MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2267ae0da18ffb2d05046af5a44ef04717515c4584bc97bfc5c43da7b45dfea4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 2267ae0da18ffb2d05046af5a44ef04717515c4584bc97bfc5c43da7b45dfea4
SHA3-384 hash: dbdf461985e051ff64d2500733364032d679288fe72774333ffea53f63819ee68e2768811382f6adbc67f4b4680ae7f8
SHA1 hash: 320855b4703529f24c0dac5caeb3173ea71ec536
MD5 hash: 5a0aeaa95d0e7860eb0cb769e8eb7442
humanhash: california-seventeen-freddie-cola
File name:unnamed 3_3.0.3.2.vir
Download: download sample
Signature ZeuS
File size:196'608 bytes
First seen:2020-07-19 19:49:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash af2ee2cdfa4256451bdb7ed62258f0e3
ssdeep 3072:O3ZTwCVqkBxVSh+0KNK50NL7w4lAV/8Jf4ZDAGE+CYmEneywv4irbvPg2nQ17vE:O3ZTXVqgVyO17LOWhNSTy4irzq7M
TLSH C814E02510D8E993E4B366FE3070528B6235BD7016E09C4FC30466C9296F1F6ABADB73
Reporter @tildedennis
Tags:unnamed 3 ZeuS


Twitter
@tildedennis
unnamed 3 version 3.0.3.2

Intelligence


File Origin
# of uploads :
1
# of downloads :
34
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2012-06-20 16:28:00 UTC
AV detection:
24 of 28 (85.71%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments