MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 460daa0c566c507d0e566e66d87636eeb495666380eae6210db0c9902ddefcb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 460daa0c566c507d0e566e66d87636eeb495666380eae6210db0c9902ddefcb4
SHA3-384 hash: 122fe51042246b67e2407ef0356364a5a36baaf92c9eff3e4a24d878df8e8140dce4ae1a99958712389b353ed726856e
SHA1 hash: 9eae2ae0ece6591f0a5c5195bd2135c1ec3570de
MD5 hash: ab0656abc30d6a2042c0eeb453a42e28
humanhash: wyoming-chicken-michigan-hotel
File name:iceix_1.1.9.2.vir
Download: download sample
Signature ZeuS
File size:135'168 bytes
First seen:2020-07-19 17:13:12 UTC
Last seen:2020-07-19 19:12:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a3eab08621c34defb1038e6611977d5f
ssdeep 3072:IVHChw0FlDNBV6sH61raT4GT15+AlzYAM:IVHC7XNpH61gHH+Alzf
TLSH C5D3013A7CD3C137C483D4B8D45E8E4E57722823132251C3EB6A1E1EBDB5696292F25E
Reporter @tildedennis
Tags:iceix


Twitter
@tildedennis
iceix version 1.1.9.2

Intelligence


File Origin
# of uploads :
2
# of downloads :
18
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-12-03 09:02:00 UTC
AV detection:
24 of 31 (77.42%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments