vidar | 1760-54-0x0000000000DC0000-0x0000000001DC6000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

1760-54-0x0000000000DC0000-0x0000000001DC6000-memory.dmp
Size

16.0MB
MD5

210f8fe2825dfb7a8b92e53beca85213
SHA1

34e8e48ff86bbcc80867de631548158b31259787
SHA256

cee37ebffd2c83edbf4e1ecca33f7a877476c8112abeb281201c0d5f91b27bfb
SHA512

a4d5bdde0ec6aaab47626d4afa4a9ae70533082ee92785475e8b84c40f22846c356cd6ce4e25680aff1d3fa35a8a087387dbddbb73bcbe77714084cc111c7a98
SSDEEP

49152:fnGBWCtcIGpJXXzuv9ihvBQ4quLXgsCLMFdG7ZSCoKJIn:fnGM+wXzu4hvG4TgsCLMjG7ZSgg

Score

10^/10

themida vidar

Malware Config

Signatures

Vidar family
vidar

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

1760-54-0x0000000000DC0000-0x0000000001DC6000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 104KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 92KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 104KB - Virtual size: 236KB

Size: 25KB - Virtual size: 63KB

Size: 2KB - Virtual size: 84KB

Size: 1KB - Virtual size: 1KB

Size: 9KB - Virtual size: 16KB

Size: 92KB - Virtual size: 200KB

Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 5.7MB

Size: 2.9MB - Virtual size: 2.9MB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 2.5MB - Virtual size: 2.5MB

.themida
Size: - Virtual size: 5.7MB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 2.5MB - Virtual size: 2.5MB