vidar | 1048-55-0x0000000001210000-0x0000000001B73000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

1048-55-0x0000000001210000-0x0000000001B73000-memory.dmp
Size

9.4MB
MD5

28765bf07212cdf21115be914209bb12
SHA1

821edb49d30015647657cdac018058dc55190507
SHA256

9ec3c5ce433450e99dbf53ca5ce78d4aa3e792b603c0a9ee5d76e30c97efa1df
SHA512

321e6b586baf399d6619549d1c2693ae7d52f41f31627afa3c283e851c3d431f7c358a117b231356236d04678705d5535d4fbbdf9d4665171cbc47e41b3404db
SSDEEP

196608:CLl4WkZe/xRn9SUhKx+HvqS3lRBKVrWQu98aU7E8+:cGWkZIxj/hmsxec98aU7E8+

Score

10^/10

vmprotect themida vidar

Malware Config

Signatures

Vidar family
vidar

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

1048-55-0x0000000001210000-0x0000000001B73000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ửữ��
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp3
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 199KB

.rdata Size: - Virtual size: 51KB

.data Size: - Virtual size: 84KB

ửữ�� Size: - Virtual size: 1KB

.reloc Size: - Virtual size: 14KB

Size: - Virtual size: 489KB

.idata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 34KB

.themida Size: - Virtual size: 2.1MB

.vmp1 Size: - Virtual size: 1.6MB

.vmp2 Size: 512B - Virtual size: 444B

.vmp3 Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 33KB - Virtual size: 33KB

.text
Size: - Virtual size: 199KB

.rdata
Size: - Virtual size: 51KB

.data
Size: - Virtual size: 84KB

ửữ��
Size: - Virtual size: 1KB

.reloc
Size: - Virtual size: 14KB

.idata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 34KB

.themida
Size: - Virtual size: 2.1MB

.vmp1
Size: - Virtual size: 1.6MB

.vmp2
Size: 512B - Virtual size: 444B

.vmp3
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 33KB - Virtual size: 33KB