bazarloader | eee062f43b42bba39663fb628a7da063_JaffaCakes118

General

Target

eee062f43b42bba39663fb628a7da063_JaffaCakes118
Size

66KB
MD5

eee062f43b42bba39663fb628a7da063
SHA1

c349ca54ffcd54077f1215740029f909c85ccc06
SHA256

abed6d2ad917018dbd98efabc31bde51ff3cc2e4f71b60e7b8a71344a90df0d7
SHA512

19fad524b904eea8fa31f8c4cf2cda03d58e2a7e10a476896f53799b66d10291420c7ad997ffe8d829f32dcc07695b0e68dfd8f9fa8785ebc821d237b58ca12e
SSDEEP

1536:Rq8PQsGtzp/dsSTnOuhBRMRSuAM4yxSZ9:RqZsGP/awZhBRKH

Score

10^/10

bazarloader

Malware Config

Extracted

Family

bazarloader

C2

164.90.198.79

164.90.198.77

blackrain15.bazar

bluehail.bazar

Signatures

Bazar/Team9 Loader payload 1 IoCs

resource	yara_rule
sample	BazarLoaderVar6

Bazarloader family
bazarloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eee062f43b42bba39663fb628a7da063_JaffaCakes118

Files

eee062f43b42bba39663fb628a7da063_JaffaCakes118
.dll regsvr32 windows:6 windows x64 arch:x64

2a663bf3afdb2ff4d5e5198c54863af2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

StrCSpnA
StrCSpnW
StrSpnA
StrSpnW

kernel32

HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
lstrcatW
HeapFree
lstrlenW
lstrlenA
HeapAlloc
GetProcessHeap
lstrcpyW
lstrcpyA
lstrcatA
lstrcpynW
lstrcmpA

user32

wsprintfA
wsprintfW

Exports

Exports

DllRegisterServer
DllUnregisterServer
PauseW
ResumeServer
ResumeW
StartServer
StartW
StopServer
StopW
SuspendServer

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2a663bf3afdb2ff4d5e5198c54863af2

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 12B