MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 987bd37601d6a662a35183c0dd766752e57ed9a1090bb0383b082baf4ea8f6c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 987bd37601d6a662a35183c0dd766752e57ed9a1090bb0383b082baf4ea8f6c8
SHA3-384 hash: a21f12fcf150dbaf33ed7979c49ce7390ed465347aaed3d2a4bad37bce9857cd332691a764e6d1583384c753426fd236
SHA1 hash: 76890dd42ad72c5b63b4ac9dfa4354b3cbf105cb
MD5 hash: 53a476053fb72992027e4c5bdab362da
humanhash: golf-dakota-jersey-kansas
File name:SerkLIEWTZwyHtV.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:822'784 bytes
First seen:2020-04-15 11:25:34 UTC
Last seen:2020-04-15 11:59:48 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 6f635db6919d1fb8aafa932055c85f04 (1 x ZLoader)
ssdeep 6144:U79/vwdJNhO1yd2l+nqCmv6iQtiS9Vzzz2axdqhNuy9xKtLbdL0Bj3hY4:yu2GTmii8XGZNu2xUaBF
Threatray 80 similar samples on MalwareBazaar
TLSH 2C05D32B6E4298F7D3352A3F8AE21A0399043D95E4F1598F3A3DEB5C6E70E912C05DC5
Reporter Racco42
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.HEUR.QVM40.1.942F.Malware.Gen.26967.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zload
Create hunting rule
Status:
Malicious
First seen:
2020-04-15 09:56:37 UTC
File Type:
PE (Dll)
Extracted files:
14
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tb55g5qb22tgfi2rqpan25thklsx5wnbbef3aob3bav26tvi63ea._file
Verdict:
malicious
Similar samples:
0a529a4059586c60a025c4f646c6ca443488a39263f5f21b897fe7f9373602e8
ZLoader
14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d
ZLoader
19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4
ZLoader
2b5e50bc3077610128051bc3e657c3f0e331fb8fed2559c6596911890ea866ba
ZLoader
4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a
ZLoader
69b37a5b3044cb14a9fc32440212f242e52f657b93306f4b90cccc3087ed4773
ZLoader
7af7f0a46e466b448270f959f4e1a3af964d22b609100536703e299d7618bf2d
ZLoader
af6af9c2d50e7c692521dac219b7f2f23c6b677216267dcbaf44bd44f7290d70
ZLoader
da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3
ZLoader
e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a
ZLoader
+ 70 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsoleacc.dll::DllCanUnloadNow
oleacc.dll::DllUnregisterServer
MULTIMEDIA_APICan Play Multimediawinmm.dll::auxGetDevCapsA
oleacc.dll::DllGetClassObject
winmm.dll::mmioInstallIOProcW
winmm.dll::joyGetDevCapsW
winmm.dll::joyGetPos
winmm.dll::joyGetPosEx
PRINT_SPOOLER_APIManipulates Printer Driverswinspool.drv::DeletePrinterIC
WIN_BASE_APIUses Win Base APIkernel32.dll::LoadLibraryA
WIN_BASE_IO_APICan Create Filesversion.dll::GetFileVersionInfoSizeW
version.dll::GetFileVersionInfoSizeA
version.dll::GetFileVersionInfoW
version.dll::GetFileVersionInfoA

Comments