MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a
SHA3-384 hash:	4235d6dedb1156b463d54df4db727a94ae8962ff606cdcc3178bf6ecdbab951bd4d10dfa7fd66bb70faace8455f4c790
SHA1 hash:	47bd5aa4356028de73fde18268e4891bf7ec5aae
MD5 hash:	4773b4f06e91d998f15f56986eca1c04
humanhash:	quiet-sad-early-oven
File name:	XyWyEEeJbirzkqu.dll
Download:	download sample
File size:	898'560 bytes
First seen:	2020-04-21 14:12:44 UTC
Last seen:	2020-04-21 14:55:29 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	3996876777daa5d8460a4dd2c27866c7
ssdeep	6144:jCGInLbdL0BjgwdJNhO1yd2l+nqCmv6iQtiS9Vzzz2axdqhNuy9xPpX:eaBku2GTmii8XGZNu2xBX
Threatray	80 similar samples on MalwareBazaar
TLSH	FB15172A664398DBE3353A30DBE60E03995171E5F4300D8F7A7E8E5CAE50B957C09EC6
Reporter	Racco42
Tags:	dll

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Variant.Razy.647130.8345.9010.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Zload

Status:

Malicious

First seen:

2020-04-21 14:35:23 UTC

File Type:

PE (Dll)

AV detection:

23 of 31 (74.19%)

Threat level:

2/5

Verdict:

malicious

14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d

19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4

2b5e50bc3077610128051bc3e657c3f0e331fb8fed2559c6596911890ea866ba

69b37a5b3044cb14a9fc32440212f242e52f657b93306f4b90cccc3087ed4773

7af7f0a46e466b448270f959f4e1a3af964d22b609100536703e299d7618bf2d

987bd37601d6a662a35183c0dd766752e57ed9a1090bb0383b082baf4ea8f6c8

af6af9c2d50e7c692521dac219b7f2f23c6b677216267dcbaf44bd44f7290d70

da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3

e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a

+ 70 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	kernel32.dll::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample