vidar | 1320-56-0x0000000000400000-0x0000000000CFD000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1320-56-0x...ry.exe

windows7-x64

1320-56-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

028df6cbdba463e023821488293c91a1 vidar

1 signatures

Behavioral task

behavioral1

Sample

1320-56-0x0000000000400000-0x0000000000CFD000-memory.exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

1320-56-0x0000000000400000-0x0000000000CFD000-memory.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

1320-56-0x0000000000400000-0x0000000000CFD000-memory.dmp
Size

9.0MB
MD5

e383177e93895db043c01d5f5d5e4901
SHA1

b2857e9006ac3f42c78f3cd2e16b3dd919209402
SHA256

2de42dd8ff780cc781ba384e6d5203c10d0cff839fa56fbe5bee2b62cc068492
SHA512

1996e4060391b95ef700e233b51223d86bc46a4bbb0f7f17569713e9e12007de81ea326fbe054d8fe589372e8f1772c70b393d25542ff0bb4c19b29b467ea646
SSDEEP

196608:l9AERVevb2aFS+zuoNs893ytaX8WufibsbToRx:EE/evb2IDuoNaafbAbTi

Score

10^/10

028df6cbdba463e023821488293c91a1 vidar

Malware Config

Extracted

Family

vidar

Version

3

Botnet

028df6cbdba463e023821488293c91a1

C2

https://t.me/zaskullz

https://steamcommunity.com/profiles/76561199486572327

http://135.181.87.234:80

Attributes

profile_id_v2
028df6cbdba463e023821488293c91a1

Signatures

Vidar family
vidar

Files

1320-56-0x0000000000400000-0x0000000000CFD000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 3.8MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy