vidar | 03141099[.]dmp | Triage

Sharing

General

Target

03141099.dmp
Size

520KB
MD5

4455e427f1734fe13543725a2c3c38fb
SHA1

3d837c7802aa0fd285bea29c14ddd35b4aca0b9e
SHA256

47ee2d846e05f1b3e3d09cb9506c6763f072f8bd3f66442e26ac5fe751500c4b
SHA512

3a1e1abb396f8bfa262286702348ddabbef005d0271424ad7c5252828e795085cb997bc79f2a7c18ca92c52d212f4b8e4a2d41021c674b874767fd47b817ef06
SSDEEP

6144:EkeKqkWdcvlIiwPbd2KWjWrl97HlzaxVdWzaRphW07u1q0hjPMC05EInthomi:5eKSKLyd2KWirL7HlzaxRj0q6+7t

Score

10^/10

vidar

Malware Config

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03141099.dmp

Files

03141099.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ