vidar | 1648-0-0x0000000000E90000-0x0000000002383000-memory[.]dmp | Triage

Sharing

General

Target

1648-0-0x0000000000E90000-0x0000000002383000-memory.dmp
Size

20.9MB
MD5

8460d11e30339f4224595dd8d2d33e47
SHA1

c739aee46786d361ed217e27293aad1843864f7a
SHA256

56faa968fe3d955c4a6a0d6f523ab4b5c51de8d61e6d19b7035ef6b59949e2c9
SHA512

0aa3c09da22f617f1c15a881bfceedf32e23a1365520da8671dc80bb03b2adce0f033ea541314bccc776a5dc943f3d94311b1b67f72b2317a12653e439a1be32
SSDEEP

393216:KIkZaFfXW8M26ASD/Ta/dzaDI1d5hNBNOFnOs+XZSo9JCow:KPEVXiA4La/yIBhjNx/XZR7tw

Score

10^/10

stealer vidar

Malware Config

Signatures

Detect Vidar Stealer 1 IoCs
stealer

Processes:

resource yara_rule

sample family_vidar_v7
Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1648-0-0x0000000000E90000-0x0000000002383000-memory.dmp

Files

1648-0-0x0000000000E90000-0x0000000002383000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.…²Î
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.…²Î
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp‰�
Size: - Virtual size: 973KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp‰�
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp‰�
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ