vidar | 02098999[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02098999.bin
Size

424KB
MD5

8425aa54584a46cdaf90c75df383387f
SHA1

6ac98c5008b6b882f3209b56a65efc1c721446ec
SHA256

040db272c8dc10f1416a07f9a63b8719c9919fcc966bee90a7f5bcc7341387c7
SHA512

d6c91e539f72db061b320d7cc72fb523e2d0f60e9f92480f652a773334188c22c1d2139115b4959dc2809b3857053a8783d8cd435eb66eb4fa8d3fb8db0a53d9
SSDEEP

6144:y9XMgWCxEV+JM6FhWbkQm8GEPkiU23dSFAiDD1TBuhTEAZ9m:iMgWCxzJMvzGKki/3giiDBTB4Xm

Score

10^/10

vidar

Malware Config

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02098999.bin

Files

02098999.bin
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ