MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 442b1971e92aefeb93774a13cd2ca15f7f8e9dad99303f1c832bd62f10e30ed2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 442b1971e92aefeb93774a13cd2ca15f7f8e9dad99303f1c832bd62f10e30ed2
SHA3-384 hash: 14663b1a2055cbb1fb392690115764ed0adbc1b83ff6d1a8b8c61e0489b79b9ae402c42e1af3c9b4c416aca258b7004d
SHA1 hash: 50b8e32336e850b7e0b0a70734270db29ea168bc
MD5 hash: 58bebe685a0b35149cf7f1daf059f3fa
humanhash: saturn-ohio-football-low
File name:powerzeus_1.0.2.0.vir
Download: download sample
Signature ZeuS
File size:174'592 bytes
First seen:2020-07-19 17:34:46 UTC
Last seen:2020-07-19 19:20:21 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash e7b5e8c3dfd996f9d0353bf2fa7e7493
ssdeep 3072:66hNFaC0JPiafzhColsnP2xZbC8hCytaOzcrGfEhveDE/VdnH1M0Z75:bTFa/PJEol8ebfa9rEgPjR
TLSH 4804011BF451C6BEC5AC25718A19F6B742BF4A0038199F9FB73D1A682C2663076BC347
Reporter @tildedennis
Tags:powerzeus ZeuS


Twitter
@tildedennis
powerzeus version 1.0.2.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
23
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 247113 Sample: powerzeus_1.0.2.0.vir Startdate: 19/07/2020 Architecture: WINDOWS Score: 60 20 Antivirus / Scanner detection for submitted sample 2->20 22 Multi AV Scanner detection for submitted file 2->22 24 Machine Learning detection for sample 2->24 7 loaddll32.exe 1 2->7         started        process3 dnsIp4 18 1.0.2.0 CLOUDFLARENETUS China 7->18 10 rundll32.exe 7->10         started        12 rundll32.exe 7->12         started        14 rundll32.exe 7->14         started        process5 process6 16 WerFault.exe 27 10 10->16         started       
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2013-09-06 13:55:00 UTC
AV detection:
22 of 25 (88.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments