bazarloader | 1100-54-0x00000000001C0000-0x00000000001EB000-memory[.]dmp

Sharing

Copy URL

Twitter E-mail

General

Target

1100-54-0x00000000001C0000-0x00000000001EB000-memory.dmp
Size

172KB
MD5

e938f66cca5309c78ff17756021e5497
SHA1

6f83f9540da1c6bfb3a91be0edb82e1495c2dfb2
SHA256

3df16550c3134010dde8953fc5b83a07b1816409ba29cbaaece541e7bb27ce63
SHA512

c86959214f69f95b4c7c9a5a999fc9f8ed47fef930cf2c1ab290758d2be3c29b64606fe6440d9c33210df0f4441985b93af91109ddd531b2e7889f2733cc4a40
SSDEEP

3072:EEio4TLBJnpnCeQqSMByXrIslryUMgZoN59iiLFzi1o7gIUAlG19:E/oebpnCR7ioaE

Score

10^/10

bazarloader

Malware Config

Extracted

Family

bazarloader

reddew28c.bazar

Signatures

Bazar/Team9 Loader payload 1 IoCs

Processes:

resource yara_rule

sample BazarLoaderVar6
Bazarloader family
bazarloader

resource	yara_rule
sample	BazarLoaderVar6

Files

1100-54-0x00000000001C0000-0x00000000001EB000-memory.dmp
.dll windows x64

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 115KB - Virtual size: 115KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.pdata Size: 7KB - Virtual size: 6KB

.xdata Size: 7KB - Virtual size: 7KB

.bss Size: - Virtual size: 3KB

.edata Size: 512B - Virtual size: 144B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 196B

.text
Size: 115KB - Virtual size: 115KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.pdata
Size: 7KB - Virtual size: 6KB

.xdata
Size: 7KB - Virtual size: 7KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 144B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 196B