vidar | dump-66c4a9831e36ed73661204f8[.]zip | Triage

Sharing

General

Target

dump-66c4a9831e36ed73661204f8.zip
Size

190KB
MD5

855ebe9fb4ea2969e7ceee9a191e2347
SHA1

7298b4fe5f58cc1e39fb35ec6db63616d76fa703
SHA256

4f9092ebbf9d1e9a877f841d4ca17b49047f3c10b1e8e227d28f9a808a8c1428
SHA512

77de832da8dd6495e26541e9344644764c101281c04a61550302339e2a89d76310ee3078bc2c8169794889f58cd96b6306541e15a2071a4573c9d686bba52403
SSDEEP

3072:VRo773kr6fsVbq3NIZ8OPD5IR47VFMeHNqmi094TSwyoRbbwy/kJYYfcL3meI7Hn:VOn30b2I9NC47EeqG4TQoRbiu8u+TP1x

Score

10^/10

stealer vidar

Malware Config

Signatures

Detect Vidar Stealer 1 IoCs

resource	yara_rule
static1/unpack001/dump-66c4a9831e36ed73661204f8	family_vidar_v7

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dump-66c4a9831e36ed73661204f8

Files

dump-66c4a9831e36ed73661204f8.zip
.zip

Password: infected
dump-66c4a9831e36ed73661204f8
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ