Behavioral task
behavioral1
Sample
1164-61-0x0000000000400000-0x000000000046A000-memory.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1164-61-0x0000000000400000-0x000000000046A000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
1164-61-0x0000000000400000-0x000000000046A000-memory.dmp
-
Size
424KB
-
MD5
a40ee927b385944c689d6f312bf4edfa
-
SHA1
eb28be9442014598418698e2de3877a67e899004
-
SHA256
65ed38c5fb77460a939140e253f15441ec480cadf88a3c71acb362680ae5368e
-
SHA512
f36202ee54956ebee6a52d5d3fae8342ca68220cac8b8248b4499e09dac39b3370367cf3a4bba8d9240d58a2b5f36023130fdce4c58dfbf2aaffbd2cc2524148
-
SSDEEP
6144:47TdaVFzh7KHBC5oAX8awMc6CLl+EVivve60V5t9iARbUnAF0R:47ToVFd7Kw5oD5MrV+ivve60rjdRoR
Malware Config
Extracted
vidar
2.2
754
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
754
Signatures
-
Vidar family
Files
-
1164-61-0x0000000000400000-0x000000000046A000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 248KB - Virtual size: 247KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ