bazarbackdoor | 34d2a14d546ffabc3933034d9c77353243ee4230cedf0ab40fcc2a30a4c24909 | Triage

Sharing

General

Target

34d2a14d546ffabc3933034d9c77353243ee4230cedf0ab40fcc2a30a4c24909
Size

885KB
MD5

2cc234aa871aa1a96ba0dab26fd237a1
SHA1

349342720a248088223aee93eb19e6ddcfbee05a
SHA256

34d2a14d546ffabc3933034d9c77353243ee4230cedf0ab40fcc2a30a4c24909
SHA512

18ed5fcdf8679bcc90f8601dcd3b5ee3b34a038bd3a338e56d0736302c0962c9787ae73940a4f180cf927b45b1ad20a616b24c5833ded3d7b346c856fa360590
SSDEEP

12288:i+Nu+2oJN3YA6hUx7Fr1mr0ucRu1vBJpRrNhtbvfipo44b7YAgyCFwEqr8LkmWcL:pd2mYXUpFr1It1JFf9iyvfJxELVOceC

Score

10^/10

upx bazarbackdoor

Malware Config

Signatures

Bazar/Team9 Backdoor payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/out.upx	BazarBackdoorVar3

Bazarbackdoor family
bazarbackdoor
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Files

34d2a14d546ffabc3933034d9c77353243ee4230cedf0ab40fcc2a30a4c24909
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 714KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 785KB - Virtual size: 785KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 987KB - Virtual size: 987KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ