vidar | 856-0-0x0000000000290000-0x00000000002F5000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

856-0-0x0000000000290000-0x00000000002F5000-memory.dmp
Size

404KB
MD5

1b735be2094e2f5dbaa7dd278ea3c71b
SHA1

31c4dc481720d62cf4e81f08735b1621df9fdb00
SHA256

4716f79eccbf397439f2ce100ae9c5310d2f9c26c7dbfaf58705f132ee7352a0
SHA512

2e615bc68dcf98e24b7dee4d74793d355f494627c13bacea6f148ddc276b4b5778c2cdc90f363e37a99b51500dcdf310702e03b04a827676fb83920af3fbcc0a
SSDEEP

12288:m/WGO1TU4Mz9wR5l5hVNaFFnj7F94UUxO0:G8TUvwR5l5LSp94t0

Score

10^/10

stealer vidar

Malware Config

Signatures

Detect Vidar Stealer 1 IoCs

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
856-0-0x0000000000290000-0x00000000002F5000-memory.dmp

Files

856-0-0x0000000000290000-0x00000000002F5000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 1024B - Virtual size: 969B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 211KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ