berbew | 466ed5ebe7cfba37335215e81e25db1356a94c87447505b0e1313f30c8a9bf70

Sharing

Copy URL

Twitter E-mail

General

Target

466ed5ebe7cfba37335215e81e25db1356a94c87447505b0e1313f30c8a9bf70
Size

128KB
MD5

2f26c0f7f6529a3ee65257d36ccaccd7
SHA1

c75035d2b9ae0889e9e506f344687a9ab7b34b44
SHA256

466ed5ebe7cfba37335215e81e25db1356a94c87447505b0e1313f30c8a9bf70
SHA512

5871a3ac0135077851bfa2942f69c543129a3f83d46677416d4e7f6f9c711e7fe9db4ba97065b5254de742758d8220925302748dc3a6d5c516853f96e2fee9fd
SSDEEP

3072:RGgonn9y6Gym/PwidSX3ReDrFDHZtOgxBOXXH:RGr9y6iP7dSX3RO5tTDUX

Score

10^/10

berbew

Malware Config

Extracted

Family

berbew

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Signatures

Berbew family
berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
466ed5ebe7cfba37335215e81e25db1356a94c87447505b0e1313f30c8a9bf70

Files

466ed5ebe7cfba37335215e81e25db1356a94c87447505b0e1313f30c8a9bf70
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 27KB - Virtual size: 27KB

.pdata Size: - Virtual size: 132KB

.data Size: 11KB - Virtual size: 11KB

.idata Size: 3KB - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 3KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.rdata Size: 7KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 8KB

.idata Size: 1024B - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 8KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 27KB

.pdata
Size: - Virtual size: 132KB

.data
Size: 11KB - Virtual size: 11KB

.idata
Size: 3KB - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 3KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.rdata
Size: 7KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 8KB

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB