vidar | 240-56-0x0000000000210000-0x00000000005B7000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

240-56-0x0000000000210000-0x00000000005B7000-memory.dmp
Size

3.7MB
MD5

6fb36940d7b0e325319380e83dda6cae
SHA1

49719ff851140494eb7596834d074b388f105ce3
SHA256

a0cb0e427fecfad50efa84ea0fded6f677b87430fe2bc22f934320818142315d
SHA512

666d61c77b4b2893c14b28b141a7b0384d07805b84fd89d89f77bb4647b033cd05c1ef22ab429903f7e0ccc519242db3da4deee7ba9dfd57c7de7325d7c6b17a
SSDEEP

49152:cCUHGt1gC9btl/zP+C+CmGFvFsN7RTROWBtKqycr1qH4fHrrh4cwv:cCKU9xlbP+CnmGFvFEbt0SqSHZ4cwv

Score

10^/10

themida vidar

Malware Config

Signatures

Vidar family
vidar

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

240-56-0x0000000000210000-0x00000000005B7000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 105KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 303KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE