vidar | 1300-75-0x0000000000CD0000-0x0000000001713000-memory[.]dmp

General

Target

1300-75-0x0000000000CD0000-0x0000000001713000-memory.dmp
Size

10.3MB
MD5

ad610e0e6680fcfd4b0cc86e34a96ca7
SHA1

021906849078bf6d3c378fa92f1b1afd8517fedd
SHA256

4fdc7d770003fa5f28e1a7cb801ef0bb8de4724e0ae60b5376c7bb6a02d63faa
SHA512

ba1d43bdb352cf6be496c46375d2157a0ab2fcb4b154e3b47724f50b50afd75af2c541a4371be1bea14c70c79f3d211634f8affb5e6cc57ae280768595b457a1
SSDEEP

196608:NL7WOhGFqMD3bTVoA6wrdFL+FrasjUn8yYl8wugVuxxuRvsvfo:Xu9zSwhFMraoU8yUgA8o

Score

10^/10

vmprotect c46faa70a744f9fd08377be9a67c391c vidar

Malware Config

Extracted

Family

vidar

Version

4.5

Botnet

c46faa70a744f9fd08377be9a67c391c

C2

https://steamcommunity.com/profiles/76561199520592470

https://t.me/motafan

Attributes

profile_id_v2
c46faa70a744f9fd08377be9a67c391c
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/111.0

Signatures

Vidar family
vidar

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1300-75-0x0000000000CD0000-0x0000000001713000-memory.dmp

Files

1300-75-0x0000000000CD0000-0x0000000001713000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 251KB

.rdata Size: - Virtual size: 56KB

.data Size: - Virtual size: 130KB

.vmp0 Size: - Virtual size: 3.6MB

.vmp1 Size: 5.9MB - Virtual size: 5.9MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 281KB - Virtual size: 280KB

.text
Size: - Virtual size: 251KB

.rdata
Size: - Virtual size: 56KB

.data
Size: - Virtual size: 130KB

.vmp0
Size: - Virtual size: 3.6MB

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 281KB - Virtual size: 280KB