vidar | 305620x00000000004000000x0000000002459000memory_JC[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

305620x00000000004000000x0000000002459000memory_JC.dmp
Size

32.3MB
MD5

4fb850dc6eb064b40689e7b8f9eed665
SHA1

6bb2948d157ef474ffb581ed2198344701aee7ef
SHA256

d8479a8c345f0033da382722cdfee377dee9b3329844feef10473ac64682beef
SHA512

70bad9fc03b0bb8f46b9082e1c6fcef51daa3c80ab3d0ec148e925e6015e4efc2c2d0413e83c5b38564501af980155e830e6081a4d32be819cf07be4a5b0b489
SSDEEP

12288:sNvC1zqjETs1z/hVBzeC+SuI3Ibyk8kE65:MvnQTs1zhnzTF4uVkF

Score

10^/10

vidar

Malware Config

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
305620x00000000004000000x0000000002459000memory_JC.dmp

Files

305620x00000000004000000x0000000002459000memory_JC.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ