vidar | de051fe9ba9c76553ebaed03175f827f827fc0905198acf5e73aa57fcd0db539[.]zip

General

Target

de051fe9ba9c76553ebaed03175f827f827fc0905198acf5e73aa57fcd0db539.zip
Size

75KB
MD5

fb33db4d1495d11ea38589b38429ee7f
SHA1

7c5ff9094b5003fd034ac8d41ee78bd18fa90685
SHA256

b0d37e8c9878dd1b6f0e23437721a9ee93776c97440345579be433415e36e3a7
SHA512

ea891f8ecf33f0b1f21757db76fddce4b454f4b66d32c3af6ce1fbe13304a5cbf8c2963fddb716e2a2437bfc73b60c8903ffd13fa304a81bbc860987e6ad1e5a
SSDEEP

1536:njWZflowSHarNaWblpKpvl+nUQ+L/X69pcQw7ybSncMPlDw:iZfiwS6xw9+U7X69pcQeBcMPlDw

Score

10^/10

stealer vidar

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
static1/unpack001/de051fe9ba9c76553ebaed03175f827f827fc0905198acf5e73aa57fcd0db539.exe	family_vidar_v7

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/de051fe9ba9c76553ebaed03175f827f827fc0905198acf5e73aa57fcd0db539.exe

de051fe9ba9c76553ebaed03175f827f827fc0905198acf5e73aa57fcd0db539.zip
.zip

Password: infected
de051fe9ba9c76553ebaed03175f827f827fc0905198acf5e73aa57fcd0db539.exe
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

��.text
Size: 16B - Virtual size: 1920.0MB

IMAGE_SCN_MEM_EXECUTE

��.rdat
Size: 496B - Virtual size: 3264.0MB

IMAGE_SCN_MEM_READ

��@.data
Size: 560B - Virtual size: 3584.0MB

IMAGE_SCN_MEM_READ

��.00cf
Size: 8KB - Virtual size: 64.0MB

IMAGE_SCN_MEM_READ

��@.relo
Size: 8KB - Virtual size: 2496.0MB

IMAGE_SCN_MEM_READ