MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8dcf148a8c237e56338bf58160abff133b6bceb8e14323b10f41818159ac98d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 6 File information Yara Comments

SHA256 hash:	8dcf148a8c237e56338bf58160abff133b6bceb8e14323b10f41818159ac98d4
SHA3-384 hash:	7e4b066bd662597b6b71ce6e4d6fe7fdb53bb4538c027304db436d3392322fd5e48278944eb3fcb0da39c548729de2d8
SHA1 hash:	114bc02e49bfd38e25a6c2e59a3528fcdabe1606
MD5 hash:	4ad4ee2b7652ad0bd2cea94c97674d0b
humanhash:	hawaii-venus-black-winter
File name:	zeus 1_1.2.7.13.vir
Download:	download sample
Signature	ZeuS
File size:	456'192 bytes
First seen:	2020-07-19 19:36:53 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	972c6e60a8839119f8253057b4a2fcee
ssdeep	12288:5lNYR3tQx1JXQA4LPhtWCG+XACg3o5HiSu:5/sdQx1JXS1tWUwN
TLSH	06A4021F936A48B1D3F1E97D5E807EE8019B10239CD3F0BB880EB71778A55A9449B74E
Reporter	@tildedennis
Tags:	ZeuS zeus 1

@tildedennis

zeus 1 version 1.2.7.13

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Mail intelligence

No data

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28291/

Detection(s):

PUA.Win.Packer.PrivateExeProte-16
PUA.Win.Packer.Ep-7
PUA.Win.Packer.Embedpe-3
PUA.Win.Packer.AcprotectUltraprotect-1
SecuriteInfo.com.PSW.Generic8.BIF.113.561.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/390441

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8dcf148a8c237e56338bf58160abff133b6bceb8e14323b10f41818159ac98d4/

Threat name:

Win32.Packed.Zbot

Status:

Malicious

First seen:

2014-10-16 15:39:00 UTC

AV detection:

29 of 31 (93.55%)

Threat level

2/5

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-8d5qf5lnzj/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Program crash

AV coverage:

83.33%

AV detections:

60 / 72

Link:

https://www.virustotal.com/gui/file/8dcf148a8c237e56338bf58160abff133b6bceb8e14323b10f41818159ac98d4/detection/f-8dcf148a8c237e56338bf58160abff133b6bceb8e14323b10f41818159ac98d4-1578640640

Threat name:

Unknown

Score:

1.00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/zeus 1/

Cape

https://www.capesandbox.com/analysis/28291/

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample