vidar | fbfc67bfdd88afexeexeexeex[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fbfc67bfdd88afexeexeexeex.exe
Size

424KB
MD5

fbfc67bfdd88afb343e02c9dac1cc237
SHA1

49b36681d175fe68f299cba18b6fbdc8f07e1973
SHA256

0b8b223cd9ad2503d47568ca2e47300cea658a750aa31405852f18fd177dbb76
SHA512

0ddcc1d028ec52d89a8b5e62a2fc55072331daeae3cdd0d0dacea5db34285e54461cd901c8bf1af01f7eea4f1f9e2dfc2a0f7e27ae2917b3a885119ef573436b
SSDEEP

6144:TBA0i2uim7rAPtf9w8zSRWBt9JPpr+hTNWzYIRh6pIm7u1:TG0iwj9w8zS4BPJPpr+RI20

Score

10^/10

vidar

Malware Config

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbfc67bfdd88afexeexeexeex.exe

Files

fbfc67bfdd88afexeexeexeex.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ