bazarloader | 1076-54-0x0000000001AF0000-0x0000000001B1B000-memory[.]dmp

Sharing

Copy URL

Twitter E-mail

General

Target

1076-54-0x0000000001AF0000-0x0000000001B1B000-memory.dmp
Size

172KB
MD5

05b9f81ec8df568c8b4b9536b6872349
SHA1

d15e691bd97a2751ffd6e12c7fc438f014e7fd18
SHA256

bab052b40269f393982b0b4ed8ae744678d0cc04f5c167d82cabd25857f69f25
SHA512

55866d16fce681b0fa2db1ac08d6046d9c0fbf079bfd068c1745fddb592708b97e8a4555a3cf2ad3f757f13033660ce6da8b4ea6b46b54b808dec4546fd72b83
SSDEEP

3072:EEio4TLBJnpnCeQqSMByXrIslryUMgZoN59iiLFzi1o7gIUAlG1z:E/oebpnCR7ioaE

Score

10^/10

bazarloader

Malware Config

Extracted

Family

bazarloader

reddew28c.bazar

Signatures

Bazar/Team9 Loader payload 1 IoCs

Processes:

resource yara_rule

sample BazarLoaderVar6
Bazarloader family
bazarloader

resource	yara_rule
sample	BazarLoaderVar6

Files

1076-54-0x0000000001AF0000-0x0000000001B1B000-memory.dmp
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 115KB - Virtual size: 115KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.pdata Size: 7KB - Virtual size: 6KB

.xdata Size: 7KB - Virtual size: 7KB

.bss Size: - Virtual size: 3KB

.edata Size: 512B - Virtual size: 144B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 196B

.text
Size: 115KB - Virtual size: 115KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.pdata
Size: 7KB - Virtual size: 6KB

.xdata
Size: 7KB - Virtual size: 7KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 144B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 196B