MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a
SHA3-384 hash:	f7526da17fee19503a851b838ca3b5ca6091217f7caca07ce5d6cb8cc5da61b4e71a2c566d4cd65bc4c0754bf78aca3c
SHA1 hash:	8a66109684bfb149ae5f59adaceb380b040f1afc
MD5 hash:	bba9ace9dc7cce4cac9439a43fa4c9a0
humanhash:	nevada-alanine-october-one
File name:	MdXOYcXZkheUMIO.dll
Download:	download sample
File size:	880'640 bytes
First seen:	2020-04-20 22:27:08 UTC
Last seen:	2020-04-21 13:22:59 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	49eb4fe5a2af1aaf1471b4fc9086c943
ssdeep	6144:VfPhJtuLbdL0BjgwdJNhO1yd2l+nqCmv6iQtiS9Vzzz2axdqhNuy9x:VMaBku2GTmii8XGZNu2x
Threatray	80 similar samples on MalwareBazaar
TLSH	8E15172A664388DBE3753A30DBE60E03995171E5F4300D8F7A7E9E5CAE607913C19EC6
Reporter	Racco42
Tags:	dll ZLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Malware.21923.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Zload

Status:

Malicious

First seen:

2020-04-20 02:33:44 UTC

File Type:

PE (Dll)

AV detection:

22 of 30 (73.33%)

Threat level:

5/5

Verdict:

malicious

14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d

19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4

2b5e50bc3077610128051bc3e657c3f0e331fb8fed2559c6596911890ea866ba

4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a

69b37a5b3044cb14a9fc32440212f242e52f657b93306f4b90cccc3087ed4773

7af7f0a46e466b448270f959f4e1a3af964d22b609100536703e299d7618bf2d

987bd37601d6a662a35183c0dd766752e57ed9a1090bb0383b082baf4ea8f6c8

af6af9c2d50e7c692521dac219b7f2f23c6b677216267dcbaf44bd44f7290d70

da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3

+ 70 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ZLoader

vbs 14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d

DLL dll e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a

(this sample)

Delivery method

Other

Dropped by

SHA256 14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	kernel32.dll::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample