buer | 7[.]exe | Triage

Sharing

General

Target

7.exe
Size

547KB
MD5

91fa6215582b42f5cca599ba02bb737e
SHA1

77ea850c55d4d6dc51e1e25235a27d5f90d733e6
SHA256

7203a338d66ac5456e265ed210c09b7c28ec6bd50d46d48c8d38fe14846f834f
SHA512

e3e9bce29241fac8e9920acc39b4aec8b1dc70b1b954d634ee4776dc336c31657591a1d8bc735d5a827622ec3020172c0c54327ad150ba89baf85a5b9b656738
SSDEEP

3072:Al4uSSFXekfDDffffNfffLffffqyffAfffjffffNfffLffffCQffcfffjffffNf:U+Q3Dm70iE+KY0iE+KlukdA48kEmt

Score

10^/10

buer

Malware Config

Extracted

Family

buer

C2

http://lodddd01.info/

http://lodddd02.info/

Signatures

Buer Loader 1 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
sample	buer

Buer family
buer

Files

7.exe
.exe windows x86

517a3fdbaed7461ea3218a075cfdcdbf

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

strtoul
strncmp
strlen
strstr
strchr
iswctype
wcscmp
wcscpy
wcslen
_chkstk
_allmul
memset

kernel32

GetTickCount
GetProcessHeap
HeapAlloc
HeapSize
HeapFree

shell32

ShellExecuteW

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ