vidar | 2025-02-13_456d681734489f768643e32076b33720_mafia | Triage

Sharing

General

Target

2025-02-13_456d681734489f768643e32076b33720_mafia
Size

456KB
MD5

456d681734489f768643e32076b33720
SHA1

05401c44235c20b0b6b04f4825d858d9d23af431
SHA256

9f71fc8eec41cdb2a902f3c2f24569a3dbf730d8d8859f6a24b4c050f662b4af
SHA512

60392103526fbe284fbdfdc55abe341e284734cf17a506a6542bd08f4a8a08ccd731143ea808b80e434a79d4b8f98f59f79980fb8e212a35b63c664386034fce
SSDEEP

6144:PHd2snAZDkCZbuuq3D3Fr6PMXDuOYijvafhtfhDV9OUBi1M2am:PHd2snsDkCFqDFeMXKujvafhBhDV9Te

Score

10^/10

vidar

Malware Config

Signatures

Vidar family
vidar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-02-13_456d681734489f768643e32076b33720_mafia

Files

2025-02-13_456d681734489f768643e32076b33720_mafia
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ