MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 950ad539dfc8e16c07d24dbb37ae19daa0b2f32164ba0cb3c81fa7e689f274e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments

SHA256 hash: 950ad539dfc8e16c07d24dbb37ae19daa0b2f32164ba0cb3c81fa7e689f274e1
SHA3-384 hash: 08b2419d38d8df6b4e177d505c782d724717838b35220ba458672d76463e4c200b3c2eff37ef9bc5898906d8c0850d1c
SHA1 hash: f3b3cf03801527c24f9059f475a9d87e5392dae9
MD5 hash: 5ce59cd58a34bc0530e398330013ee77
humanhash: utah-lima-october-leopard
File name:AppResolver.hta
Download: download sample
Signature ZLoader
File size:583'112 bytes
First seen:2022-01-05 14:48:57 UTC
Last seen:2022-01-05 17:11:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0e436b03a9170a850ade7a48204599a3 (1 x ZLoader)
ssdeep 12288:vZdBnDynD4aKoOOYHaGSpxVho1jepu+X7LhVi:vZTnDynkoOyGSpx7o1jecW1Vi
Threatray 1 similar samples on MalwareBazaar
TLSH T15CC43A2F26EC0295E57DE17C89874609E6727462031256CF3294C27E5F6FFE4BA3AB10
Reporter Anonymous
Tags:DOS exe malware signed windows X64 ZLoader

Code Signing Certificate

Organisation:Microsoft Windows
Issuer:Microsoft Windows Production PCA 2011
Algorithm:sha256WithRSAEncryption
Valid from:2020-12-15T21:29:14Z
Valid to:2021-12-02T21:29:14Z
Serial number: 33000002ed2c45e4c145cf48440000000002ed
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 416f4c0a00d1c4108488a04c2519325c5aa13bc80d0c017c45b00b911b8370a9
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence


File Origin
# of uploads :
2
# of downloads :
271
Origin country :
CO CO
Mail intelligence
No data
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
AppResolver.hta
Verdict:
Malicious activity
Analysis date:
2021-11-30 13:15:18 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
67%
Tags:
CVE-2020-1599 exploit overlay packed zloader
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
4 / 100
Behaviour
Behavior Graph:
n/a
Threat name:
Win64.Hacktool.TurtleLoader
Status:
Malicious
First seen:
2021-12-01 03:24:37 UTC
File Type:
PE+ (Dll)
Extracted files:
4
AV detection:
15 of 28 (53.57%)
Threat level:
  1/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Unpacked files
SH256 hash:
950ad539dfc8e16c07d24dbb37ae19daa0b2f32164ba0cb3c81fa7e689f274e1
MD5 hash:
5ce59cd58a34bc0530e398330013ee77
SHA1 hash:
f3b3cf03801527c24f9059f475a9d87e5392dae9

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments