berbew | 44cae80a67b41309747ce608d6e6bd1ebd59a60da7723ad2b3e3befdc9f94ac7N

Sharing

Copy URL Twitter E-mail

General

Target

44cae80a67b41309747ce608d6e6bd1ebd59a60da7723ad2b3e3befdc9f94ac7N
Size

115KB
MD5

a258d712718de3888af4b2e951f9eee0
SHA1

62ed73fac9c326e7a3f39c697c7a8a61dd333ccf
SHA256

44cae80a67b41309747ce608d6e6bd1ebd59a60da7723ad2b3e3befdc9f94ac7
SHA512

2da062ecf30d862b7f83bf0206d3ef004cc27e4c4b543c3f47e1343bf24ea419e8a6fa54a5bdea99a730e9b301a9c53072dd0c7e6f17c26596ec1ccda63ba539
SSDEEP

3072:Y6uGzni5h4X7FW2VTbWymWU6SMQehalNgFuk0:Y6LHX7f6ymWU5MClN5

Score

10^/10

berbew

Malware Config

Extracted

Family

berbew

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Signatures

Berbew family
berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44cae80a67b41309747ce608d6e6bd1ebd59a60da7723ad2b3e3befdc9f94ac7N

Files

44cae80a67b41309747ce608d6e6bd1ebd59a60da7723ad2b3e3befdc9f94ac7N
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.embm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.rsrc Size: 27KB - Virtual size: 27KB

.bss Size: - Virtual size: 132KB

.text Size: 11KB - Virtual size: 11KB

.idata Size: 3KB - Virtual size: 3KB

.embm Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.text Size: 5KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.rsrc
Size: 27KB - Virtual size: 27KB

.bss
Size: - Virtual size: 132KB

.text
Size: 11KB - Virtual size: 11KB

.idata
Size: 3KB - Virtual size: 3KB

.embm
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB