MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d00caf2b9c674f6655223fc6bd924baef259087122d9af40d62b2e4066aa6224. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: d00caf2b9c674f6655223fc6bd924baef259087122d9af40d62b2e4066aa6224
SHA3-384 hash: 5a5bf684e49a40b8461343a27c14687e5be9cdcc9370a1cdd05c498fadc038d23c5c8371074fb1ef74e5f8e12a8219e7
SHA1 hash: 43f151bfddc1c85bc055c392f298757617d6da73
MD5 hash: 29eb89f06144fe55f050ed1862f5fc03
humanhash: mike-fillet-single-bluebird
File name:zeusaes_2.7.6.2.vir
Download: download sample
Signature ZeuS
File size:168'960 bytes
First seen:2020-07-19 19:41:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a785a205d87213220ceb9f626de04f7e
ssdeep 3072:/oYfHHbBus40H0QWYtE+IH7iB3pGszIY+IwBjI+ybO:1nbBusvsYWNWdpGlImjI+yS
TLSH 5DF3027186A7A743D76FC8FC251F1C602766E29B075FAE8527941D9FBB18B02253022F
Reporter @tildedennis
Tags:ZeuS zeusaes


Twitter
@tildedennis
zeusaes version 2.7.6.2

Intelligence


File Origin
# of uploads :
1
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2012-04-18 21:35:00 UTC
AV detection:
27 of 31 (87.10%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Adds Run key to start application
Loads dropped DLL
Deletes itself
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments