bazarbackdoor | 8f71514ccf1775932afb57c030acbae07cddff0f00e5c121f9b121b29c461ef9 | Triage

Sharing

General

Target

8f71514ccf1775932afb57c030acbae07cddff0f00e5c121f9b121b29c461ef9
Size

882KB
MD5

c9def610093255d0f56efbc440c6be61
SHA1

a601db24033b7a442df8c4db3aa0ed10347326c1
SHA256

8f71514ccf1775932afb57c030acbae07cddff0f00e5c121f9b121b29c461ef9
SHA512

f9c6dcf94261ee8b67864f4e345c1bb79b08fa7311b71deecc585daf79645c06fa6f52e1338baa69da1459724e086032416bcc8637fa8b53f4d6363faf1a1e13
SSDEEP

24576:od2mYXUpFr1It1JFf9iyvfJn2uEm0VOceC:oNYXUpDIt131fOm2O3

Score

10^/10

upx bazarbackdoor

Malware Config

Signatures

Bazar/Team9 Backdoor payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/out.upx	BazarBackdoorVar3

Bazarbackdoor family
bazarbackdoor
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Files

8f71514ccf1775932afb57c030acbae07cddff0f00e5c121f9b121b29c461ef9
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 711KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 785KB - Virtual size: 785KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 967KB - Virtual size: 967KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ