vidar | 3528-0-0x0000000000400000-0x0000000000676000-memory[.]dmp | Triage

Resubmissions

26/09/2024, 07:24

240926-h8dz5axdqb 10

26/09/2024, 05:55

240926-gmjg2stfqd 10

Sharing

General

Target

3528-0-0x0000000000400000-0x0000000000676000-memory.dmp
Size

2.5MB
MD5

45a65012697f1b62580419c9ea1672a5
SHA1

9f1a684b6d1e4c518d415ee5ff9d1b86fa0d7c9c
SHA256

b63ad63323d45bf23b33f1335fd0f425ecf98244ca627b2fdf5f2f63df676ec1
SHA512

3f91b4485a6b19540d9f579c9f108bb197f1710684a24456d61caab0670eca5a97f6b3576829fba354dbaafe27e83f4a529d36933eabbc40c4304288447f9c72
SSDEEP

6144:8oRGyxkP9h164Fb9neo8Sk6A0ZH8FNBa31154:LIPzsI9neTS40t8bS11

Score

10^/10

stealer vidar

Malware Config

Signatures

Detect Vidar Stealer 1 IoCs

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3528-0-0x0000000000400000-0x0000000000676000-memory.dmp

Files

3528-0-0x0000000000400000-0x0000000000676000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ