MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94b1b197065b9a8c133b376d38bece6bddd541bbf2fa75723e9e11e546d3f161. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94b1b197065b9a8c133b376d38bece6bddd541bbf2fa75723e9e11e546d3f161
SHA3-384 hash: 6ecce0ba29619d302d3c042a71c5b7a50fefe0b23e7a085959d94e1f52974c39e6d5bafffd36778eb43e64ce9bc1bdc8
SHA1 hash: 14593253f42c0584444b579233d7f1899d1874a0
MD5 hash: 829326f2874b401ac5c0677e8a420f98
humanhash: fix-fruit-yellow-fruit
File name:829326f2874b401ac5c0677e8a420f98.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:81'862 bytes
First seen:2021-01-11 18:15:13 UTC
Last seen:2021-01-11 19:59:39 UTC
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 1536:GrqSyjihpPQCoe7QJea3vaJDZd29uiNgf6s5AcqJd1PziT:GW3jihpPN6334j29ujis6fC
TLSH 5E83DF262F0A84FDE78F6979C8C68349C89A5A0C7684CD5C8BD33270D51D85C77F9AAC
Reporter abuse_ch
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
189
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/111323/
Detection(s):
SecuriteInfo.com.W32.AIDetectVM.malware5.23163.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/578275
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 338190 Sample: UvzA9FqR5T.dll Startdate: 11/01/2021 Architecture: WINDOWS Score: 24 10 Machine Learning detection for sample 2->10 6 loaddll32.exe 1 2->6         started        process3 process4 8 WerFault.exe 6 9 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/94b1b197065b9a8c133b376d38bece6bddd541bbf2fa75723e9e11e546d3f161/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ssy3dfygloniyez3g5wtrpwonpo5kqn36l5hk4r6tyi6krwt6fqq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210111-ppepkgrsks/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
94b1b197065b9a8c133b376d38bece6bddd541bbf2fa75723e9e11e546d3f161
MD5 hash:
829326f2874b401ac5c0677e8a420f98
SHA1 hash:
14593253f42c0584444b579233d7f1899d1874a0
Link:
https://www.unpac.me/results/dedcf3a2-cbb6-476b-93ec-5f498142c9a1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/94b1b197065b9a8c133b376d38bece6bddd541bbf2fa75723e9e11e546d3f161

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll 94b1b197065b9a8c133b376d38bece6bddd541bbf2fa75723e9e11e546d3f161

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/952949/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/111323/

Comments