bazarbackdoor | c6120104db81ace4f3c29a810a1bde466459066991684bfafe3facc8b8c90bd3

Sharing

Copy URL

Twitter E-mail

Reason

too many matches

General

Target

c6120104db81ace4f3c29a810a1bde466459066991684bfafe3facc8b8c90bd3
Size

624.1MB
MD5

98024699cca2cc183b43ea7e2725da68
SHA1

8f5510475c4a2e4c7748e64141f21c3388230b67
SHA256

c6120104db81ace4f3c29a810a1bde466459066991684bfafe3facc8b8c90bd3
SHA512

12358b5736252a5c42c19ba606e35501676429b0826aab6b113e232cb8291f2bc22f72ef1e5ea214a365ea5f9280e11e101cebdb99c8fdbe527ae136d4999ccf
SSDEEP

6291456:PcUXxXlMHTxYlvg3N2f9m+Rw4+Oih2wfiGbvnX6hov:EUZmH1YBg3NsbRdw2wftP

Score

10^/10

bazarbackdoor

Malware Config

Signatures

Bazar/Team9 Backdoor payload 1 IoCs

Processes:

resource yara_rule

sample BazarBackdoorVar3
Bazarbackdoor family
bazarbackdoor

resource	yara_rule
sample	BazarBackdoorVar3

Files

c6120104db81ace4f3c29a810a1bde466459066991684bfafe3facc8b8c90bd3
.dll windows x86

7cc97d2cc6f8ae29f3487de4028ee651

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetMappedFileNameW
GetModuleInformation

ws2_32

getpeername
WSAAddressToStringW
WSAGetLastError

kernel32

UnmapViewOfFile
WaitForSingleObjectEx
CreateFileMappingW
OpenFileMappingW
LoadLibraryW
GetFileSize
SetFilePointer
OutputDebugStringW
WriteFile
FlushFileBuffers
DeleteFileW
SetEndOfFile
FlushViewOfFile
GetSystemInfo
GetSystemTime
SetFileAttributesW
EnumResourceNamesW
LoadLibraryExW
LocalAlloc
FindFirstFileW
FreeLibrary
GetSystemDirectoryW
GetWindowsDirectoryW
ReadFile
GetFileSizeEx
GetCurrentProcess
SystemTimeToFileTime
GetCommandLineW
CreateDirectoryW
FormatMessageA
SetFileTime
WaitNamedPipeW
OpenProcess
WideCharToMultiByte
CopyFileW
ReadProcessMemory
FormatMessageW
GetVersionExW
GetModuleFileNameW
GetTempPathW
GetLongPathNameW
GetLocalTime
RemoveDirectoryW
SetNamedPipeHandleState
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
TerminateProcess
IsWow64Process
VirtualProtect
SetEvent
CreateEventW
OpenEventW
CreateThread
GetFullPathNameW
GetFullPathNameA
CreateFileA
SetFilePointerEx
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
GetSystemTimeAsFileTime
GetFileAttributesA
HeapCreate
HeapValidate
LockFileEx
MapViewOfFile
LoadLibraryA
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
GetTempPathA
AreFileApisANSI
DeleteFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
GetThreadContext
ResumeThread
SetCurrentDirectoryW
VirtualFree
FlushInstructionCache
VirtualAlloc
InterlockedIncrement
InterlockedDecrement
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
TlsSetValue
GetModuleHandleA
TlsAlloc
GetModuleFileNameA
GetVersion
SetEnvironmentVariableA
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
UnhandledExceptionFilter
RtlUnwind
GetStdHandle
TlsFree
lstrlenW
lstrlenA
lstrcpyW
lstrcpyA
lstrcmpA
lstrcatW
WaitForMultipleObjects
VirtualQuery
TerminateThread
SetThreadPriority
ReleaseSemaphore
LoadLibraryExA
GetExitCodeThread
GetCurrentThread
ExitThread
DuplicateHandle
DeviceIoControl
CreateSemaphoreA
CreateProcessA
CreatePipe
CreateMutexA
CreateFileMappingA
CreateEventA
IsDebuggerPresent
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
SetUnhandledExceptionFilter
GetCPInfo
GetModuleHandleExW
IsProcessorFeaturePresent
GetStringTypeW
EncodePointer
QueryDosDeviceW
GetLogicalDrives
ExpandEnvironmentStringsW
ReleaseMutex
GetFileAttributesW
GetTickCount
GetDriveTypeW
TlsGetValue
CreateMutexW
LocalFree
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
EnterCriticalSection
MoveFileW
GetProcAddress
SetLastError
OpenMutexW
MultiByteToWideChar
CreateFileW
LeaveCriticalSection
Sleep
InitializeCriticalSection
GetModuleHandleW
GetEnvironmentVariableW
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
CloseHandle
DeleteCriticalSection
FindNextFileW
DecodePointer
LockResource
FindClose
HeapSize
GetLastError
RaiseException
GetExitCodeProcess
HeapDestroy
SizeofResource
InitializeCriticalSectionAndSpinCount
GetProcessHeap
FindFirstFileExW
WaitForSingleObject
HeapFree
SetEnvironmentVariableW
HeapAlloc
CreateProcessW
LoadResource
FindResourceW
FindResourceExW
HeapReAlloc
ExitProcess
GetACP
GetOEMCP
GetFileType
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
GetDiskFreeSpaceW
GetThreadLocale

user32

EnumWindows
GetThreadDesktop
DispatchMessageA
CloseDesktop
MessageBoxW
wsprintfW
GetUserObjectInformationA
MsgWaitForMultipleObjects
OpenInputDesktop
PeekMessageA
TranslateMessage
GetWindowThreadProcessId
WaitForInputIdle
MessageBoxA
PostMessageW
GetWindowTextW

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueW
RegOpenKeyW
AdjustTokenPrivileges
RegEnumKeyExW
RegSetKeySecurity
FreeSid
SetSecurityDescriptorOwner
AllocateAndInitializeSid
LookupPrivilegeValueW
SetNamedSecurityInfoW
RegQueryInfoKeyW
EqualSid
GetTokenInformation
GetUserNameW
OpenProcessToken
RegEnumKeyW
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryValueExW
RegCreateKeyW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegFlushKey
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
GetSecurityDescriptorSacl
RegOpenKeyExW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegDeleteValueA
LookupPrivilegeValueA
GetKernelObjectSecurity
RegQueryValueExA

ole32

CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
GetClassFile

shell32

SHParseDisplayName
FindExecutableW
CommandLineToArgvW
ShellExecuteExW

oleaut32

SysAllocStringLen
SysReAllocStringLen
SysFreeString

Exports

Exports

AutoUpdateReplaceMe
CheckProvisioningSvc
ExecInjected
InjectPID
InjectProcessName
MsiTrackStart
MsiTrackStop
MyRegSaveKeyExRundll
UninjectPID
UninjectProcessName

Sections

CODE
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

7cc97d2cc6f8ae29f3487de4028ee651

Headers

DLL Characteristics

File Characteristics

Imports

psapi

ws2_32

kernel32

user32

advapi32

ole32

shell32

oleaut32

Exports

Exports

Sections

CODE Size: 114KB - Virtual size: 114KB

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 287KB - Virtual size: 286KB

.data Size: 12KB - Virtual size: 34KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 51KB - Virtual size: 51KB

CODE
Size: 114KB - Virtual size: 114KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 287KB - Virtual size: 286KB

.data
Size: 12KB - Virtual size: 34KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 51KB - Virtual size: 51KB