berbew | 280530420976a970ca731fbb127f81321c553771b557829cfe4c76f8b679cacb[.]exe | Triage

Sharing

General

Target

280530420976a970ca731fbb127f81321c553771b557829cfe4c76f8b679cacb.exe
Size

128KB
MD5

6d76a2d4434f31b0d7114c5dbfc8e528
SHA1

f63f5b6f2a2fa3a1aa4068d4e9bb1ac40baca5ba
SHA256

280530420976a970ca731fbb127f81321c553771b557829cfe4c76f8b679cacb
SHA512

4f151d58a1a62052002a76c7d06a467900533c6d42f1527fd62d2229461dbf93d40ae893c1695be0cd051554c6a825300a695ba5d215679a5522ed89d3b24eaa
SSDEEP

3072:GRFylGesahRRbylPkbSAxPT9F7TR1mmeaKkbSAxPTf:GRF+sahkPkbLPT9F7TR1mmhKkbLPTf

Score

10^/10

berbew

Malware Config

Signatures

Berbew family
berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
280530420976a970ca731fbb127f81321c553771b557829cfe4c76f8b679cacb.exe

Files

280530420976a970ca731fbb127f81321c553771b557829cfe4c76f8b679cacb.exe
.exe windows:1 windows x86 arch:x86

9c0050334da711b5147027326c52827d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetFileSize
GetModuleHandleA
CloseHandle
GetTickCount
GetWindowsDirectoryA
CopyFileA
LocalAlloc
LocalFree
CreateFileA
ReadFile
RtlUnwind
WinExec
WriteFile
DeleteFileA

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

crtdll

__GetMainArgs
exit
memcpy
memset
printf
raise
signal
strcat
strchr
strlen
strncpy

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ieoo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ