vidar | 2020-0-0x0000000000A30000-0x0000000000A98000-memory[.]dmp | Triage

Sharing

General

Target

2020-0-0x0000000000A30000-0x0000000000A98000-memory.dmp
Size

416KB
MD5

a29d44b38cb50b4c18e12ad0bde2e099
SHA1

7bb3e42b7864343b59c52891d0488f7db28b1cf7
SHA256

88f405e71132ecd479e92a2e4476d04e20925592a084200bf6124ce2708cba6b
SHA512

ca7a65f2a0e5e79afcc3f342593d994a61295e065570a757a3e4566b38e81ac1c102b9c328523fc8174ab8344f053959f81d54c46d99ab1b379bac8c91e13dda
SSDEEP

12288:6P679c7jRvwSvfDRU7Hg1w/u7qVYpZXRa:x792vwS3KHw/eVkZB

Score

10^/10

stealer vidar

Malware Config

Signatures

Detect Vidar Stealer 1 IoCs
stealer

Processes:

resource yara_rule

sample family_vidar_v7
Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2020-0-0x0000000000A30000-0x0000000000A98000-memory.dmp

Files

2020-0-0x0000000000A30000-0x0000000000A98000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bsS
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ