MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c267f393664ccc38c7a4fb521587e77db7fc7e3a157a9ef5c19783f03a67c76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 7c267f393664ccc38c7a4fb521587e77db7fc7e3a157a9ef5c19783f03a67c76
SHA3-384 hash: 838bb47e56de8924331d51447f879266a779b43e99205513d4c1937c461a2c8296936b07501a8bd9a950bd5738bdc95f
SHA1 hash: f84fba477343c28ae61228f1d9e3f42a7a52a9ba
MD5 hash: a3f3a635f17c595b5c8e5458ad502c0b
humanhash: failed-london-december-pasta
File name:vmzeus_3.3.6.1.vir
Download: download sample
Signature VMZeuS
File size:278'528 bytes
First seen:2020-07-19 17:24:40 UTC
Last seen:2020-07-19 19:17:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 47778f7d9790b608d18b3bc3c0574a8c
ssdeep 6144:RBIV+N2byQC7nsSmzjF7Olnw30mAS/PWEL7fYgqYcE:RuoINC7nwx6lnwExS/PWEX2
TLSH D944029026BC5C43FB5CCAB09C36C81BCC30AC886A8EDDE74A7C41D29959DC9597EF52
Reporter @tildedennis
Tags:vmzeus


Twitter
@tildedennis
vmzeus version 3.3.6.1

Intelligence


File Origin
# of uploads :
2
# of downloads :
20
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Inject
Status:
Malicious
First seen:
2014-03-02 18:35:00 UTC
AV detection:
23 of 29 (79.31%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion persistence
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Adds Run key to start application
Adds Run key to start application
Deletes itself
Identifies Wine through registry keys
Loads dropped DLL
Identifies Wine through registry keys
Executes dropped EXE
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments