Release V2.exe Stealer Vidar Analysis

Stealer Vidar

Updated on 2025-03-24 (16 days ago)

Online Virus Checker	v.1.0.211.174
DB Version:	2025-03-24 06:01:14

Spy.Win32.Vidar.tr

Vidar is a highly dangerous malware that specializes in stealing both personal information and cryptocurrency from infected users. Named after the ancient Scandinavian god of Vengeance, Vidar lives up to its name by silently infiltrating systems, logging keystrokes, and extracting valuable data. It also targets cryptocurrency wallets and can drain victims' digital assets, making it a dire threat to online privacy and financial security.

File	Release V2.exe
Checked	2025-03-24 04:48:00
MD5	d66a2cf99c5b51e32d5421e77e36eaf0
SHA1	c59dbdc27aa2d0121f34fbf1012ff588f5ecd35e
SHA256	fcb41b6beaad2db4ac83aec31f4382cf885d3e00ce49bd5e38e3b4b03909545c
SHA512	53ff96ac477b98845590a0ae1b68aaad5aee0ba76e4074e6037548688c9451856bc1857092d1d92cb0229cd34b8799436b031bc3bf9071d21c335cff4b652616
Imphash	8c7bb6ca5cc13acbfbef6ed019375e6e
File Size	9702820 bytes

Spy.Win32.Vidar.tr Removal

Gridinsoft has the capability to identify and eliminate Spy.Win32.Vidar.tr without requiring further user intervention.

Start by downloading Gridinsoft Anti-Malware to your computer.
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
Click on the "Standard Scan" button.
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
If prompted, restart your system to complete the removal process.

File Version Information

CompanyName	AtomPark Software Inc.
FileDescription	Atomic Email Hunter (e-mail addresses extractor)
FileVersion	15.20.0.485
InternalName	emh
LegalCopyright	Copyright (c) AtomPark Software Inc., 2001-2021. All rights reserved.
LegalTrademarks	AtomPark, Atomic Email Hunter
OriginalFilename	AtomicEmailHunter.exe
ProductName	Atomic Email Hunter
ProductVersion	15.20
Comments	Main site with all our e-mail marketing software is www.massmailsoftware.com
Translation	0x0409 0x04e4

Portable Executable Info

	965d59b29864f0495024a747b99ff929 d0de38c7a9841b60b64a9cf9b7ed3986 dadadad2d6dce0ac
Image Base:	0x00400000
Entry Point:	0x00401000
Compilation:	2021-12-21 10:37:31
Checksum:	0x06a28057 (Actual: 0x0094b4d1)
OS Version:	5.0
PEiD:	PE32 executable (GUI) Intel 80386, for MS Windows
Sign:	The expected hash does not match the digest in SpcInfo
Sections:	13
Imports:	kernel32, oleaut32, advapi32, user32, gdi32, version, shfolder, netapi32, ole32, comctl32, msvcrt, shell32, wininet, comdlg32, winspool, oleacc, winmm, shlwapi, winhttp, d3d9,
Exports:	1
Resources:	360

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Entropy
	0x00001000	0x00ef6000	0x003e4800	7ded47a5b16c705937176bf446867568	8.00
	0x00ef7000	0x00007000	0x00003600	7ffae33ccafdb35dcdc942ec75e0e3e9	7.99
	0x00efe000	0x0005a000	0x00028a00	888358f0502bdde621158cf49f96bf99	8.00
	0x00f58000	0x0009e000	0x00000000	d41d8cd98f00b204e9800998ecf8427e	0.00
	0x00ff6000	0x00005000	0x00004800	b1887a8ba34daab8586f6133a7596763	7.99
	0x00ffb000	0x00007000	0x00001800	4d02ac2052bde7adc4ea110a0e14d6c9	7.97
	0x01002000	0x00001000	0x00000200	25a7527ba3ae644aff87f83dc8a5af3b	1.22
	0x01003000	0x00001000	0x00000000	d41d8cd98f00b204e9800998ecf8427e	0.00
	0x01004000	0x00001000	0x00000200	d7d7d5eabb641a14f9d1b2a957fda37e	1.41
	0x01005000	0x0014b000	0x00000000	d41d8cd98f00b204e9800998ecf8427e	0.00
.rsrc	0x01150000	0x0028c000	0x0028b400	57d405423e76ef239f547bc64c6a38b5	6.12
.aehd	0x013dc000	0x00080000	0x0007fe00	bb25981d398849838808c0d1584cd1ba	7.96
.adata	0x0145c000	0x0001b486	0x0001a600	64e7c37ebe25f7f7da9ca647c9120de5	7.95

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

5 4 3 2 1