MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b9046d9046f63d7255165de2742a872d19246f2305f831d5c95ba7629ea6933. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b9046d9046f63d7255165de2742a872d19246f2305f831d5c95ba7629ea6933
SHA3-384 hash: df6385dcf607560cb2db3850469e9f340a65bbc91275f225bfae929258757b70cf54842dc3a76b42a0e35918c97ebc4e
SHA1 hash: 9d4cd019593adac69e14e1321cc6b25e32e0fb90
MD5 hash: c338d3823eeab87a7be1d5ad9d5727f6
humanhash: venus-kentucky-apart-nineteen
File name:zloader_1.3.1.0.vir
Download: download sample
Signature ZLoader
Create hunting rule
File size:84'480 bytes
First seen:2020-07-19 19:35:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 80c5f7b7c8550e1132f3748e9ecf4e99 (1 x ZLoader)
ssdeep 768:T/pVfESdny4BjF+6xeRPyliIP6d6olSm77F+mogjGCJdr9/UMPxKMCSSMVRC1RCw:T/pH4lddf7FRogHjhUMP3SEQZRf3fp
Threatray 553 similar samples on MalwareBazaar
TLSH 14834B72BB8DC054D9EE66BC8CA9D3AD449C3F57CC219873B6C41F5F24686C94A81B0B
Reporter tildedennis
Tags:ZLoader


Avatar
tildedennis
zloader version 1.3.1.0

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28275/
Detection(s):
SecuriteInfo.com.Pakes2_c.BUGG.26017.14470.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3b9046d9046f63d7255165de2742a872d19246f2305f831d5c95ba7629ea6933/
Threat name:
Win32.Trojan.Yakes
Create hunting rule
Status:
Malicious
First seen:
2015-12-09 00:21:00 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hoienwien5r5ojkrmxpcoqviolizerxsgbpyghk4sw5hmkpknezq._file
Verdict:
malicious
Similar samples:
0a18c476254735864b8ab07e5223bb310207954cce179c4b773345d73247113f
ZLoader
0e1253abec933b14f592f8ab6fcfaeba8fb3b9d24f9ef2a7021345d2fc738b3f
ZLoader
24f25d0bca087db5a6a5733171d3cee1fbcacdfcb00ef5b7bf79ad6fe362b069
ZLoader
2688c4f64f2d9eeb929cbbe30f99b4b6d592163f509c2845398c638fb2c19a4f
ZLoader
99737bd60422defc150edf7e1ec863acd6d2e599e8139aa987b6b4c43ab18cec
ZLoader
9d6bc6e4160de2b643944978e6417707742e0d289dbf967bac789d79b67c920c
ZLoader
b1bfc64b0b5890c39650f9ec6a12bb8b7c4b84654de8898d694f199f359b12a5
ZLoader
b2d8df96514495cb6b3fe66a6d61e70b8b6e92426910db93f7ae521be4fd2762
ZLoader
dea5303370177b621cdd1fd497396ddaa9e94d3edd1407339f52f0dc85a67046
ZLoader
ee21511b610cd2a154c85c04c0e3d88f82b0ee835afd51247a1a7e97900cd733
ZLoader
+ 543 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200719-13sbfpstce/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3b9046d9046f63d7255165de2742a872d19246f2305f831d5c95ba7629ea6933

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/zloader/
Cape
Cape
https://www.capesandbox.com/analysis/28275/

Comments