bazarloader | stage3[.]mal_

Sharing

Copy URL

Twitter E-mail

General

Target

stage3.mal_
Size

168KB
MD5

92e2a9fa4f430d6d5566c707169e351b
SHA1

abdc289c73fd4287cb3a3bd5d734dae3818f1b0e
SHA256

8cffa5e1b464239daa14e6dfd89422f089144512238f5f2e2348766be1ebfe56
SHA512

de4bcf506d1f1c03b10d6259c3117a58bcb1ce7950a3c1efb401ed0c2b62d968d09773fb0f6d53246fd4e5cd498ec802917b5b6e84e5bce3f170826d298c7dfa

Score

10^/10

bazarloader

Malware Config

Extracted

Family

bazarloader

reddew28c.bazar

Signatures

Bazar/Team9 Loader payload 1 IoCs

Processes:

resource yara_rule

sample BazarLoaderVar6
Bazarloader family
bazarloader

resource	yara_rule
sample	BazarLoaderVar6

Files

stage3.mal_
.dll windows x64

862d93b7fdda584cef7b77e356919b7d

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetCommandLineW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
Sleep
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcatA
lstrcatW
lstrcmpA
lstrcmpW
lstrcpyA
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
memcmp
memmove
realloc
strlen
strncmp
vfprintf

shell32

CommandLineToArgvW

shlwapi

StrCSpnA
StrSpnA
StrStrA
StrStrW

Exports

Exports

StartWorker
StopWorker
initBuffer
uninitBuffer
updateBuffer
vspa

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 185B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

862d93b7fdda584cef7b77e356919b7d

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

shell32

shlwapi

Exports

Exports

Sections

.text Size: 115KB - Virtual size: 115KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.pdata Size: 7KB - Virtual size: 6KB

.xdata Size: 7KB - Virtual size: 7KB

.bss Size: - Virtual size: 3KB

.edata Size: 512B - Virtual size: 185B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 196B

.text
Size: 115KB - Virtual size: 115KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.pdata
Size: 7KB - Virtual size: 6KB

.xdata
Size: 7KB - Virtual size: 7KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 185B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 196B