vidar | 4492-175-0x00000000009B0000-0x0000000000F35000-memory[.]dmp

General

Target

4492-175-0x00000000009B0000-0x0000000000F35000-memory.dmp
Size

5.5MB
MD5

5834f0eafa45d630b866260c1a9ed76c
SHA1

f8b14e1502d47b108e54582b1ba50cb98803d293
SHA256

58a7eacf4fe46ee3a6eaffe042179a22f14e1edd19f1d655233c4cca7105d7e9
SHA512

f7bd06778d36361096e575a1645f8d81a18aa6dbdeab12a558a755570aea2f2d76ad1f759ed427089d4b9a65e784bbc3e3fa2f9cc4b81b056c53dda8ca83f58e
SSDEEP

98304:/I2bX29z+aivzFUOxLJbzPqMQ+iRNPI4MLtw7npX5wwVtqzPD5:yEBUCh7Y+gnpGt

Score

10^/10

vmprotect 5c24dc0e9726fcc756a18038ae4e0e67 vidar

Malware Config

Extracted

Family

vidar

Version

3.5

Botnet

5c24dc0e9726fcc756a18038ae4e0e67

C2

https://steamcommunity.com/profiles/76561199497218285

https://t.me/tg_duckworld

Attributes

profile_id_v2
5c24dc0e9726fcc756a18038ae4e0e67
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Signatures

Vidar family
vidar

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4492-175-0x00000000009B0000-0x0000000000F35000-memory.dmp

Files

4492-175-0x00000000009B0000-0x0000000000F35000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 205KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 249KB

.rdata Size: - Virtual size: 61KB

.data Size: - Virtual size: 84KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 205KB - Virtual size: 276KB

.text
Size: - Virtual size: 249KB

.rdata
Size: - Virtual size: 61KB

.data
Size: - Virtual size: 84KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 205KB - Virtual size: 276KB