MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 950ad539dfc8e16c07d24dbb37ae19daa0b2f32164ba0cb3c81fa7e689f274e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 950ad539dfc8e16c07d24dbb37ae19daa0b2f32164ba0cb3c81fa7e689f274e1
SHA3-384 hash: 08b2419d38d8df6b4e177d505c782d724717838b35220ba458672d76463e4c200b3c2eff37ef9bc5898906d8c0850d1c
SHA1 hash: f3b3cf03801527c24f9059f475a9d87e5392dae9
MD5 hash: 5ce59cd58a34bc0530e398330013ee77
humanhash: utah-lima-october-leopard
File name:AppResolver.hta
Download: download sample
Signature ZLoader
Create hunting rule
File size:583'112 bytes
First seen:2022-01-05 14:48:57 UTC
Last seen:2022-01-05 17:11:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0e436b03a9170a850ade7a48204599a3 (1 x ZLoader)
ssdeep 12288:vZdBnDynD4aKoOOYHaGSpxVho1jepu+X7LhVi:vZTnDynkoOyGSpx7o1jecW1Vi
Threatray 1 similar samples on MalwareBazaar
TLSH T15CC43A2F26EC0295E57DE17C89874609E6727462031256CF3294C27E5F6FFE4BA3AB10
Reporter Anonymous
Tags:DOS exe malware signed windows X64 ZLoader

Code Signing Certificate

Organisation:Microsoft Windows
Issuer:Microsoft Windows Production PCA 2011
Algorithm:sha256WithRSAEncryption
Valid from:2020-12-15T21:29:14Z
Valid to:2021-12-02T21:29:14Z
Serial number: 33000002ed2c45e4c145cf48440000000002ed
Intelligence: 3 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 416f4c0a00d1c4108488a04c2519325c5aa13bc80d0c017c45b00b911b8370a9
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
381
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
AppResolver.hta
Verdict:
Malicious activity
Analysis date:
2021-11-30 13:15:18 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8ab6e5d9-8173-4b17-beef-2e244aba61f5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/217455/
Detection(s):
SecuriteInfo.com.Trojan.Siggen16.20154.25221.7169.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
67%
Tags:
CVE-2020-1599 exploit overlay packed zloader
Link:
https://www.filescan.io/uploads/61d5afe2bfe53d318f27c3c4/reports/108eccbe-35af-4981-b418-5911fff2e4aa/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/d7d521bb-62bd-442d-a077-ca260d35d71d
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
4 / 100
Link:
https://www.joesandbox.com/analysis/899078
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/950ad539dfc8e16c07d24dbb37ae19daa0b2f32164ba0cb3c81fa7e689f274e1/
Threat name:
Win64.Hacktool.TurtleLoader
Create hunting rule
Status:
Malicious
First seen:
2021-12-01 03:24:37 UTC
File Type:
PE+ (Dll)
Extracted files:
4
AV detection:
15 of 28 (53.57%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
c1a34057b31dd53e227a7001a7f0860e553b7efdb9ea2e9ec3b80221266b7d51
ZLoader
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220105-r617baagbm/
Unpacked files
SH256 hash:
950ad539dfc8e16c07d24dbb37ae19daa0b2f32164ba0cb3c81fa7e689f274e1
MD5 hash:
5ce59cd58a34bc0530e398330013ee77
SHA1 hash:
f3b3cf03801527c24f9059f475a9d87e5392dae9
Link:
https://www.unpac.me/results/0584459f-7d1a-4b97-9b74-2b0fe6840770/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/950ad539dfc8e16c07d24dbb37ae19daa0b2f32164ba0cb3c81fa7e689f274e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/217455/

Comments