MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4029f9fcba1c53d86f2c59f07d5657930bd5ee64cca4c5929cbd3142484e815a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 4 File information Yara Comments

SHA256 hash: 4029f9fcba1c53d86f2c59f07d5657930bd5ee64cca4c5929cbd3142484e815a
SHA3-384 hash: 2fb4a2f14c7eb9830c98186f69db66f79f99a4e7f1092882f6611fe8ce26b18097a4c6e8e40c5e57e1418bc7ac9120e6
SHA1 hash: da361ec6976d3d9225ce40951b26d1d8ecdb7fd1
MD5 hash: 5c76c41f9d0cc939240b3101541b5475
humanhash: failed-angel-johnny-mobile
File name:2_msiexec_dump.bin
Download: download sample
Signature ZLoader
File size:212'992 bytes
First seen:2020-04-25 21:03:39 UTC
Last seen:2020-04-25 21:45:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash aeaf05baf5176b03e6ca1c1b0c09e695
ssdeep 6144:qk6pWgrPNhxu9T+KpqQJDuUMOHhJQ90yYPZ2Le4Q:qkCWkhx8ny0yYRee
TLSH EF243A015860C130F95101B16A9EE7BE9C6ED23D3B12A6EBCB91C9A09FDC6F0B47D25D
Reporter @viql
Tags:ZLoader


Twitter
@viql
This is sample c844efe1b7e76cbdea36ce62ff788de9 with entry point set to the routine that first runs after decryption in msiexec.exe. Load it at image base 0x03090000

Intelligence


File Origin
# of uploads :
2
# of downloads :
55
Origin country :
CH CH
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2020-04-25 21:35:24 UTC
AV detection:
27 of 31 (87.10%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

Executable exe 4029f9fcba1c53d86f2c59f07d5657930bd5ee64cca4c5929cbd3142484e815a

(this sample)

Comments