vidar | 0x0028000000015e3d-6[.]dat

Sharing

Copy URL Twitter E-mail

General

Target

0x0028000000015e3d-6.dat
Size

312KB
MD5

14f7f948561051323a5550bab03b2515
SHA1

d7c6fbfdbfd6c95037810db1558a0dab3fdd61ff
SHA256

34f29567ce5f19c9a4cc6752b1e7c6e56f04d4b4622e164181cbe7089b5543c4
SHA512

5c6dc6658e06140861304ec4a8dbb1daaee50c0c39699651be5c684bc0e9f89819472449abe59f0fc27cf0cf54a9788199b5eb2c5093c8440f9bad8fe9bcf9bd
SSDEEP

6144:Asf1jvN8Q2xaWEbescwLR17I4eDuUQEIGk9ZRDNZMpShgaW:AgW2h1lwIGkJDNSp

Score

10^/10

vidar

Malware Config

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0028000000015e3d-6.dat

Files

0x0028000000015e3d-6.dat
.dll windows:5 windows x86

3d58e071cb811cf4eae1921da96a7569

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
LocalAlloc
lstrlenW
lstrcatW
HeapAlloc
GetProcessHeap
GetProcAddress
LoadLibraryA
GetCurrentProcess
DisableThreadLibraryCalls
GetLogicalProcessorInformationEx
lstrlenA
CloseHandle
FindNextFileW
FindFirstFileW
SetEndOfFile
VirtualProtect
ExitProcess
CreateFileW
CreateFileA
SetStdHandle
WriteConsoleW
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
GetLocaleInfoW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetLastError
HeapFree
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
LCMapStringW
GetCPInfo
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeW

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

Exports

Exports

Start

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d58e071cb811cf4eae1921da96a7569

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 221KB - Virtual size: 220KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 7KB - Virtual size: 84KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 221KB - Virtual size: 220KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 7KB - Virtual size: 84KB

.reloc
Size: 21KB - Virtual size: 20KB