Behavioral task
behavioral1
Sample
1052-58-0x0000000000400000-0x0000000000DA5000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1052-58-0x0000000000400000-0x0000000000DA5000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
1052-58-0x0000000000400000-0x0000000000DA5000-memory.dmp
-
Size
9.6MB
-
MD5
0b011f814e7610c7308f80764c219c7c
-
SHA1
48e38401c5f6a3ed88475b36d299025a82d53d51
-
SHA256
46474d0b89205cb854b2ef6afab6a845866ad0ced974acca5b97daf2312933b4
-
SHA512
585f963f6a9acf1ad1b453e44dc860e72df85a61f0820b636dfab963045dfc17f9d7b6f7209c5e7884e042fc5532a5fd114cbd73c78008f114816714740ed71f
-
SSDEEP
196608:U8CVygoDZRc9QRE9M0f0O1iv/WJUs5rlw:UnzSZRc6E9yvOz6
Malware Config
Extracted
vidar
55.9
1679
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1679
Signatures
-
Vidar family
Files
-
1052-58-0x0000000000400000-0x0000000000DA5000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.MPRESS1 Size: 4.3MB - Virtual size: 9.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.MPRESS2 Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 139KB - Virtual size: 138KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE