vidar | JaffaCakes118_4df392e7fcfb283e8b9def9d94ae37f09923c6a982586036bf6a81b2fc944fb8 | Triage

Sharing

General

Target

JaffaCakes118_4df392e7fcfb283e8b9def9d94ae37f09923c6a982586036bf6a81b2fc944fb8
Size

9.4MB
MD5

0d25e87f070a862d5e1c13838f5156e5
SHA1

74931d90a13a08de0e3e28bf259f1e605db38952
SHA256

4df392e7fcfb283e8b9def9d94ae37f09923c6a982586036bf6a81b2fc944fb8
SHA512

55f7221057c95d993fb6a75faf981ec13d8c83f6b902cdb638acb49bcebe4edd08a1af651980ff17cefc1609a42cee958908dbd3e59b108b91682b02a727d84a
SSDEEP

196608:VuGZa5w7igfID5tfz0KtFERytM3JDsQ7sfXczMNru3JNf:VpZLmBUKtFERrJ/7cmJ

Score

10^/10

vidar

Malware Config

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4df392e7fcfb283e8b9def9d94ae37f09923c6a982586036bf6a81b2fc944fb8

Files

JaffaCakes118_4df392e7fcfb283e8b9def9d94ae37f09923c6a982586036bf6a81b2fc944fb8
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.KBE0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.KBE1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.KBE2
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ