MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Gozi

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b
SHA3-384 hash:	841b97e0f04ffb3f9c491ecc9991aeacf76e4779b0d86363addae532c259403836bf411463a2d166500ef5579b1544e2
SHA1 hash:	8b20384f4a28f897a82bb4cb58e317d100096b73
MD5 hash:	e7aba23375f3a435c774684db72f15d8
humanhash:	ohio-twelve-fillet-triple
File name:	akuxmue.dll
Download:	download sample
Signature	Gozi Create hunting rule
File size:	430'080 bytes
First seen:	2020-03-20 17:36:59 UTC
Last seen:	2020-03-22 15:21:54 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	4552138ce75aabc91ad0a7628bc4e220 (1 x Gozi)
ssdeep	6144:pGjz2fKsolgj9OHcBF063px35NabPWVR4Md24kGZ9VQnP5apXP9Zr:ptysolOO8z063X5NabPcT24jZq4XV
Threatray	104 similar samples on MalwareBazaar
TLSH	8894273239A5C4AAE4422A39DC06E6FDE135BDA8CF6088D772DA7F0F75713C08539259
Reporter	Racco42
Tags:	dll Gozi ZLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.PrivateExeProte-11

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2020-03-12 23:04:03 UTC

File Type:

PE (Dll)

AV detection:

22 of 30 (73.33%)

Threat level:

5/5

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

vbs 038b6c4bfa9ef4b415433b7192cb2515a16643f412441b0bbdb2d3aebbb99b9c

Gozi

DLL dll b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b

(this sample)

Delivery method

Other

Dropped by

SHA256 038b6c4bfa9ef4b415433b7192cb2515a16643f412441b0bbdb2d3aebbb99b9c

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CreateProcessA KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::GetStartupInfoA KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_API	Can Execute other programs	KERNEL32.dll::WriteConsoleA KERNEL32.dll::WriteConsoleW KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleCP KERNEL32.dll::GetConsoleMode KERNEL32.dll::GetConsoleOutputCP
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CreateDirectoryA KERNEL32.dll::CreateFileA KERNEL32.dll::DeleteFileA
WIN_TRUST_API	Uses Windows Trust API	WINTRUST.dll::WinVerifyTrust

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample