vidar | 44682490x0000000000400000[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44682490x0000000000400000.dmp
Size

472KB
MD5

e978fe339566d53e9e495b90760a28e2
SHA1

07708df13a6df5e36d99e5c29aebae9e5edf2d04
SHA256

0faf7d435800ada0302ad3fa1218e9858523e82eefe9a0edf64ea4b9a0475940
SHA512

8321647334a4330a5d78021603a331162a008d1dd113274bccd187177a2bfa6273667512fd6d714faef2066ad0941517d3e8b480f9f0d679229b5c373328957f
SSDEEP

6144:nCyiXVZhMMOP/AXh/PP6IEWEonebA8mUG05UJKH2khp9j5kz+i9moRQ1Jg4Eahrh:ndiXZMbKCxWIW+kmoRQ124EyiPjIn

Score

10^/10

vidar

Malware Config

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44682490x0000000000400000.dmp

Files

44682490x0000000000400000.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ