MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8de342cc27413e9d133bb93ff62d7b19724abeb98dd608a2ed2741294a4ba602. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 8de342cc27413e9d133bb93ff62d7b19724abeb98dd608a2ed2741294a4ba602
SHA3-384 hash: 89b5f560935796b190af7b3ad32085609cbfc329b1b5cd7c23879b22f0c81aad9a7b5c189e2404d6d707281b69f9581b
SHA1 hash: 7515358495c5144eb8c05b49c556c956178d0f64
MD5 hash: cdc3634cf7d24f7edfa231f717ddc1bc
humanhash: charlie-blossom-solar-april
File name:zeusaes_2.3.1.0.vir
Download: download sample
Signature ZeuS
File size:323'584 bytes
First seen:2020-07-19 19:23:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e862f97c5570ddfd4abfbd646f2b784e
ssdeep 6144:KiLzEaICr46KP8hyyjzzJqqzD8O4QTmZcQk5dvK7WODjBLXvL5:KiLoaI44dyFvzJJzD8Y6ZcRdyDBXz5
TLSH 3064EF516D51DC66F15A2B37DD68C9F98415BEC8DEBC10EB31F2FB0B22B304AC099916
Reporter @tildedennis
Tags:ZeuS zeusaes


Twitter
@tildedennis
zeusaes version 2.3.1.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
18
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-08-03 14:07:00 UTC
AV detection:
28 of 31 (90.32%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
NTFS ADS
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments