MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81a9eb444ffc7c5a700d4da6198c2f929d0e312d38667b9d3e29740eccabca3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	81a9eb444ffc7c5a700d4da6198c2f929d0e312d38667b9d3e29740eccabca3f
SHA3-384 hash:	dcfc7d274eb2438ae5f3ef9d0ebfc1d762680baa8ef0ca51116ccfff010b70839a64452f23a26bee1f80c4d96de4ce1c
SHA1 hash:	dabfb88a8dea9c8c258be021a3d190e145a65847
MD5 hash:	fcb76558dbf86a26c4bdd2811d5d06b6
humanhash:	batman-sad-earth-zulu
File name:	sRjbEZvCFOESXQJ.dll
Download:	download sample
File size:	724'992 bytes
First seen:	2020-04-02 09:15:45 UTC
Last seen:	2020-04-02 09:44:24 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	6d3a0c4e8389ff31bf2c232263c1eba0
ssdeep	6144:7QihZtNT7DIs9m6phIGNM0RkjOorkHP7A0WI/+DIvaWx3C/opWemqQu7FAxtS:7QihlvI2arA7w3JW9CMWhA
Threatray	41 similar samples on MalwareBazaar
TLSH	74F4172A660384EBE7753A30E7E60E179941B1D5E4300C8F7A7E9E9C7E90B917C09EC5
Reporter	Racco42
Tags:	dll ZLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.ArtemisFCB76558DBF8.20584.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Zbot

Status:

Malicious

First seen:

2020-04-01 20:13:07 UTC

File Type:

PE (Dll)

AV detection:

25 of 31 (80.65%)

Threat level:

5/5

Verdict:

malicious

15e6a048813e1fa7e06751b3cccd6125d7b8efb3ed160931213ac44eafa60807

4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a

60544c6694620488b69e568b15c96b33971dd7343ba63da31f993332852871c2

7af7f0a46e466b448270f959f4e1a3af964d22b609100536703e299d7618bf2d

8d5a770975e52ce1048534372207336f6cc657b43887daa49994e63e8d7f6ce1

92f61cc6548277705585cc0c28d553093323d802a1d0d2e9fe618ebeaa6752fa

d538dfafbdf6ac115c24dbdd68c65dbef6460808dd2c4f3fc01d5e15bfc2f902

e3bcf059f0ad7b1c92462646e135623d3ce75addcd6a0d207b78e2fbfb6dac2d

e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448

+ 31 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

vbs 3707ad9488f65a2425dc524d7a496e4458410d31b576348487993272505018f5

DLL dll 81a9eb444ffc7c5a700d4da6198c2f929d0e312d38667b9d3e29740eccabca3f

(this sample)

Delivery method

Other

Dropped by

SHA256 3707ad9488f65a2425dc524d7a496e4458410d31b576348487993272505018f5

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
AUTH_API	Manipulates User Authorization	advapi32.dll::GetExplicitEntriesFromAclA
COM_BASE_API	Can Download & Execute components	ole32.dll::CoAddRefServerProcess
MULTIMEDIA_API	Can Play Multimedia	winmm.dll::joyGetNumDevs winmm.dll::midiOutGetNumDevs winmm.dll::sndPlaySoundA winmm.dll::timeGetDevCaps
SECURITY_BASE_API	Uses Security Base API	advapi32.dll::GetSecurityDescriptorControl
WIN_BASE_API	Uses Win Base API	kernel32.dll::LoadLibraryA
WIN_BASE_IO_API	Can Create Files	version.dll::GetFileVersionInfoSizeA
WIN_USER_API	Performs GUI Actions	user32.dll::CsrBroadcastSystemMessageExW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample