vidar | 960-0-0x0000000000210000-0x0000000000277000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

960-0-0x0000000000210000-0x0000000000277000-memory.dmp
Size

412KB
MD5

f6c65c773d14a736b19aee79f1527247
SHA1

9092da2446bedc9db5d212131169267d88dd3900
SHA256

0b2b6ccc2fac62340cee7cb01f4a26fa7da114b60f15438a623c0c4b22ac247a
SHA512

6e4cfa96fbfdd62e58085bcfb8ec98ee0733899ca22129408066ce735ad8b3f68919a2738088104db5ba1fc6d47a731d05bab77cac490bd01ff315839af0101a
SSDEEP

6144:AfRu6YVsXpp/U7lf3E1DEBbAUUkFhfDs1w/u7rYjCQYpl9zjP:sRu6Y28U1DRU7Hg1w/u7qVYpDjP

Score

10^/10

stealer vidar

Malware Config

Signatures

Detect Vidar Stealer 1 IoCs

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
960-0-0x0000000000210000-0x0000000000277000-memory.dmp

Files

960-0-0x0000000000210000-0x0000000000277000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 213KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE