buer | 2[.]exe | Triage

Sharing

General

Target

2.exe
Size

36KB
MD5

4d85e1d2cff1f97e149e345a19928ad9
SHA1

2c1c6df0d80940bed3576ba89bd8b0f29654bb17
SHA256

7c70ee2493d0ccc41cf42d9ef1f478d235bb09fa98eb1e991d7f4bccac818bf0
SHA512

d0afa20c1cf1fbdb197dc846e862478fa156b1331b4b4cf1e96520c7981c87de2c25c0dbdebcf6749212c56f70443b3792a133e1261210cf1298358535221f1f
SSDEEP

768:7XnmZeP7jiDhdlYsujuguUhgYxBdHv6meIjYAu4Wijdg7L:7XnkHhdPngbhf1vbs9/n

Score

10^/10

buer

Malware Config

Extracted

Family

buer

C2

https://gstatiknetiplist.cc/

https://gstatiknetiplist.com/

Signatures

Buer Loader 1 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
sample	buer

Buer family
buer

Files

2.exe
.exe windows x86

140bae8334be0247b7320e4cd9f15d46

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

strncmp
strstr
strchr
strtoul
memset
iswctype
wcslen
_allmul
strlen
_alldiv
_chkstk

kernel32

GetFileAttributesW
SetThreadContext
CreateProcessA
VirtualAllocEx
GetThreadContext
GetDriveTypeA
GetDiskFreeSpaceExA
HeapFree
HeapAlloc
GetProcessHeap
VirtualAlloc
GetTickCount
WriteProcessMemory
ResumeThread

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ