MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b9046d9046f63d7255165de2742a872d19246f2305f831d5c95ba7629ea6933. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 3b9046d9046f63d7255165de2742a872d19246f2305f831d5c95ba7629ea6933
SHA3-384 hash: df6385dcf607560cb2db3850469e9f340a65bbc91275f225bfae929258757b70cf54842dc3a76b42a0e35918c97ebc4e
SHA1 hash: 9d4cd019593adac69e14e1321cc6b25e32e0fb90
MD5 hash: c338d3823eeab87a7be1d5ad9d5727f6
humanhash: venus-kentucky-apart-nineteen
File name:zloader_1.3.1.0.vir
Download: download sample
Signature ZLoader
File size:84'480 bytes
First seen:2020-07-19 19:35:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 80c5f7b7c8550e1132f3748e9ecf4e99
ssdeep 768:T/pVfESdny4BjF+6xeRPyliIP6d6olSm77F+mogjGCJdr9/UMPxKMCSSMVRC1RCw:T/pH4lddf7FRogHjhUMP3SEQZRf3fp
TLSH 14834B72BB8DC054D9EE66BC8CA9D3AD449C3F57CC219873B6C41F5F24686C94A81B0B
Reporter @tildedennis
Tags:ZLoader


Twitter
@tildedennis
zloader version 1.3.1.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
20
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2015-12-09 00:21:00 UTC
AV detection:
21 of 31 (67.74%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments