vidar | 2924-55-0x0000000001000000-0x000000000188E000-memory[.]dmp

General

Target

2924-55-0x0000000001000000-0x000000000188E000-memory.dmp
Size

8.6MB
MD5

1392e45524b42b9caf1e646e4196d644
SHA1

4f5ac170c47b43b61a9c964f1139f67dd0abb5cb
SHA256

3326cd29b73c9441b583f10503a73dc0afbd0c42c9deb71b2994c7ed3c92b5e0
SHA512

5b5de516e26f50a301891222745d69e92401c63bc058f4162473c80ca7cd6c6e2b0697e2810d34fa2f4f9cdb64b90359703043e11c56c1c0ebf61433d0b44940
SSDEEP

196608:oiEjJ9y75JGWkBrj20X4y5p06rnW3EmW+TDNsDW8/cV3EpK1A:gJ9S5kB32XWLrnARrDNsDW10

Score

10^/10

https://t.me/eagl3z vidar

Malware Config

Extracted

Family

vidar

Version

4.7

Botnet

https://t.me/eagl3z

C2

https://t.me/eagl3z

https://steamcommunity.com/profiles/76561199159550234

Attributes

profile_id_v2
https://t.me/eagl3z
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1788.0 uacq

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2924-55-0x0000000001000000-0x000000000188E000-memory.dmp

Files

2924-55-0x0000000001000000-0x000000000188E000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VTw
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.B+*
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fdx
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 282KB

.rdata Size: - Virtual size: 63KB

.data Size: - Virtual size: 265KB

.VTw Size: - Virtual size: 2.8MB

.B+* Size: 1KB - Virtual size: 1KB

.fdx Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 266KB - Virtual size: 265KB

.text
Size: - Virtual size: 282KB

.rdata
Size: - Virtual size: 63KB

.data
Size: - Virtual size: 265KB

.VTw
Size: - Virtual size: 2.8MB

.B+*
Size: 1KB - Virtual size: 1KB

.fdx
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 266KB - Virtual size: 265KB