buer | 47f6ca6bad3812abde610a5d9ee7d830a20cff27d16198626027446eaee513a7 | Triage

Sharing

General

Target

47f6ca6bad3812abde610a5d9ee7d830a20cff27d16198626027446eaee513a7
Size

160KB
MD5

d8e4d911bd32bc0cec654270a195a86c
SHA1

9f262bd7f6ca033eb3f03c6ce1e82d98005f28ad
SHA256

47f6ca6bad3812abde610a5d9ee7d830a20cff27d16198626027446eaee513a7
SHA512

f61bb004ac75ad3727822782547b0d183c9dc2b68215da867d9ce96257e29beadabc621a3c51f8be7e9538a3347b2723dcfcf9163826d18122525c098be3e61b
SSDEEP

3072:4oFo136HxYtoI5aBCJdO8lYjTx2TsqC4Gmnac1HVM006Vebyx5tVO+UHWG+Y27aF:AlooJdHlhTsqEma2HVMdZbyxtO+6eaOE

Score

10^/10

loader buer

Malware Config

Extracted

Family

buer

C2

frrn8--ddjm_b./,rmn-

frrn8--ddjm_b.0,rmn-

Signatures

Buer Loader 1 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
sample	buer

Buer family
buer

Files

47f6ca6bad3812abde610a5d9ee7d830a20cff27d16198626027446eaee513a7
.exe windows x86

bbbcb3d0d8904a4dcc2ee78920bd4d96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

towlower
iswctype
strlen
strtoul
strncmp
strstr
strchr
_chkstk
wcscmp
wcslen
wcscpy
_allmul
memset

kernel32

HeapAlloc
GetTickCount
GetProcessHeap
HeapSize
HeapFree

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ