1e4bea777c3d8146b2e7ae1219539fe9

Sharing

Copy URL Twitter E-mail

General

Target

1e4bea777c3d8146b2e7ae1219539fe9
Size

496KB
MD5

1e4bea777c3d8146b2e7ae1219539fe9
SHA1

18c36a7094d38fe4ceac1f755a9af973ad3bb4fa
SHA256

2309b909e63248ef64c507c3a186b314d7ab19986a07b6be333fc5a857d4cbfd
SHA512

37e15a6d256bb0bbbec1605857ca2ea843b18f3797c116100f51825ba16ad8373b94e2838b0591daac7a832b20db449685a6844d947a6fb02814cd05a285e32c
SSDEEP

12288:gAkvjU0Z81cwrESO64tJ54yfv7SeQy4TyagZmrgzj0T:l4j9Z8awrESf0J5bfzSTvTydmraA

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/beria - packer/gui.exe
unpack001/beria - packer/infector.dll
unpack001/beria - packer/loader.bin
unpack001/dumped_.exe
unpack001/packed.exe

Files

1e4bea777c3d8146b2e7ae1219539fe9
.rar
Beria 0.07 - OEP script.txt
Beria 0.07 - unpacking tutorial.chm
.chm
beria - packer/changelog.txt
beria - packer/generic.bst
beria - packer/gui.exe
.exe windows:4 windows x86 arch:x86

8575abe71ec774fa2f90ace1fe7d9569

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

infector

?Infect@@YAKUBERIA_SAVE_RECORD@@@Z

winmm

timeGetTime

kernel32

VirtualAlloc
HeapFree
ExitProcess
CreateFileA
WriteFile
ReadFile
GetModuleHandleA
GetCurrentDirectoryA
CloseHandle
GlobalAlloc
GlobalFree
GetFileSize
SetFilePointer
HeapAlloc
HeapReAlloc
VirtualQuery
InterlockedExchange
RtlUnwind
LoadLibraryA
GetCurrentProcess
TerminateProcess
GetProcAddress
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter

user32

CreateDialogParamA
SetDlgItemTextA
EndDialog
wsprintfA
GetClientRect
SetRectEmpty
SetWindowPos
CheckDlgButton
GetDlgItemTextA
DestroyWindow
PostQuitMessage
LoadIconA
SendMessageA
GetMenu
MessageBoxA
GetDlgItem
SetWindowTextA
DialogBoxParamA
EnableWindow

comdlg32

GetSaveFileNameA
GetOpenFileNameA

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
beria - packer/infector.dll
.dll windows:4 windows x86 arch:x86

01f8a3dd99f05f3048f7fe96a6ac3fba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

kernel32

SetFilePointer
CloseHandle
lstrcmpiA
GlobalAlloc
GlobalFree
GlobalReAlloc
CreateFileA
ReadFile
WriteFile

user32

wsprintfA

Exports

Exports

?Infect@@YAKUBERIA_SAVE_RECORD@@@Z

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
beria - packer/knownbugs.txt
beria - packer/lizenz.txt
beria - packer/loader.bin
.exe windows:4 windows x86 arch:x86

690605e32c06fee77e385106844c46ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalReAlloc
CloseHandle
GetThreadContext
SetThreadContext
GetCommandLineA
ReadProcessMemory
CreateProcessA
GetProcAddress
VirtualProtectEx
VirtualAllocEx
LoadLibraryA
OpenThread
GetSystemInfo
ContinueDebugEvent
WaitForDebugEvent
WriteProcessMemory
FlushInstructionCache

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dumped_.exe
.exe windows:4 windows x86 arch:x86

5e95e9b81d13210b5ac8f293cdf8da7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
ExitProcess
CreateFileA
CloseHandle
WriteFile
VirtualAlloc
TerminateThread
SizeofResource
SetFilePointer
SetErrorMode
ReadFile
MulDiv
LockResource
LoadResource
LoadLibraryA
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetSystemDefaultLCID
GetProcAddress
GetModuleFileNameA
GetLocaleInfoA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
FreeResource
FreeLibrary
FindResourceA
CreateThread
CreateFileA
CompareStringA
CloseHandle

user32

MessageBoxA
WindowFromPoint
WinHelpA
WaitMessage
WaitForInputIdle
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowOwnedPopups
ShowCursor
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterClipboardFormatA
RegisterClipboardFormatA
RegisterClassA
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MessageBoxA
MessageBeep
MapVirtualKeyA
LoadStringA
LoadIconA
LoadCursorA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessage
IsClipboardFormatAvailable
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetSystemMetrics
GetSystemMenu
GetSysColor
GetSubMenu
GetScrollPos
GetPropA
GetParent
GetWindow
GetMenuStringA
GetMenuState
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EndPaint
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIcon
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyCursor
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreateWindowExA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharLowerA
AdjustWindowRectEx

oleaut32

VariantChangeTypeEx
VariantCopyInd
VariantClear
SysStringLen
SysAllocStringLen

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetEnhMetaFileBits
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
MoveToEx
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetSystemPaletteEntries
GetStockObject
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetCurrentPositionEx
GetBitmapBits
ExcludeClipRect
EnumFontsA
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateFontIndirectA
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt

comctl32

ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create

Sections

Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
packed.exe
.exe windows:4 windows x86 arch:x86

690605e32c06fee77e385106844c46ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalReAlloc
CloseHandle
GetThreadContext
SetThreadContext
GetCommandLineA
ReadProcessMemory
CreateProcessA
GetProcAddress
VirtualProtectEx
VirtualAllocEx
LoadLibraryA
OpenThread
GetSystemInfo
ContinueDebugEvent
WaitForDebugEvent
WriteProcessMemory
FlushInstructionCache

Sections

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 153KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8575abe71ec774fa2f90ace1fe7d9569

Headers

File Characteristics

Imports

comctl32

infector

winmm

kernel32

user32

comdlg32

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

01f8a3dd99f05f3048f7fe96a6ac3fba

Headers

File Characteristics

Imports

winmm

kernel32

user32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 1024B - Virtual size: 722B

.data Size: 512B - Virtual size: 340B

.reloc Size: 512B - Virtual size: 348B

690605e32c06fee77e385106844c46ca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 574B

.data Size: 512B - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 994B

5e95e9b81d13210b5ac8f293cdf8da7c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

advapi32

gdi32

comctl32

Sections

Size: 296KB - Virtual size: 296KB

.mackt Size: 8KB - Virtual size: 8KB

690605e32c06fee77e385106844c46ca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

Size: 8KB - Virtual size: 8KB

Size: 1024B - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

Size: 1024B - Virtual size: 4KB

Size: 153KB - Virtual size: 240KB

Size: 36KB - Virtual size: 36KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 1024B - Virtual size: 722B

.data
Size: 512B - Virtual size: 340B

.reloc
Size: 512B - Virtual size: 348B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 574B

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 994B

.mackt
Size: 8KB - Virtual size: 8KB