vidar | f0cc7214d49d863502e39f603adab99426782061d66ff7355962ca7001f5d2c0[.]zip

General

Target

f0cc7214d49d863502e39f603adab99426782061d66ff7355962ca7001f5d2c0.zip
Size

525KB
MD5

1803cc72a211e5f5e3d581f127ea0a7c
SHA1

7950e980ee183299473d55c6fe07ea53f470ff4e
SHA256

8f89ae8a57b92b61f7575d07056f719842527a48bf90bd4bca5ea990278d65dc
SHA512

27c39b71e969093fb81e9f162228ea675ae60640fff9e41d7fb81181e7f0927f226df49e7f32d32af22f7a4a376af5af2f059e68b563cc76f900bfd822c5a865
SSDEEP

12288:IOvFfX5D4TixqGkeW4bCLsxxA36TSXR9ReyiVTPwcuBBd79:IsFPp4GqGk2bCLCxA3dDbyTYPBv

Score

10^/10

stealer vidar

Vidar Stealer 1 IoCs

stealer

resource	yara_rule
static1/unpack001/f0cc7214d49d863502e39f603adab99426782061d66ff7355962ca7001f5d2c0	family_vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f0cc7214d49d863502e39f603adab99426782061d66ff7355962ca7001f5d2c0

f0cc7214d49d863502e39f603adab99426782061d66ff7355962ca7001f5d2c0.zip
.zip

Password: infected
f0cc7214d49d863502e39f603adab99426782061d66ff7355962ca7001f5d2c0
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE