MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35b810f92a7364e3e319ba95665f42fbd7f2eea1e68482256a63b9d97c36146a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	35b810f92a7364e3e319ba95665f42fbd7f2eea1e68482256a63b9d97c36146a
SHA3-384 hash:	f4ca5cf415ca25ede8d6f994404fc0fcab080bc5e046e1d16a599e927fd46f75a6bdef9f3c5e7cad3a36932bf1ad7aa0
SHA1 hash:	04c729eef382cd257ff0059e7e2eb4948c78f6f4
MD5 hash:	e7352f4537ab2a838504d8b2aa17202d
humanhash:	robert-golf-pip-high
File name:	35b810f92a7364e3e319ba95665f42fbd7f2eea1e68482256a63b9d97c36146a
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	133'504 bytes
First seen:	2020-11-08 16:22:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	653ce33dd52a644ca5b991f98ddfdbe3 (2 x VMZeuS, 1 x ZeuS)
ssdeep	3072:BF0Wsd7fzeZjUB0xZMX2x598fawZPhoSRZC6TyV:LrKyjXZMIK7Z9+V
TLSH	64D30220E7685277E1D2C0BE5A3EDADC81D32EB1027644D778E601474AD36DB6A7F283
Reporter	@tildedennis
Tags:	unnamed 5 ZeuS

@tildedennis

unnamed 5 version 4.5.4.4

Intelligence

File Origin

# of uploads :

# of downloads :

1'427

Origin country :

Mail intelligence

Gathering data

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.PSW.Generic10.AXVO.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Unauthorized injection to a recently created process

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

ZeusVM

Detection:

malicious

Classification:

bank.troj.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/525498

Signature

Antivirus / Scanner detection for submitted sample

Contains VNC / remote desktop functionality (version string found)

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Detected ZeusVM e-Banking Trojan

Injects a PE file into a foreign processes

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/35b810f92a7364e3e319ba95665f42fbd7f2eea1e68482256a63b9d97c36146a/

Threat name:

Win32.Trojan.Zeus

Status:

Malicious

First seen:

2012-12-19 20:22:00 UTC

AV detection:

24 of 29 (82.76%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://www.spamhaus.org/query/hash/gw4bb6jkonsohyyzxkkwmx2c7pl7f3vb42ciejlkmo45s7bwcrva._file

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/201108-cqgml81xtn/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

AV coverage:

71.74%

AV detections:

33 / 46

Link:

https://www.virustotal.com/gui/file/35b810f92a7364e3e319ba95665f42fbd7f2eea1e68482256a63b9d97c36146a/detection/f-35b810f92a7364e3e319ba95665f42fbd7f2eea1e68482256a63b9d97c36146a-1359621398

Threat name:

Zbot

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/35b810f92a7364e3e319ba95665f42fbd7f2eea1e68482256a63b9d97c36146a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/unnamed 5/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample