Behavioral task
behavioral1
Sample
12ee6955f785716ad32d3593526df6f7e8bc4578b17bbe25961384732844bc2c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
12ee6955f785716ad32d3593526df6f7e8bc4578b17bbe25961384732844bc2c.exe
Resource
win10v2004-20220901-en
General
-
Target
12ee6955f785716ad32d3593526df6f7e8bc4578b17bbe25961384732844bc2c
-
Size
382KB
-
MD5
f857a1324bdc96ae3d5baea205508683
-
SHA1
7a8d52dea6ca6916a3fe19ae03754a6a52508265
-
SHA256
12ee6955f785716ad32d3593526df6f7e8bc4578b17bbe25961384732844bc2c
-
SHA512
d8607255609d2dc4e6bc4cd76448cb2df87509d3ce9daf36e7442e12a3a5cf6f9ecfec408ac0246069ffb20373af65791fa7304d6f9a602a2d305c6556bdce4c
-
SSDEEP
3072:RmbP/+2JTIK9F3n3ndJfy7BK3bUWh4DkYJ+QTuBJ2HuC:Ab3Biy33dpyg3LhFvDb
Malware Config
Signatures
-
Bazar/Team9 Loader payload 1 IoCs
Processes:
resource yara_rule sample BazarLoaderVar2 -
Bazarloader family
Files
-
12ee6955f785716ad32d3593526df6f7e8bc4578b17bbe25961384732844bc2c.exe windows x64
111703b41836ac662fd8e8146e75513d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetModuleHandleA
CloseHandle
WideCharToMultiByte
lstrlenA
lstrcmpA
GetLastError
HeapReAlloc
GetModuleFileNameW
lstrcpyW
lstrcmpW
GetCurrentProcess
FlushInstructionCache
ReadProcessMemory
TerminateProcess
WaitForSingleObject
ResumeThread
GetThreadContext
CreateProcessA
SetThreadContext
GetStartupInfoW
MultiByteToWideChar
GetModuleFileNameA
GetCommandLineW
OpenProcess
Sleep
GlobalAddAtomA
FindAtomA
ExitProcess
SetEnvironmentVariableA
WriteConsoleW
CreateFileW
FindClose
WriteFile
FindNextFileW
GetFileSizeEx
FindFirstFileW
GetDateFormatA
GetSystemTime
GetProcessHeap
GetProcAddress
HeapAlloc
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
LCMapStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileType
GetModuleHandleExW
GetStdHandle
EncodePointer
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LocalFree
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
advapi32
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
shell32
SHGetFolderPathW
CommandLineToArgvW
ole32
CoCreateInstance
shlwapi
StrRChrA
StrToIntW
PathCombineW
wnsprintfA
wininet
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpAddRequestHeadersA
InternetSetOptionA
HttpQueryInfoA
HttpOpenRequestA
urlmon
ObtainUserAgentString
ws2_32
sendto
htons
recvfrom
ntohs
socket
inet_pton
shutdown
select
closesocket
__WSAFDIsSet
Sections
.text Size: 97KB - Virtual size: 96KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ