vidar | 1240-666-0x0000000003EC0000-0x00000000041C0000-memory[.]dmp | Triage

Sharing

General

Target

1240-666-0x0000000003EC0000-0x00000000041C0000-memory.dmp
Size

3.0MB
MD5

1f3334c2104c18c0441050d92ad09876
SHA1

cdcc81913b25e45114aa942402435d6a23434c5a
SHA256

30e776e4359ff8a9fa1cdc6928ff568cc7b69b6db640d6f93d684f82e1b91b1f
SHA512

55d096ccffc76b9ef3b5d0aafb18d3bed75ce1cefebb136ffb74aac1d2de95d89d5eb1cdebb47a05841febafbd847121fb2a41b6150d6e2129b7d765186ddae9
SSDEEP

24576:4ey05nEQXOb0FEwMGNL/geFyNcTN+jv75TQn652VBuNyb:jLZ+b6ELGJtF4ch+jvNm0Nyb

Score

10^/10

stealer vidar

Malware Config

Signatures

Detect Vidar Stealer 1 IoCs

resource	yara_rule
sample	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1240-666-0x0000000003EC0000-0x00000000041C0000-memory.dmp

Files

1240-666-0x0000000003EC0000-0x00000000041C0000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 687KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ