berbew | cd8a1cf9e1eb2e47858eaeb6e1e47620_NEIKI

General

Target

cd8a1cf9e1eb2e47858eaeb6e1e47620_NEIKI
Size

115KB
MD5

cd8a1cf9e1eb2e47858eaeb6e1e47620
SHA1

704bd784a8c9ed9257429b654714bc0cf51426b4
SHA256

88ff7fbf013ebc4874d8bac793c4f4f348c1293ceffe7b3d9b2cc2c9678a50e2
SHA512

dc1dd40e34f5c8e6a2a453e375f27e21ee6bc442529574305ea39ed5d83324f8c389c0d24b5675bf0f15b0e8d8fe2583be39256921525a4ae7cd30e5dd97f625
SSDEEP

3072:kI//jn32FmrL3Gpx3Y0JwDGdbrIR/SoQUP5u30KqTKr4:T//jnY83GppY0JqGhrIooQUPoDqTKE

Score

10^/10

backdoor trojan dropper berbew

Malware Config

Signatures

Berbew family
berbew

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

resource	yara_rule
sample	family_berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd8a1cf9e1eb2e47858eaeb6e1e47620_NEIKI

Files

cd8a1cf9e1eb2e47858eaeb6e1e47620_NEIKI
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kofbl
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 31KB - Virtual size: 31KB

.reloc Size: - Virtual size: 132KB

.data Size: 12KB - Virtual size: 12KB

.text Size: 3KB - Virtual size: 3KB

.kofbl Size: 512B - Virtual size: 4KB

.l1 Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.text
Size: 31KB - Virtual size: 31KB

.reloc
Size: - Virtual size: 132KB

.data
Size: 12KB - Virtual size: 12KB

.text
Size: 3KB - Virtual size: 3KB

.kofbl
Size: 512B - Virtual size: 4KB

.l1
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB