berbew | 234c7d4ee06662bdbc533e0833de220e7ef5a5ca39d9775269ea13050b2546a7N

Sharing

Copy URL Twitter E-mail

General

Target

234c7d4ee06662bdbc533e0833de220e7ef5a5ca39d9775269ea13050b2546a7N
Size

176KB
MD5

f096b33f15c5303f397c1c6718486070
SHA1

72685cb0aa5f165c2a958bacbb33252f96a880e7
SHA256

234c7d4ee06662bdbc533e0833de220e7ef5a5ca39d9775269ea13050b2546a7
SHA512

0c19d178b802e62af00dc2a8a7b1b27fa520c020c5a9d4ab20f7735ad8ac2b2dd1a537890fc2646335ba8c4464ee0fe9e1d51405ac11090e29910927f87266e2
SSDEEP

3072:j7DhM2222Ft1cjENRZ9wmAOIayGsOOJF4EISi/i4gG4npAjmA39QQIckJI:jq2222Ft1nTZ9EaUn4yjK99QQd

Score

10^/10

berbew

Malware Config

Extracted

Family

berbew

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Signatures

Berbew family
berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
234c7d4ee06662bdbc533e0833de220e7ef5a5ca39d9775269ea13050b2546a7N

Files

234c7d4ee06662bdbc533e0833de220e7ef5a5ca39d9775269ea13050b2546a7N
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 27KB - Virtual size: 27KB

.bss Size: - Virtual size: 132KB

.data Size: 11KB - Virtual size: 11KB

.idata Size: 3KB - Virtual size: 3KB

.text Size: 512B - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.text Size: 5KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.text Size: 6KB - Virtual size: 8KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 8KB

.text
Size: 27KB - Virtual size: 27KB

.bss
Size: - Virtual size: 132KB

.data
Size: 11KB - Virtual size: 11KB

.idata
Size: 3KB - Virtual size: 3KB

.text
Size: 512B - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 8KB