DllRegisterServer
DllUnregisterServer
PauseW
ResumeServer
ResumeW
StartServer
StartW
StopServer
SuspendServer
Behavioral task
behavioral1
Sample
1944514e7e2dfe6295b69d967d74da2dd4ee9df351c26e74f6c89e72e6e8bf27_unpacked.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1944514e7e2dfe6295b69d967d74da2dd4ee9df351c26e74f6c89e72e6e8bf27_unpacked.dll
Resource
win10v2004-20220812-en
Target
1944514e7e2dfe6295b69d967d74da2dd4ee9df351c26e74f6c89e72e6e8bf27_unpacked
Size
76KB
MD5
55ed94e726ebe11e3fe1a0b1315db883
SHA1
a51d07f56670dafcf14edd8b2bf960c2d99bcbab
SHA256
37c460fa3e818533ed50216aa3188a7b13618f4775bc193a73977231b837de11
SHA512
edf76968c88ea406c17fee07110a3017b25f36f7dc111ddb960455a7521c66ea10ba180d309493962e0be165bd8c41ec901cbce06b9b9280350f143b3f08d285
SSDEEP
1536:AyvE1W74yuoulQIcIqJNQirZvV3IpZIjIQKpbFhamYm:AJ1W74yd8cIziNvV4iILVFhBY
Processes:
resource | yara_rule |
---|---|
sample | BazarLoaderVar6 |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
ExitProcess
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
lstrcatA
lstrcatW
lstrcmpA
lstrcpyA
lstrcpyW
lstrcpynW
lstrlenA
lstrlenW
wsprintfA
wsprintfW
StrCSpnA
StrCSpnW
StrDupA
StrSpnA
StrSpnW
DllRegisterServer
DllUnregisterServer
PauseW
ResumeServer
ResumeW
StartServer
StartW
StopServer
SuspendServer
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ