vidar | 1500-56-0x0000000000A70000-0x0000000001398000-memory[.]dmp | Triage

Sharing

General

Target

1500-56-0x0000000000A70000-0x0000000001398000-memory.dmp
Size

9.2MB
MD5

6d929114a3284888f3f8c10261384391
SHA1

0f928f41f1a7fd8d3e71e1a15fe94e11bf4d9b68
SHA256

97884b8e18ad0f52de4d49417cdffeae030905cde46da43d88f5938349542def
SHA512

07d43745246fec2cb93b736d518c02202ac398b5a0ef021796b5790c3e616b2c819a8af4d2ee49b52cd5b5d15185c0f69cf5f8af10c3000f9ccf0ab9ae7a27e0
SSDEEP

98304:XRYgVvxczu4hvG4TgsCLMjG7ZSj8UruU2fHyQEY0JIi4VaLGGteqp8OH7FCUG:jKtPFru/HKGi4VqGG9XFX

Score

10^/10

themida vidar

Malware Config

Signatures

Vidar family
vidar

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

1500-56-0x0000000000A70000-0x0000000001398000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 104KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ