MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a529a4059586c60a025c4f646c6ca443488a39263f5f21b897fe7f9373602e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a529a4059586c60a025c4f646c6ca443488a39263f5f21b897fe7f9373602e8
SHA3-384 hash: df4e167b8e769024d6179719cbd6a8449855e18c5a3fc503b3ebf1525e772760f9dd2976fa03477b61c3d67fc71747a1
SHA1 hash: 31361849ff0cc6b9fecc7489462bb683d0f2af49
MD5 hash: 19e408f81cf26358f32010d0e8de00df
humanhash: mobile-river-west-alaska
File name:HuUHDfDIqSLYclP.dll
Download: download sample
File size:874'496 bytes
First seen:2020-04-14 19:24:44 UTC
Last seen:2020-04-14 19:39:40 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash c5f5b8aa7cef4e741cc6880b16e9d2d7
ssdeep 6144:bqDT1yYTLoc2GqhNuy9xKlLbdL0BjgwdJNhO1yd2l+nqCmv6iQtiS9Vzzz2ax2r5:bTcuNu2xYaBku2GTmii8XGpu
Threatray 80 similar samples on MalwareBazaar
TLSH 8B05371B6E4398F7E3352A3F8AE61A0399143595E4E0294F393EDF5C6E70EA12C09DC5
Reporter Racco42
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Troj.Zbot-OTP.13140.26729.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zbot
Create hunting rule
Status:
Malicious
First seen:
2020-04-14 02:23:51 UTC
File Type:
PE (Dll)
Extracted files:
7
AV detection:
23 of 30 (76.67%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d
19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4
2b5e50bc3077610128051bc3e657c3f0e331fb8fed2559c6596911890ea866ba
4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a
69b37a5b3044cb14a9fc32440212f242e52f657b93306f4b90cccc3087ed4773
7af7f0a46e466b448270f959f4e1a3af964d22b609100536703e299d7618bf2d
987bd37601d6a662a35183c0dd766752e57ed9a1090bb0383b082baf4ea8f6c8
e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448
e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a
ec9668cae1c65020021d2c633b68286944f1e6b1ddf5183d40ef823607e29cba
+ 70 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Visual Basic Script (vbs) vbs efed5fd1f7f9c34853aaf61568fa2b71dc83fb118e64e82187612ca7754d20e5

DLL dll 0a529a4059586c60a025c4f646c6ca443488a39263f5f21b897fe7f9373602e8

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 efed5fd1f7f9c34853aaf61568fa2b71dc83fb118e64e82187612ca7754d20e5

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
MULTIMEDIA_APICan Play Multimediaole32.dll::DllGetClassObject
SHELL_APIManipulates System Shellshell32.dll::ShellExecuteExW
WIN_BASE_APIUses Win Base APIkernel32.dll::LoadLibraryA
shell32.dll::SHGetDiskFreeSpaceA
WIN_BASE_EXEC_APICan Execute other programskernel32.dll::GetConsoleCharType
WIN_BASE_IO_APICan Create Fileskernel32.dll::ReplaceFileW
kernel32.dll::SetVolumeMountPointA
WIN_USER_APIPerforms GUI Actionsuser32.dll::BroadcastSystemMessageExA

Comments