MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35b810f92a7364e3e319ba95665f42fbd7f2eea1e68482256a63b9d97c36146a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments

SHA256 hash: 35b810f92a7364e3e319ba95665f42fbd7f2eea1e68482256a63b9d97c36146a
SHA3-384 hash: f4ca5cf415ca25ede8d6f994404fc0fcab080bc5e046e1d16a599e927fd46f75a6bdef9f3c5e7cad3a36932bf1ad7aa0
SHA1 hash: 04c729eef382cd257ff0059e7e2eb4948c78f6f4
MD5 hash: e7352f4537ab2a838504d8b2aa17202d
humanhash: robert-golf-pip-high
File name:35b810f92a7364e3e319ba95665f42fbd7f2eea1e68482256a63b9d97c36146a
Download: download sample
Signature ZeuS
File size:133'504 bytes
First seen:2020-11-08 16:22:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 653ce33dd52a644ca5b991f98ddfdbe3 (2 x VMZeuS, 1 x ZeuS)
ssdeep 3072:BF0Wsd7fzeZjUB0xZMX2x598fawZPhoSRZC6TyV:LrKyjXZMIK7Z9+V
TLSH 64D30220E7685277E1D2C0BE5A3EDADC81D32EB1027644D778E601474AD36DB6A7F283
Reporter @tildedennis
Tags:unnamed 5 ZeuS


Twitter
@tildedennis
unnamed 5 version 4.5.4.4

Intelligence


File Origin
# of uploads :
1
# of downloads :
1'427
Origin country :
FR FR
Mail intelligence
Gathering data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Unauthorized injection to a recently created process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Detection:
malicious
Classification:
bank.troj.evad
Score:
92 / 100
Signature
Antivirus / Scanner detection for submitted sample
Contains VNC / remote desktop functionality (version string found)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Detected ZeusVM e-Banking Trojan
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2012-12-19 20:22:00 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments