vidar | 1168-56-0x00000000013C0000-0x0000000001E20000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1168-56-0x00000000013C0000-0x0000000001E20000-memory.dmp
Size

10.4MB
MD5

62ac52c69c6cac0b4284a1c9d95665cd
SHA1

eabd28acce8ed4f830207eeed512795c096fcffc
SHA256

00f145ddf5c853f487b8dd77449a10ecf6115ce9b4d721aa78037776fbae8feb
SHA512

8affdeb0de3f44fceee221fa939279868f9ce223208c08c8bbd25702e518c99027d59b231d96340aa3efe96b79fd7ff98bd20c1089e6e76ed9d92a3aee681b79
SSDEEP

196608:agIf5JNM54eXxNv10oKwkjmwJs6L3H2cl1Xxwe/e04Fr:c5Q54g/O3l9O6L3H2A1x5e0Y

Score

10^/10

themida vidar

Malware Config

Signatures

Vidar family
vidar

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1168-56-0x00000000013C0000-0x0000000001E20000-memory.dmp

Files

1168-56-0x00000000013C0000-0x0000000001E20000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 121KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ