003a2000 | 0x000c3378 | 0x000c3400 | d9e9b25262a2fe4c0e334d43bd16031c | 5.05 |
| .reloc | 0x00466000 | 0x00004478 | 0x00004600 | 6b57ba00900b00f28a489179aff455ef | 5.42 |
