vidar | 920-54-0x0000000000980000-0x0000000000FE7000-memory[.]dmp

General

Target

920-54-0x0000000000980000-0x0000000000FE7000-memory.dmp
Size

6.4MB
MD5

7b72bd4852ef931b5e520f5e030bdb0a
SHA1

f909c6d9aaac414f9615a6d8dfeedb55b34e17cd
SHA256

4302f77368faa04ed6c542080bcf46c9321711b055c3e49300d4262e20f52f66
SHA512

8ed62ec41e07f1d5f4bbb1301f6a5c4eaeb8ae9ce64b720d14fc239c864bc82547daae3da3cc21405a857e9fb55cdeb5f248f0727d0cfd1f42685627bba1fab0
SSDEEP

98304:mcGmWQK9p8YtWgrw4glfp1sSAtQEw1RUkOkPH/ZyM3sgst2Emr0p36CxFbsTh:f6jBNJglRKLtfw3Utk3jsgst2iP

Score

10^/10

d8e152358cfa1281bbf6acbfda2ced42 vidar

Malware Config

Extracted

Family

vidar

Version

3.5

Botnet

d8e152358cfa1281bbf6acbfda2ced42

C2

https://steamcommunity.com/profiles/76561199497218285

https://t.me/tg_duckworld

Attributes

profile_id_v2
d8e152358cfa1281bbf6acbfda2ced42
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
920-54-0x0000000000980000-0x0000000000FE7000-memory.dmp

Files

920-54-0x0000000000980000-0x0000000000FE7000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp]_--
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1_--
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpE_--
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 249KB

.rdata Size: - Virtual size: 61KB

.data Size: - Virtual size: 84KB

.vmp]_-- Size: - Virtual size: 1.7MB

.vmp1_-- Size: 1024B - Virtual size: 836B

.vmpE_-- Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 15KB - Virtual size: 347KB

.text
Size: - Virtual size: 249KB

.rdata
Size: - Virtual size: 61KB

.data
Size: - Virtual size: 84KB

.vmp]_--
Size: - Virtual size: 1.7MB

.vmp1_--
Size: 1024B - Virtual size: 836B

.vmpE_--
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 15KB - Virtual size: 347KB