berbew | 8fca860ceef1dc490cc6782f162496063d52ea006104b0d7dfcf6637c81772db | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8fca860ceef1dc490cc6782f162496063d52ea006104b0d7dfcf6637c81772db
Size

234KB
MD5

b532d321fda703552c053607cfb1631a
SHA1

8c29c783590a1c659255d15c5e84885854b17b04
SHA256

8fca860ceef1dc490cc6782f162496063d52ea006104b0d7dfcf6637c81772db
SHA512

7b339163b07a092dc276a402a78433978a9766048b3e00d24117f0a4e5c6dcf2eaa83facf56f40e0787adf1055fd72e541220176618e5316bc35e2e29b6eb3a5
SSDEEP

6144:hWhxR79do6JOXk9doYdX2p7G9do6JOXk9f:QHRd3XfRf

Score

10^/10

berbew

Malware Config

Signatures

Berbew family
berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8fca860ceef1dc490cc6782f162496063d52ea006104b0d7dfcf6637c81772db

Files

8fca860ceef1dc490cc6782f162496063d52ea006104b0d7dfcf6637c81772db
.exe windows:1 windows x86 arch:x86

9c0050334da711b5147027326c52827d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetFileSize
GetModuleHandleA
CloseHandle
GetTickCount
GetWindowsDirectoryA
CopyFileA
LocalAlloc
LocalFree
CreateFileA
ReadFile
RtlUnwind
WinExec
WriteFile
DeleteFileA

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

crtdll

__GetMainArgs
exit
memcpy
memset
printf
raise
signal
strcat
strchr
strlen
strncpy

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ieoo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ