MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87c779ed21a3c5abb368edd0472968f7f4f3c839fa8ac6ed058bfbee6c6c056a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 87c779ed21a3c5abb368edd0472968f7f4f3c839fa8ac6ed058bfbee6c6c056a
SHA3-384 hash: 0f309ee60a1e9a427c03d79a0ebccedf1e5e40449ac0c056d73194e4c4c2e4ba2a5d5ed3b18e476164fe4ff9081a9009
SHA1 hash: 6ece6eae832907eeffcc69d886ae0b2d644ba3c0
MD5 hash: 354f372a0e38336f3a6c9e341f8ed271
humanhash: east-blossom-pasta-white
File name:zeusaes_2.7.7.3.vir
Download: download sample
Signature ZeuS
File size:223'362 bytes
First seen:2020-07-19 19:31:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b1eecad16272a452ca06bd601ade56bc
ssdeep 3072:1T8oS2mBAGCY6ehfhls4qQXvvSGuPSPbp1dcD6FC2PKchA2N8UeeKu5zLC+i/bDM:1T8/2mB8p6ns4qQXvvSDPStPLzL55
TLSH D7246D03EA4442D2D46E1F3040B95B15E676AC383F3D178F5568BB38EDB37D62A22399
Reporter @tildedennis
Tags:zeusaes


Twitter
@tildedennis
zeusaes version 2.7.7.3

Intelligence


File Origin
# of uploads :
1
# of downloads :
18
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2013-05-31 23:02:00 UTC
AV detection:
22 of 25 (88.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments