not_berm | setup331[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup331.zip
Size

212.0MB
MD5

a0544c696679b5ba90f75a8c2a28967c
SHA1

7f4eb064a6d5ce2fcef45c882fd1eb26d216855a
SHA256

7ce1c9acdca88101bab0c95ee3f280e6fc59f37b15ac605ba8518508640dd681
SHA512

45a939ee7aacfa0cbc68d98ddb659ea5b85d80340c392b2daa6c7f9e06a84a38999f5e636dfb9fa80ba460e6c43b25d73e30f3d6f23a1b1e4723d2b6f9fdfe78
SSDEEP

6291456:Q+eNn9je2e5exFB1WR7y0FUv/G0zWgBJKR40w+HuPH:HU9i5QFwU24fKRk+Ov

Score

10^/10

taggie_berm_you_are_it not_berm

Malware Config

Signatures

Not_berm family
not_berm

match_everything 2 IoCs

This rule matches all.

taggie_berm_you_are_it

resource	yara_rule
sample	match_everything
static1/unpack001/Setup.exe	match_everything

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe

Files

setup331.zip
.zip
Setup.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ