MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37259fff5937e8c92679a70cff7fc4b81043451ce705c982398865b17c7fd2a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 37259fff5937e8c92679a70cff7fc4b81043451ce705c982398865b17c7fd2a5
SHA3-384 hash: 0fcec0c9b8d56788e80b6f43ae35571768b0f934bc1247f23bf16c822910fcb909e9f544d2c1431abc487a4a137a15ae
SHA1 hash: ee5d02be081bdd4838404a6efb36e18425824665
MD5 hash: 840641f9291b990b4b70295ef9c93ff9
humanhash: eleven-arizona-oklahoma-bakerloo
File name:uncategorized_1.7.2.1.vir
Download: download sample
Signature ZeuS
File size:150'016 bytes
First seen:2020-07-19 19:34:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 771cfbaddfa6d625295b48c47e956a48
ssdeep 3072:ARzqEQmJSeQnvr1+88+0zGt8z3+gFxCkC79S5z:AbQODQBT8+oGt8zOgFxCkp5
TLSH 49E3E133A31E8D16F52289FF02D957CC4B7A4BC20C69939737E3459D68C5284B39DAAC
Reporter @tildedennis
Tags:uncategorized ZeuS


Twitter
@tildedennis
uncategorized version 1.7.2.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
21
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-11-03 17:25:00 UTC
AV detection:
24 of 25 (96.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Runs net.exe
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments