buer | 05efd2eb94d751614bbe574e3c462bda | Triage

Sharing

General

Target

05efd2eb94d751614bbe574e3c462bda
Size

363KB
MD5

05efd2eb94d751614bbe574e3c462bda
SHA1

3544b0e4f7ebc5da1fb99fbc3b6492babb974f7d
SHA256

2e0116e0ddc43c5fefe56a3feb65c5088e7807eaf523715065ba3bfa4968a212
SHA512

6a0db6ea489065ff3506d726afd89fde9ed007bbfcc60b278139eb614dafc9f371c60cf4914caa8156d756ba892f2860d85301c0579a702b6cc38f2e9b2b9066
SSDEEP

6144:FJzFw5BxRZx7uwghZbHxcO9cNDPxADPaPUDn4EiHrDVWTIXVfqNNL5j2JtphjIEG:rz8EVh9x1wFyj41LDVHdaijxO

Score

10^/10

loader buer

Malware Config

Extracted

Family

buer

C2

https://bankcreditsign.com/

Signatures

Buer Loader 1 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
sample	buer

Buer family
buer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05efd2eb94d751614bbe574e3c462bda

Files

05efd2eb94d751614bbe574e3c462bda
.exe windows:6 windows x86 arch:x86

6965f9c5cd791fd07931d95c838a4170

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memset
iswctype
wcslen
_chkstk
strlen
_alldiv
_allmul

kernel32

CreateProcessA
CreateThread
GetDriveTypeA
GetDiskFreeSpaceExA
VirtualAlloc
GetFileAttributesW
HeapFree
HeapAlloc
GetProcessHeap
GetTickCount
WriteProcessMemory
ResumeThread
GetThreadContext
VirtualAllocEx
HeapReAlloc
SetThreadContext

shell32

ShellExecuteExW

Sections

.text
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ