MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448
SHA3-384 hash: 97f99dd5ae507be4f38b6e6f6fa9be12a711c0f324e4f8dfd2bbe8fecdfb9ea96a63e5c5e68bc5e0f9d2d32d950dd424
SHA1 hash: 89198a1da32b1aedf70e9a113269b25c0abada82
MD5 hash: 4999aaea3e94b8cebf6f7c85c0e70f87
humanhash: fourteen-yankee-mississippi-don
File name:zeSZwoAPWgbxgrv.dll
Download: download sample
File size:894'464 bytes
First seen:2020-04-06 22:17:51 UTC
Last seen:2020-04-06 22:30:20 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 9dba226035a15226c159dcc33536645d
ssdeep 6144:D90Xme25D0MIK1lqKdckQswhOB/uEpZ5WFFwGqpSwQLrWU6iQF45AdNcUq6ARLHx:G2jD0El2ZFgIFwGqEwQLqx4Qq1Z7
Threatray 39 similar samples on MalwareBazaar
TLSH DA15E75BAE4384F3E7312A3FA6C21D0256147585E4E1298FB67DEE1C6E79E623C01ED0
Reporter Racco42
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.636131.16239.4497.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zbot
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 19:27:30 UTC
File Type:
PE (Dll)
Extracted files:
14
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
1130c38b05892129ef1a97693b0d3797a45ec69fe0d95bc28e4b09e3d4dd0e9c
15e6a048813e1fa7e06751b3cccd6125d7b8efb3ed160931213ac44eafa60807
60544c6694620488b69e568b15c96b33971dd7343ba63da31f993332852871c2
7af7f0a46e466b448270f959f4e1a3af964d22b609100536703e299d7618bf2d
81a9eb444ffc7c5a700d4da6198c2f929d0e312d38667b9d3e29740eccabca3f
8d5a770975e52ce1048534372207336f6cc657b43887daa49994e63e8d7f6ce1
92f61cc6548277705585cc0c28d553093323d802a1d0d2e9fe618ebeaa6752fa
d538dfafbdf6ac115c24dbdd68c65dbef6460808dd2c4f3fc01d5e15bfc2f902
e3bcf059f0ad7b1c92462646e135623d3ce75addcd6a0d207b78e2fbfb6dac2d
fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9
+ 29 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Visual Basic Script (vbs) vbs 565cdacfdad8631d8e88153da40cb96b03e02f14f06a9cd6680cb6e8907a5b69

DLL dll e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 565cdacfdad8631d8e88153da40cb96b03e02f14f06a9cd6680cb6e8907a5b69

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User Authorizationadvapi32.dll::SetNamedSecurityInfoA
MULTIMEDIA_APICan Play Multimediaole32.dll::DllGetClassObject
WIN_BASE_APIUses Win Base APIkernel32.dll::LoadLibraryA
WIN_CRED_APICan Manipute Windows Credentialsadvapi32.dll::CredIsMarshaledCredentialW
WIN_CRYPT_APIUses Windows Crypt APIadvapi32.dll::CryptGenKey

Comments