vidar | 2024-55-0x0000000000970000-0x0000000001298000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-55-0x0000000000970000-0x0000000001298000-memory.dmp
Size

9.2MB
MD5

b4eb8fead77fc2793d3b9fa64e3121de
SHA1

1fc6474a7753a682f080dbc4368176abce5cc3bb
SHA256

8ae9103ebebed5e6b86259943e48d2a31ad00f1ddfa91ca46f84a8a45134207b
SHA512

680ae2ffb6f5f5290fc0151ff5d154c77ba2262be3977616c1cb4e6ad72337e3dd25f90af30eddff9fdac2348654988dd4dfdb8c3af2f481af92de0e7745daae
SSDEEP

24576:qCNN8B86n+Kx+NM+r5+Exf2IcGohpJewpunIQC1Pv99bHovwVxlTKos5CI42OgBC:YBMKx7+XIhpJXczuv9ihvBQ4quLXgsC9

Score

10^/10

themida vidar

Malware Config

Signatures

Vidar family
vidar

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

2024-55-0x0000000000970000-0x0000000001298000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 104KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ