MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60544c6694620488b69e568b15c96b33971dd7343ba63da31f993332852871c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZLoader

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	60544c6694620488b69e568b15c96b33971dd7343ba63da31f993332852871c2
SHA3-384 hash:	fa25c0235e80b25d388b1d6ce70a7aaa59baf3262cc041db858ef05639e03ef53541570857290345301fa293ff00bbb8
SHA1 hash:	410c1c03a52dbd56e78b0487ec532e68eb1c64e4
MD5 hash:	4a74e2d34230bbc705f39e6943c859d3
humanhash:	indigo-kilo-jig-network
File name:	1_005B0000.bin
Download:	download sample
Signature	ZLoader Create hunting rule
File size:	176'640 bytes
First seen:	2020-04-25 20:54:24 UTC
Last seen:	2020-04-25 21:45:20 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	c4a8909c0bccc13eaa9bdf93bacea9e6 (9 x ZLoader)
ssdeep	3072:UUAc34Y7X9wnq9qZbugKRJle5dkrve0yZIZy7S2fMZ9AP6ehND2t8qZ8sp:UUoYZPqZbPK5gMvelZI8FfMZKxPSt/Zl
Threatray	58 similar samples on MalwareBazaar
TLSH	B10417055854C530EC1402B1A9DEF77E8C1EC52E6B22EAABCBD1C9C46FD86B035BE25D
Reporter	johannes
Tags:	ZLoader

viql

Manually unpacked sample 306212efebc6ac92000687393e56a5cb

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.DownLoader33.26302.31497.7828.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2020-04-25 21:35:23 UTC

File Type:

PE (Dll)

AV detection:

22 of 31 (70.97%)

Threat level:

2/5

Verdict:

malicious

Label(s):

zloader

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ZLoader

DLL dll 8d5a770975e52ce1048534372207336f6cc657b43887daa49994e63e8d7f6ce1

ZLoader

DLL dll 60544c6694620488b69e568b15c96b33971dd7343ba63da31f993332852871c2

(this sample)

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.zloader

Dropped by

MD5 306212efebc6ac92000687393e56a5cb

Delivery method

Distributed via web download

Dropped by

SHA256 8d5a770975e52ce1048534372207336f6cc657b43887daa49994e63e8d7f6ce1

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::GetTempPathA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample