vidar | 8596a09b13a16ccfd1e61533439b66f32f3ba2af8aaaa6369b94fba34bf558b9[.]zip

General

Target

8596a09b13a16ccfd1e61533439b66f32f3ba2af8aaaa6369b94fba34bf558b9.zip
Size

560KB
MD5

828eed7ae0c7ddb6524dba92549b1f60
SHA1

bf9f30c499f3c2109decce3083e541d8f53bc0c7
SHA256

5132914c6b66b0660749c8820fc8bd2a733cc575bf8ba86752f6c36638b62fbb
SHA512

4e7856fc6bd34e61b530053f9f2e66b047dea60c739bd7490fe55e1e31aa9a14385b1386d729311b598b99fc21677bbf2a26a7eb1b09cf29c9f38d8245e7dc89
SSDEEP

12288:IOvFfX5D4TixqGkeW4bCLsxxA36TSXR9QjULkivpFb/9biXu:IsFPp4GqGk2bCLCxA3dDMs4Xu

Score

10^/10

stealer vidar

Vidar Stealer 1 IoCs

stealer

resource	yara_rule
static1/unpack001/8596a09b13a16ccfd1e61533439b66f32f3ba2af8aaaa6369b94fba34bf558b9	family_vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8596a09b13a16ccfd1e61533439b66f32f3ba2af8aaaa6369b94fba34bf558b9

8596a09b13a16ccfd1e61533439b66f32f3ba2af8aaaa6369b94fba34bf558b9.zip
.zip

Password: infected
8596a09b13a16ccfd1e61533439b66f32f3ba2af8aaaa6369b94fba34bf558b9
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE