bazarloader | 17be43a38a98f46a546b23bc1d8bfe83 | Triage

Sharing

General

Target

17be43a38a98f46a546b23bc1d8bfe83
Size

135KB
MD5

17be43a38a98f46a546b23bc1d8bfe83
SHA1

bea38ccaa6fce6e1aa1077bd526a8ff40c441638
SHA256

9ec811f88c9239f240bfeabcd6b31db56c69e6cf01b50862f34246fd7fb9b166
SHA512

83cbf8f2d24588a759fcfbb8bb4d9fe61d4d2cfd8eaaa6a35e9377693369a8040e4fd181f146b7f57f95f2022f00c49cb6d493db37d330c79efb698ac8f0f70c
SSDEEP

3072:FY1jIGVyvgp/4I6d5xPo2ffTbI3iFoch6SzF3:FK0Nog/bIkf6Sx

Score

10^/10

bazarloader

Malware Config

Signatures

Bazar/Team9 Loader payload 1 IoCs

Processes:

resource yara_rule

sample BazarLoaderVar5
Bazarloader family
bazarloader
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

17be43a38a98f46a546b23bc1d8bfe83

Files

17be43a38a98f46a546b23bc1d8bfe83
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

EnterDll

Sections

.text
Size: 131KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ