bazarbackdoor | launcherfull-shiginima-v4300-pc[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

launcherfull-shiginima-v4300-pc.zip
Size

86.6MB
MD5

7dee9be6011abc14848768cb3d21ae20
SHA1

1abba3c60e6e294f8e08556a26aeaf1a6d6a06ff
SHA256

8681b6d2420f99c0e2ff273ec011d17aebc3f21e0cf31f1b1873d181b1f37e8e
SHA512

783d98ff5a6984cda83cbd1364b078340b722986a96a8d0b1b599e3000947c0e5882a25a92088f25ffbc0ea978277d14b9772ab91701d73beaba03d20739e681
SSDEEP

1572864:XSv8EFVS2sRySAWJdZvplDz0HTdEzyDBN3RHEdUQPMLPYNK8i6k0X:XgVFVLswSdxvw5EzyDr3REOQP2YNKnCX

Score

10^/10

bazarbackdoor

Malware Config

Signatures

Bazar/Team9 Backdoor payload 1 IoCs

resource	yara_rule
static1/unpack001/jre-8u351-windows-x64.exe	BazarBackdoorVar3

Bazarbackdoor family
bazarbackdoor

Files

launcherfull-shiginima-v4300-pc.zip
.zip
__MACOSX/._launcherfull-shiginima-v4300.exe
jre-8u351-windows-x64.exe
.exe windows x64

b7f8323a9b9824d6c1fd4c99e858a4be

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:8b:e2:f5:34:52:c8:82:f1:8e:d4:1a:5d:d4:e7:a3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/08/2021, 00:00

Not After

19/08/2023, 23:59

Subject

CN=Oracle America\, Inc.,OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

30/08/2022, 00:00

Not After

29/08/2023, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:a8:84:ee:67:61:22:dd:f1:d5:25:0d:4a:c7:73:8f:11:00:9b:49:6f:1d:be:c1:00:01:62:80:e7:b1:83:d3
Signer

Actual PE Digest

33:a8:84:ee:67:61:22:dd:f1:d5:25:0d:4a:c7:73:8f:11:00:9b:49:6f:1d:be:c1:00:01:62:80:e7:b1:83:d3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Oracle America\, Inc.,OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

15/09/2022, 04:04
Valid: true

Chain 1

CN=Oracle America\, Inc.,OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Oracle America\, Inc.,OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ConvertStringSidToSidA
EqualSid
RegCloseKey
GetTokenInformation
OpenProcessToken
CopySid
ConvertStringSecurityDescriptorToSecurityDescriptorA

kernel32

FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapSize
WriteConsoleW
WaitForSingleObject
GetModuleHandleA
GetModuleHandleExA
GetLastError
SetDllDirectoryA
GetProcAddress
CreateProcessA
CreateDirectoryA
GetExitCodeProcess
CloseHandle
SizeofResource
FindResourceA
LockResource
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileA
SetLastError
GetDriveTypeA
FindNextFileA
InitializeCriticalSectionAndSpinCount
FindClose
CopyFileA
GetFileAttributesA
MoveFileExA
CreateFileA
DeleteFileA
RaiseException
SetFileAttributesA
DecodePointer
RemoveDirectoryA
DeleteCriticalSection
GetTickCount
GetModuleHandleExW
LoadLibraryW
FreeLibrary
GetModuleFileNameA
GetCommandLineW
GetCurrentProcess
GetTempPathA
GetSystemDirectoryA
GetNativeSystemInfo
LocalFree
GetCurrentThreadId
Sleep
FormatMessageW
GetLocalTime
GetCurrentProcessId
RtlUnwind
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
HeapReAlloc
SetEndOfFile
SetStdHandle
ReadConsoleW
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FlushFileBuffers
SetFilePointerEx
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
GetCommandLineA
CreateFileW
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
GetModuleFileNameW
ExitProcess
HeapFree
HeapAlloc
GetFileSizeEx

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84.1MB - Virtual size: 84.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
launcherfull-shiginima-v4300.exe
.exe windows x86

6011984d7c1f1b97a34d7517a498bff8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateMutexA
CreateProcessA
ExitProcess
FindResourceExA
FormatMessageA
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetEnvironmentVariableA
GetExitCodeProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalMemoryStatusEx
LoadResource
LocalFree
LockResource
SetEnvironmentVariableA
SetLastError
SetUnhandledExceptionFilter
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_chdir
_close
_findclose
_findfirst
_findnext
_iob
_itoa
_onexit
_open
_read
_setmode
_stat
atexit
atoi
fclose
fopen
fprintf
fwrite
memset
printf
puts
signal
strcat
strchr
strcmp
strcpy
strlen
strncat
strncpy
strpbrk
strrchr
strstr
strtok

shell32

ShellExecuteA

user32

CreateWindowExA
DispatchMessageA
EnumWindows
FindWindowExA
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
KillTimer
LoadImageA
MessageBoxA
PostQuitMessage
SendMessageA
SetForegroundWindow
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7f8323a9b9824d6c1fd4c99e858a4be

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:8b:e2:f5:34:52:c8:82:f1:8e:d4:1a:5d:d4:e7:a3Certificate

Extended Key Usages

Key Usages

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:a8:84:ee:67:61:22:dd:f1:d5:25:0d:4a:c7:73:8f:11:00:9b:49:6f:1d:be:c1:00:01:62:80:e7:b1:83:d3Signer

Signature Validations

Verification

15/09/2022, 04:04 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 223KB - Virtual size: 223KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 84.1MB - Virtual size: 84.1MB

.reloc Size: 3KB - Virtual size: 3KB

6011984d7c1f1b97a34d7517a498bff8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 64B

.rdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 35KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 17KB - Virtual size: 16KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:8b:e2:f5:34:52:c8:82:f1:8e:d4:1a:5d:d4:e7:a3
Certificate

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:a8:84:ee:67:61:22:dd:f1:d5:25:0d:4a:c7:73:8f:11:00:9b:49:6f:1d:be:c1:00:01:62:80:e7:b1:83:d3
Signer

15/09/2022, 04:04
Valid: true

.text
Size: 223KB - Virtual size: 223KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 84.1MB - Virtual size: 84.1MB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 64B

.rdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 35KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 17KB - Virtual size: 16KB