MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc59f4e889283e3dff30ef291a50234772901a99168cecc501f86e75dac3b7ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: cc59f4e889283e3dff30ef291a50234772901a99168cecc501f86e75dac3b7ef
SHA3-384 hash: 3dd64c6ba84214026eee6135a074cd673232cb60114547e03adf9120d5ee9ef3549e9e47ce82df384770a9ec6d159eae
SHA1 hash: b04e684c0d733330d27bd6b456565b26690b49c3
MD5 hash: c39aabd5a338b76aaf1479baf5b50461
humanhash: comet-coffee-spring-oklahoma
File name:zloader_1.5.4.0.vir
Download: download sample
Signature ZeuS
File size:118'114 bytes
First seen:2020-07-19 19:24:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6feb462f33d8d38cfcb23109ef3dbcdd
ssdeep 3072:pE7mjMHrhTgfYlcxrEj8QXP/k8mHVKX8vza:i74YugrXP/k8X87a
TLSH DFB3CF4D9E638166E4808A75C6D215C84FFD6E5331D3A12FCF2C991F166850DBA88CFE
Reporter @tildedennis
Tags:ZeuS ZLoader


Twitter
@tildedennis
zloader version 1.5.4.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
18
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
96 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2016-05-31 13:53:56 UTC
AV detection:
26 of 29 (89.66%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Program crash
Program crash
Drops startup file
Drops startup file
UPX packed file
UPX packed file
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments