Behavioral task
behavioral1
Sample
1912-56-0x0000000000400000-0x000000000046A000-memory.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1912-56-0x0000000000400000-0x000000000046A000-memory.exe
Resource
win10v2004-20221111-en
General
-
Target
1912-56-0x0000000000400000-0x000000000046A000-memory.dmp
-
Size
424KB
-
MD5
06bfd01a9c5c3f18fd5826ed92034fa8
-
SHA1
2848e4fc3155655f17e15fe57a363efb33960207
-
SHA256
7a7fa77eb5d664824ab4225e0d18104ca2e07950d420a991a5953d8195948135
-
SHA512
453358a8469d9cd227db5207d81a06adf4d30de20105b2d26b8eb33c27865500e26023bc24c76e30686df43f03efbd3cc947bc095efbd9d40553b2e5b6481540
-
SSDEEP
6144:W3Tda56R/joxZWiT2XVAMVg8SyyEmWfB+3JvGoDUVgr:W3To56ljo+iUKM+n0fB+3lX7r
Malware Config
Extracted
vidar
2.1
408
https://t.me/jetbim
https://steamcommunity.com/profiles/76561199471266194
-
profile_id
408
Signatures
-
Vidar family
Files
-
1912-56-0x0000000000400000-0x000000000046A000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 248KB - Virtual size: 247KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ