erbium | ebf0b8349cebf6da93861c3a7927fb79c78b9f7d654b0badd65f6664ba7ed367[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ebf0b8349cebf6da93861c3a7927fb79c78b9f7d654b0badd65f6664ba7ed367.exe
Size

793KB
MD5

82653a7f7f01ff5a2cf7af6eddbe2a21
SHA1

b70b2816737f3d366b3dabacef23902b3e06d6e4
SHA256

ebf0b8349cebf6da93861c3a7927fb79c78b9f7d654b0badd65f6664ba7ed367
SHA512

f1b77a2143ed757b3a94c7f6cc03bebae20af4bf5e2bc25982879b0c2cae2bbf63cd338b1aa3d2f9644222936aa1e0e7bd1882421f1649f0bfda45d0833ca4aa
SSDEEP

24576:hLAt3ieGOGoNOcfLtAz2QFPlePWBoyKIj:te/VNLFIAPxxY

Score

10^/10

erbium

Malware Config

Extracted

Family

erbium

77.73.133.53

Signatures

Erbium family
erbium

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebf0b8349cebf6da93861c3a7927fb79c78b9f7d654b0badd65f6664ba7ed367.exe

Files

ebf0b8349cebf6da93861c3a7927fb79c78b9f7d654b0badd65f6664ba7ed367.exe
.exe windows:6 windows x86 arch:x86

9deee1339fdd9dd87c8bd76cb88d8290

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetNativeSystemInfo
HeapAlloc
GetProcAddress
GetProcessHeap
FreeLibrary
lstrlenA
FindNextFileA
lstrcmpA
GlobalMemoryStatusEx
VirtualAlloc
VirtualFree
SetLastError
HeapFree
SetEndOfFile
WriteConsoleW
HeapSize
VirtualProtect
IsBadReadPtr
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
CloseHandle
CreateFileW
ReadFile
WriteFile
GetLastError
FindClose
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileType
FindFirstFileExW
FindNextFileW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
HeapReAlloc
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
GetTimeZoneInformation
SetStdHandle
lstrcmpiW

user32

GetDC

gdi32

GetCurrentObject

shell32

SHGetFolderPathA
SHGetKnownFolderPath
ShellExecuteA

iphlpapi

GetAdaptersInfo

gdiplus

GdipSaveImageToStream
GdiplusShutdown
GdiplusStartup
GdipDisposeImage
GdipCreateBitmapFromHBITMAP

urlmon

URLDownloadToFileA

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

9deee1339fdd9dd87c8bd76cb88d8290

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

iphlpapi

gdiplus

urlmon

advapi32

Sections

.text Size: 642KB - Virtual size: 642KB

.rdata Size: 121KB - Virtual size: 120KB

.data Size: 5KB - Virtual size: 9KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 642KB - Virtual size: 642KB

.rdata
Size: 121KB - Virtual size: 120KB

.data
Size: 5KB - Virtual size: 9KB

.reloc
Size: 23KB - Virtual size: 23KB