MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e56d21df2d2afd91a3dcc7fce9e39a2f9588957d40c04ec919e723bb9b067124. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZeuS

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	e56d21df2d2afd91a3dcc7fce9e39a2f9588957d40c04ec919e723bb9b067124
SHA3-384 hash:	13b8905c2674396e610f3369a1f0394bf637aa3fc4e5d4a0fab6ac6e972be32ec01c6c77276becd8f9d27cc4d54abd6f
SHA1 hash:	916929a3907f579bed635fa0a706731a38a4dad1
MD5 hash:	3093785baed7d02ab2ea414780ea5c93
humanhash:	butter-xray-west-pennsylvania
File name:	e56d21df2d2afd91a3dcc7fce9e39a2f9588957d40c04ec919e723bb9b067124.bin
Download:	download sample
Signature	ZeuS Create hunting rule
File size:	158'720 bytes
First seen:	2022-04-30 01:35:43 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	60696d02ae2a2be06726ac5dceab0a78 (1 x ZeuS)
ssdeep	3072:ZB/T5Px/Cxh843nX4eEw7/img6ddJb+TiNzjBSpLrI18Ib4Pb:ZB/vCjEw7/o6ddJ5zN2r0N8
TLSH	T1CAF3AF12BDD38561EDB24A3145364AE7CA75BE30D976A04E9B027F8D7E311E0D93A383
TrID	59.8% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 18.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.3% (.EXE) OS/2 Executable (generic) (2029/13) 7.2% (.EXE) Generic Win/DOS Executable (2002/3) 7.2% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	48ecfcbcd4d0f0d2 (1 x ZeuS)
Reporter	tildedennis
Tags:	exe prg ZeuS

tildedennis

prg version 15

Intelligence

File Origin

# of uploads :

# of downloads :

623

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

e56d21df2d2afd91a3dcc7fce9e39a2f9588957d40c04ec919e723bb9b067124.bin

Verdict:

No threats detected

Analysis date:

2022-04-30 01:37:29 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/e1c5a863-931a-4416-9aef-fe440e773974

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/267938/

Detection(s):

PUA.Win.Packer.SoftwareCompres-4

PUA.Win.Packer.SoftwareCompres-3

PUA.Win.Packer.SoftwareCompress-1

PUA.Win.Packer.Chinaprotect-1

Win.Malware.Zbot-6732674-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a file in the Windows subdirectories

Sending a custom TCP request

Unauthorized injection to a system process

Enabling autorun

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

evasive greyware overlay packed remote.exe

Link:

https://www.filescan.io/uploads/626c928575c6f158e8041fdd/reports/18348646-ac42-4dbd-a33c-94ef554d6d84/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Zeus

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/07b62404-234f-479c-bf0f-566b5824aace

Result

Threat name:

Zues

Detection:

malicious

Classification:

troj

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/985800

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

PE file has nameless sections

Yara detected Zues

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e56d21df2d2afd91a3dcc7fce9e39a2f9588957d40c04ec919e723bb9b067124/

Threat name:

Win32.Trojan.Zeus

Status:

Malicious

First seen:

2011-05-29 14:15:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

38 of 42 (90.48%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220430-bz8ptabafn/

Unpacked files

SH256 hash:

e56d21df2d2afd91a3dcc7fce9e39a2f9588957d40c04ec919e723bb9b067124

MD5 hash:

3093785baed7d02ab2ea414780ea5c93

SHA1 hash:

916929a3907f579bed635fa0a706731a38a4dad1

Link:

https://www.unpac.me/results/897fb605-7a30-45b5-8a1e-b8715e0d78cd/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/e56d21df2d2afd91a3dcc7fce9e39a2f9588957d40c04ec919e723bb9b067124

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/prg/

Cape

https://www.capesandbox.com/analysis/267938/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample