bazarloader | f101153a23d87d385996a674be8208f543fbc4f4dc1fab1ce17c1ac258b3475a_dump7_0x00120000 | Triage

Sharing

General

Target

f101153a23d87d385996a674be8208f543fbc4f4dc1fab1ce17c1ac258b3475a_dump7_0x00120000
Size

1020KB
MD5

6a3e89159be7e187f34dd8cd7cb9b032
SHA1

90b4e203a1da68a2f3d70c599be19b584bcbcee3
SHA256

0923b50bdc2e9611416e748ef14f3dd61d05991aac438421d74f6b5c7b7ca894
SHA512

0feae3c0cf1897c1cc09f564cf040d6aed6d844fe73d4cc03ee5e20e37336f0ac8c7512224b94853931dd7f179a608801ea8c5f75f33f25d9122b8a3222fdaea
SSDEEP

12288:YHS7wjY7CErW4sydwCVfsEkJZoz1JcO1TpWFUY0kKR/T710TglEjQyS/Hakc:YAkW11TpwulEkm

Score

10^/10

bazarloader

Malware Config

Signatures

Bazar/Team9 Loader payload 1 IoCs

Processes:

resource yara_rule

sample BazarLoaderVar5
Bazarloader family
bazarloader

Files

f101153a23d87d385996a674be8208f543fbc4f4dc1fab1ce17c1ac258b3475a_dump7_0x00120000
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 900KB - Virtual size: 899KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ