vidar | 5064-305-0x0000000000E70000-0x000000000148C000-memory[.]dmp

General

Target

5064-305-0x0000000000E70000-0x000000000148C000-memory.dmp
Size

6.1MB
MD5

0c702a2bc10053f54506a6ccb552869b
SHA1

5e60bb497c4e3a364bad47a5ecf245cea1035fcd
SHA256

670db27cd7892ce1f79418108514144aa38f8f49ba0b8a372fc7cb1215173467
SHA512

a98fe64df20224a62ca95f287eb6063b52d4c2a8cf2ab83b1c8e250ba75b518696c451d32a12fb748b72e9b43b3c402b9d0a9922e81a8b3d7f2c7b420aa7c987
SSDEEP

98304:FsCj/5Br6h9dPam6C2aJnD9Y7KCg89dbvpbUKakhQJX5dJUs1s3ztrQfy6:ehXaC2aJD9SxjBQKakhYJN1

Score

10^/10

vmprotect 1679 vidar

Malware Config

Extracted

Family

vidar

Version

54.6

Botnet

1679

C2

https://t.me/huobiinside

https://mas.to/@kyriazhs1975

Attributes

profile_id
1679

Signatures

Vidar family
vidar
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

5064-305-0x0000000000E70000-0x000000000148C000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ÙúÚΰ
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ÙúÚΰ
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 199KB

.rdata Size: - Virtual size: 51KB

.data Size: - Virtual size: 84KB

ÙúÚΰ Size: - Virtual size: 1KB

ÙúÚΰ Size: - Virtual size: 1KB

.vmp0 Size: - Virtual size: 1.7MB

.vmp1 Size: 1024B - Virtual size: 768B

.vmp2 Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 55KB - Virtual size: 195KB

.text
Size: - Virtual size: 199KB

.rdata
Size: - Virtual size: 51KB

.data
Size: - Virtual size: 84KB

ÙúÚΰ
Size: - Virtual size: 1KB

ÙúÚΰ
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 1.7MB

.vmp1
Size: 1024B - Virtual size: 768B

.vmp2
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 55KB - Virtual size: 195KB