MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a5566975893e6df1c42c57a5671cf4a18cb0e35613fb894a6341b9cfd95c877. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZeuS


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a5566975893e6df1c42c57a5671cf4a18cb0e35613fb894a6341b9cfd95c877
SHA3-384 hash: 2c949aec6b88609c9f8a87f0f829ca8ee87e3093bc89233464aab530d1780b2e683d6d6b54cda93f69b7e0661eb0be44
SHA1 hash: e2c613b54764ba0078ee5575df105b7f62e28930
MD5 hash: 3b3baad481c960e945ec8d3f81453c5e
humanhash: burger-fifteen-nevada-seven
File name:4a5566975893e6df1c42c57a5671cf4a18cb0e35613fb894a6341b9cfd95c877
Download: download sample
Signature ZeuS
Create hunting rule
File size:300'032 bytes
First seen:2020-03-23 18:53:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 77001399284de5ba1bd6f39ee922ca1d (1 x ZeuS)
ssdeep 6144:Jc8kGltuYVPoQysh2IINj7eirtbTKZGzZLTPrmAzRWBr4Z1vM/5K9:JYGltuUP7yqoictbTKZitlWBkTM
Threatray 79 similar samples on MalwareBazaar
TLSH 1F541206F1DEB430C1107ABB375EA5FDCA4EE8239D9556502EE9C6DF61769C0E328A03
Reporter Marco_Ramilli
Tags:exe ZeuS

Intelligence

File Origin
# of uploads :
1
# of downloads :
203
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Packed.26941.18846.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zbot
Create hunting rule
Status:
Malicious
First seen:
2015-01-14 20:33:49 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
07f21e8acc3843aa44347b928c180902577a40850a8c671065920cb81ea8beb3
ZeuS
08a989233f339732da10dcc9ab1931f1ee5da84c7ae482ff7b2abdbc85d44b49
ZeuS
1a30a352a65cf6ad2b9b8266617709672c777e58edaa625946d77aca427cd352
ZeuS
85c484e63143a822a269e0a5225d4e55f71db303647427ce3fc89cefaad9261a
ZeuS
a9dc22ed99b7c1871feb8da431e67610223089936bbe1332b82120232850ec1c
ZeuS
c0dfbb822dea47692a8ed0d266c518495f1a3efd3a4208fb5251bcdf08f18d42
ZeuS
c381ea5f5924e2b62d56e5c9ff223598649ff8884a0f88c4362409190bcc5f3e
ZeuS
c3f8265bfcc61ef328a8f776318d74e588873047f51e0dc8e445c1f6d4334f30
ZeuS
d6a8fb2eea4ebfd8d25afde9234335afca980c7c49d94ebda88db4a00c493c87
ZeuS
d935c6883744416102e2be4498623103a150fdbcb0a702240455f5d40f330bf4
ZeuS
+ 69 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZeuS

Executable exe 4a5566975893e6df1c42c57a5671cf4a18cb0e35613fb894a6341b9cfd95c877

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/322650/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
URL_MONIKERS_APICan Download & Execute componentsurlmon.dll::FindMediaType
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA

Comments