vidar | 2960-0-0x0000000000400000-0x0000000000657000-memory[.]dmp | Triage

Sharing

General

Target

2960-0-0x0000000000400000-0x0000000000657000-memory.dmp
Size

2.3MB
MD5

3018b3055c2e662415148cff65f6a1c9
SHA1

270be87e1676f7a5ca9858384000efb32c62d12f
SHA256

81c7e36cf9b7b7d446a5e3967ddd27f751865183f3cf2b5bf2e3c95b1cbcbc69
SHA512

98c3083ded5762b2bafd5f34498f7274062d2ba110957a08711a4c33b0c1c57a2b2fff07a4617fd4d45cf59aa6cc9ddcea17c9683dcb75d0925b203558cab97f
SSDEEP

3072:+GC9MbkR5GdiEnQBNIzAc1xwb27+cWN+EysofbxhCemXUq0fBp8HraPu9:4M4LGZnQjszwb2uZovu/a8Au

Score

10^/10

stealer vidar

Malware Config

Extracted

Family

vidar

Version

6

Signatures

Detect Vidar Stealer 1 IoCs

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2960-0-0x0000000000400000-0x0000000000657000-memory.dmp

Files

2960-0-0x0000000000400000-0x0000000000657000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ