vidar | 1044-56-0x0000000001010000-0x0000000001699000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1044-56-0x0000000001010000-0x0000000001699000-memory.dmp
Size

6.5MB
MD5

30a439731759954c5c6e69c947af750b
SHA1

4f92658cd924b835650011d91787babd2ce6c43f
SHA256

cd6fec95641f669048e732ad1fd42937f5c079c7617a590fae0107f66426fd29
SHA512

3959ddd143f802eb5d678a3fe4b0cbe7787a50f7537c615ec96a305ab237329cf2596cce8fbbf1a4dec3209a5223833cfd953a7ed62e1a78536e0eebb69d54dd
SSDEEP

98304:U6K8Dayy3I/u2zyGrr17q1jUNBSaoKuhbrwBM/fyA:/x7o/K2b8Cy

Score

10^/10

themida vidar

Malware Config

Signatures

Vidar family
vidar

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

1044-56-0x0000000001010000-0x0000000001699000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 105KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ