MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2387ef5d3af113c8c902f478df1c2d7f7a7acf729873b13508c1f1915bf5000. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 2 Yara Comments

SHA256 hash: a2387ef5d3af113c8c902f478df1c2d7f7a7acf729873b13508c1f1915bf5000
SHA3-384 hash: 11fd9fef94f329f7df175941439fc100aa6e84844c6bbcb4b7142a1077c3d57623a2fd4518c7a1a96162798ea8fc0289
SHA1 hash: 140b2e5b1aaa43400795ed21c176754ac6048dc5
MD5 hash: 546fd2b31496c60ad6012c080b03f643
humanhash: equal-butter-mississippi-cardinal
File name:polysemous.dll
Download: download sample
Signature ZLoader
File size:262'144 bytes
First seen:2020-06-29 19:55:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 47d00fcdb41310734d2edb003f48986c
ssdeep 6144:m3uo9etp6RdsE84WGfI1DcRBfBt1itFn2ybm7MT59T:mBjR+rAD/SFWY
TLSH EB44AE34CFEC9D54D26B96BDA9247711A780D30CF7AFAE0F99D0428084E267B271672C
Reporter @Racco42
Tags:dll ZLoader


Mail intelligence No data
# of uploads 1
# of downloads 27
Origin country US US
CAPE Sandbox Detection:n/a
ClamAV No detection
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Kryptik
First seen:2020-06-23 05:47:23 UTC
AV detection:19 of 31 (61.29%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:zloader
Tags:trojan botnet family:zloader persistence
VirusTotal:Virustotal results 16.67%

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method