vidar | b2450979aa3f7d8f9c8442e00efa77c2[.]bin | Triage

Sharing

General

Target

b2450979aa3f7d8f9c8442e00efa77c2.bin
Size

424KB
MD5

b2450979aa3f7d8f9c8442e00efa77c2
SHA1

c3bd88e049a794d5faa30f19a392d0053d4e5e17
SHA256

37900730c765d65c6ff1eb8f8430e8b016512beb5b3e442ad74bb5e690b05fa6
SHA512

14bcefc8d8e733c4700ba68dba77fe9eb2f810bc257296cc46134ae7b1c6b3976d6ff4ab100568e37570540db99854aba4d6d7706d36c0dabb318b12da9edc6b
SSDEEP

6144:y9XMgWCxEV+JM6FhWbkQm8GEPkiU23dSFAiDD1TBuhTEA:iMgWCxzJMvzGKki/3giiDBTB4

Score

10^/10

vidar

Malware Config

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2450979aa3f7d8f9c8442e00efa77c2.bin

Files

b2450979aa3f7d8f9c8442e00efa77c2.bin
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ