vidar | 1048-64-0x0000000001210000-0x0000000001B73000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

1048-64-0x0000000001210000-0x0000000001B73000-memory.dmp
Size

9.4MB
MD5

b9a65c64d482ac64971bb56d54fd8ad0
SHA1

f9971fa2f7f938298a5ff8790eff7c78a9a45f03
SHA256

68d4698562439e21468176f8fe7815c63adb0001f4f5899fd75c36154f77463f
SHA512

adb674fabc3c5a0f07e118d7d39ad0d24d64161ac31cc77b097783868278c2e667e8916384846c1ce8ae1aa11c554afe555370ee1ba6b7471841bc59d5c7e038
SSDEEP

196608:6oicgSDe/xRn9SUhKx+HvqS3lRBKVrWQu98aU7E8+:6oLgSDIxj/hmsxec98aU7E8+

Score

10^/10

vmprotect themida 1679 vidar

Malware Config

Extracted

Family

vidar

Version

54.7

Botnet

1679

https://t.me/trampapanam

https://nerdculture.de/@yoxhyp

Attributes

profile_id
1679

Signatures

Vidar family
vidar

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

1048-64-0x0000000001210000-0x0000000001B73000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ửữ��
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp3
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 199KB

.rdata Size: - Virtual size: 51KB

.data Size: - Virtual size: 84KB

ửữ�� Size: - Virtual size: 1KB

.reloc Size: - Virtual size: 14KB

Size: - Virtual size: 489KB

.idata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 34KB

.themida Size: - Virtual size: 2.1MB

.vmp1 Size: - Virtual size: 1.6MB

.vmp2 Size: 512B - Virtual size: 444B

.vmp3 Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 33KB - Virtual size: 33KB

.text
Size: - Virtual size: 199KB

.rdata
Size: - Virtual size: 51KB

.data
Size: - Virtual size: 84KB

ửữ��
Size: - Virtual size: 1KB

.reloc
Size: - Virtual size: 14KB

.idata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 34KB

.themida
Size: - Virtual size: 2.1MB

.vmp1
Size: - Virtual size: 1.6MB

.vmp2
Size: 512B - Virtual size: 444B

.vmp3
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 33KB - Virtual size: 33KB