Libwinpthread-1.dll Stealer Vidar Analysis
Technical Analysis
| File Name | libwinpthread-1.dll |
| File Type |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| Scanner Version | 1.0.236.174 |
| Database Version | 2026-01-22 20:00:18 UTC |
Spy.Win64.Vidar.tr
Malware family: Vidar
Scan Another File
File Identification
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
7d7a56c219db002f29659790d5846e53
|
|
| SHA1 |
14e0bd88b69a10694ce8bb08753bd497e07c27ef
|
|
| SHA256 |
652ea2789f73a3dcb86f43dbdfe714430f47621282fb1d6e638d82ec6ac6fcb0
|
|
| SHA512 |
2d64dbab427db5d4f8da75758c123576c4533cf41c6c1bca7d4880cfd4edd04c8339a3501679c5bfd2a9f45113d6d5563332ec6518482f25a1dc7c1f91e9868a
|
|
| ImpHash |
d3f21dae9381f52b4e334207c173a6a7
|
PE Analysis
Basic Information
▼| Image Base | 0x180000000 |
| Entry Point | 0x180118fa4 |
| Compilation Time | 2025-10-11 00:36:48 |
| Checksum | 0x0057275a (Actual: 0x00572b76) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
| Digital Signature | No valid SignedData structure was found. |
| Imports |
10 libraries
ADVAPI32, bcrypt, KERNEL32, ole32, USER32, api-ms-win-crt-math-l1-1-0, api-ms-win-crt-heap-l1-1-0, api-ms-win-crt-string-l1-1-0, api-ms-win-crt-convert-l1-1-0, api-ms-win-crt-runtime-l1-1-0 |
| Exports | 156 functions |
| Resources | 2 Resources |
| Sections | 6 Sections |
Version Information
▼| Translation | 0x0000 0x04b0 |
| CompanyName | Wantoners Antilethargic Ltd. |
| ProductName | Axonemes Yaquina |
| FileDescription | Intransitable junglegym pug uroporphyrin diphenylhydantoin pleuras blastoffs ostalgia. |
| FileVersion | 3.43.812.4 |
| ProductVersion | 3.43.812.4 |
| OriginalFilename | GeodynamicistPhyllodiniation.exe |
| InternalName | Chalta Nonreparable |
| LegalCopyright | © 2026 Wantoners Antilethargic Ltd. |
| Translation | 0x0000 0x04b0 |
| CompanyName | Wantoners Antilethargic Ltd. |
| ProductName | Axonemes Yaquina |
| FileDescription | Intransitable junglegym pug uroporphyrin diphenylhydantoin pleuras blastoffs ostalgia. |
| FileVersion | 3.43.812.4 |
| ProductVersion | 3.43.812.4 |
| OriginalFilename | GeodynamicistPhyllodiniation.exe |
| InternalName | Chalta Nonreparable |
| LegalCopyright | © 2026 Wantoners Antilethargic Ltd. |
PE Sections
▼| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
1,169,656 bytes | 1,169,920 bytes | 6.58 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
8B81AF6447E25FCE36DCA646D102D4E1 |
.rdata |
0x0011f000 |
4,435,908 bytes | 4,435,968 bytes | 4.83 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
A28AD2DB49D4DEFE5363EC03A6A92B5B |
.data |
0x0055a000 |
328,368 bytes | 6,656 bytes | 3.18 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
F8BF7271DB571C845A2DE8B35C4287EC |
.pdata |
0x005ab000 |
67,224 bytes | 67,584 bytes | 6.11 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
51D85398EE80E73E133A915583FE7036 |
.rsrc |
0x005bc000 |
2,112 bytes | 2,560 bytes | 3.90 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
F0FC5B28ACA44E9C5270E9BAF45F7362 |
.reloc |
0x005bd000 |
1,508 bytes | 1,536 bytes | 5.32 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
1CFA44F583D72F1BFEDABAEE08DF7B71 |
Entropy Analysis Alert
1 section(s) with elevated entropy (≥6.5) - possible compression
Resource Analysis
▼| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_VERSION | 2 | 2,000 bytes |
Certificate Chain Analysis
▼No Digital Signatures
This file is not digitally signed.
Security Implications:
- Cannot verify the publisher's identity
- Increased security risk when running this file
- May trigger security warnings on some systems
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
Certificate Verification Status
No valid SignedData structure was found.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Spy.Win64.Vidar.tr Removal
Gridinsoft has the capability to identify and eliminate Spy.Win64.Vidar.tr without requiring further user intervention.
Download Anti-MalwareRemoval Instructions
Follow these steps to completely remove the threat from your system
-
1
Get Gridinsoft Anti-Malware — it's a quick 2 MB download that won't slow down your PC.
-
2
Run the installer gsam-en-install.exe. The setup takes about 2 minutes and doesn't require a restart.
-
3
The app launches right after installation. You'll see the main dashboard with the scan button front and center.
-
4
Hit "Standard Scan" — this checks all the spots where malware typically hides: temp folders, browser data, startup programs, and system directories.
-
5
Once the scan finds this threat, click "Clean Now". The removal usually happens instantly, though some stubborn infections may need a reboot.
-
6
If you see a restart prompt, go ahead and reboot. This clears any malware that was running in memory and ensures your system starts fresh.
Leave a Comment
Gridinsoft Anti-Malware
Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware
Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!
