vidar | 01954599[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01954599.dmp
Size

768KB
MD5

96db4dd5e615dfad66ef997bb1cd63b7
SHA1

fe7ae2fc5e046476e3d54c0d99a519f3f6e41d29
SHA256

164ce90ade9126f75719b22e55f43d92a73087fc6c0aa7c2629d0823f16326cf
SHA512

7bc7a38a62bdce8849855c357032ca36ff9120df0db4230a842b6fe65ccd2a67e91d6f8d81e8fb7c15041d6c24d2c91089bedce8a7e30381ef22bfdaf97bfd7b
SSDEEP

6144:IBA0i2uim7rAPtf9w8zSRWBt9JPpr+hTfWzYVRh6pa3F7u1:IG0iwj9w8zS4BPJPpr+PVX0

Score

10^/10

vidar

Malware Config

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01954599.dmp

Files

01954599.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ