vidar | 1116-56-0x0000000000400000-0x0000000000A22000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1116-56-0x...ry.exe

windows7-x64

1116-56-0x...ry.exe

windows10-2004-x64

Sharing

Static task

static1

ef400d64ade8db9c118b69928da0152d vidar

1 signatures

Behavioral task

behavioral1

Sample

1116-56-0x0000000000400000-0x0000000000A22000-memory.exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

1116-56-0x0000000000400000-0x0000000000A22000-memory.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

1116-56-0x0000000000400000-0x0000000000A22000-memory.dmp
Size

6.1MB
MD5

4a08b3dc7d9a9923e9c2b467bb27b0aa
SHA1

669aafb805761564f67fe6e77723c611f81d8428
SHA256

57b706e38139c83c4bf9bdca0280cedf3f5185c91d75a71a37fca748bc07a9a7
SHA512

cbf6df317fbb79747ae12c84d23d928a6953ab7e8be28a455db004ee9de333ad063a1c01ee2bf97a94e00c977d5951f88f1b09a18ef0a8aaa2a035c6b35fcddb
SSDEEP

196608:I0nAVcO0jG9bTIYAuTHYIDX4mR4JdnW3aj:UVcfjGJTIYpHvIe4DW

Score

10^/10

ef400d64ade8db9c118b69928da0152d vidar

Malware Config

Extracted

Family

vidar

Version

3

Botnet

ef400d64ade8db9c118b69928da0152d

C2

https://t.me/zaskullz

https://steamcommunity.com/profiles/76561199486572327

http://135.181.87.234:80

Attributes

profile_id_v2
ef400d64ade8db9c118b69928da0152d

Signatures

Vidar family
vidar

Files

1116-56-0x0000000000400000-0x0000000000A22000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 3.1MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy