Bazar Loader

Detected loader normally used to deploy BazarBackdoor malware.

Nloader

Simple loader that includes the keyword 'cambo' in the URL used to download other families.

Process spawned unexpected child process

This typically indicates the parent process was compromised via an exploit or macro.

ACProtect 1.3x - 1.4x DLL software

Detects file using ACProtect software.

Bazar/Team9 Loader payload

Nloader Payload

Blocklisted process makes network request

Executes dropped EXE

UPX packed file

Detects executables packed with UPX/modified UPX open source packer.