vidar | 736-678-0x0000000000010000-0x0000000001248000-memory[.]dmp | Triage

Sharing

General

Target

736-678-0x0000000000010000-0x0000000001248000-memory.dmp
Size

18.2MB
MD5

6eadf9de81b2ddd0cdc8cfe2ea1d2fb4
SHA1

a3de8d57437a109fef2024ceefedcc4dc655b398
SHA256

10a23314d30c8989e2f062b99560945a1da1712ef7bce80fca8e33efb4e90286
SHA512

05ee93f3f64bdf8038aed7d15f52ca860a303f2cb0b3f17c47c839f60988ce45c3c74c36276949cade90cf91e4a229336b1ed28a6f0e8b2ce4f877d726db15f0
SSDEEP

393216:qFGh6ybRTrNkQ5exmTRukdEr/q9Sopg/gbAnPGwn9FGHpR:+Gh/3kiYmTZqrOM9uk2JR

Score

10^/10

stealer vidar

Malware Config

Signatures

Detect Vidar Stealer 1 IoCs

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
736-678-0x0000000000010000-0x0000000001248000-memory.dmp

Files

736-678-0x0000000000010000-0x0000000001248000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp•*
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp•*
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ