MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14c31678230e8848e0e385b5554904bf6df8199fb1bdb63f9f7a09127c72ea2c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 14c31678230e8848e0e385b5554904bf6df8199fb1bdb63f9f7a09127c72ea2c
SHA3-384 hash: f1cbd92163129875f0166d98b31ea1d0edb68920845b7a5f28c036d3d12800f93beb339e00459ba6c501b42a096c5117
SHA1 hash: 0d8852666a5abe2105a0cbfa6702a58db81a4413
MD5 hash: 4673b4d277698508a4fc264b28d8a1fd
humanhash: glucose-mountain-music-early
File name:zeus 2_2.0.9.0.vir
Download: download sample
Signature ZeuS
File size:96'256 bytes
First seen:2020-07-19 19:40:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fbc01d3c985f8c4feb89732846309788
ssdeep 1536:CbvN5baxrUc/JFnc8svr4mYndAOQVJObtCczbHYv1ev9Whn7pKo:gbbJc/JFcDvrMnSVeCmMkqnMo
TLSH 0893F2A2FA8615C1FE2621F8292FC1B24EC496195DE4DF42D5B37C4AD0E57212FC83E8
Reporter @tildedennis
Tags:ZeuS zeus 2


Twitter
@tildedennis
zeus 2 version 2.0.9.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
20
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-09-06 10:21:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
NTFS ADS
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments