MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7d7e6c6dc477e5fdb2b2a26eed1b53e77d455dbec8df800927a5bae69a2cc10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: c7d7e6c6dc477e5fdb2b2a26eed1b53e77d455dbec8df800927a5bae69a2cc10
SHA3-384 hash: 00439ab9a57746c8a34711e597306cd712ff84fb716a3d17a26af8442dae1e3c98e7ef4b92cb5634a05de821a5feaf0e
SHA1 hash: 1f3fba90f7fc853319f8546568c7f9fbe5f1e0ee
MD5 hash: a7aeb6dc35eeb3dfae02f9306d6426a1
humanhash: mike-fix-purple-artist
File name:zloader_1.15.4.0.vir
Download: download sample
Signature n/a
File size:360'448 bytes
First seen:2020-07-19 19:21:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 470b5e6a6f171b5a84539fd5534d11e6
ssdeep 6144:ZZi8e5cixvZ/yX+y/gOaG3cA9RHYONjMarEM8R9bnk6ndFBiIQ7kaZWxT:ZZY5c4vZaXhoO7cWv5z8PTxxT
TLSH D074CF91F1D6D8B2E068113029B5EA750A3E7B3572B0846F3B9C151EEDB13C164BAF0B
Reporter @tildedennis
Tags:ZLoader


Twitter
@tildedennis
zloader version 1.15.4.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
17
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Launching the default Windows debugger (dwwin.exe)
Sending a TCP request to an infection source
Threat name:
Win32.Trojan.Sennoma
Status:
Malicious
First seen:
2017-02-09 06:37:00 UTC
AV detection:
26 of 31 (83.87%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments