MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 eb00200334f8adca5820d9036174d59cb8ca0e0d5a85d9693fb2ec39981039a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | eb00200334f8adca5820d9036174d59cb8ca0e0d5a85d9693fb2ec39981039a2 |
|---|---|
| SHA3-384 hash: | a79af05494785a3e5a9a8ca0c81407e3f4d25d7da23dbcd5d750c3d69500f5b9dab91d6f28bcbffdebfe9cf45ddc259c |
| SHA1 hash: | a2fed612da1af680d2abde232cdc35f2879e7a5f |
| MD5 hash: | 015dd61bce0205fb5e5c893a6feb5308 |
| humanhash: | india-zebra-california-football |
| File name: | eb00200334f8adca5820d9036174d59cb8ca0e0d5a85d9693fb2ec39981039a2.bin |
| Download: | download sample |
| File size: | 728'640 bytes |
| First seen: | 2020-11-03 07:53:49 UTC |
| Last seen: | 2020-11-03 10:00:04 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 903c973ddb97d71ec385338a2097cc74 |
| ssdeep | 6144:8YnFJ3dmZVjbWssrr1xX+K2vvmAFrv+Mun6pExMNgn8vzwxtZJfG5:/GfbWser1Fl2veA1i6pyuRvzsZJfG5 |
| Threatray | 1 similar samples on MalwareBazaar |
| TLSH | EAF49C9139DCC4E5D4991A329660036A7DA6AC2C1820B30F327C25CA2F6FDE7D76277D |
| Reporter |  JAMESWT_WT |
Code Signing Certificate
| Organisation: | GPWJOZGXTILTDKLWXB |
|---|---|
| Issuer: | GPWJOZGXTILTDKLWXB |
| Algorithm: | sha1WithRSA |
| Valid from: | Sep 29 21:06:25 2020 GMT |
| Valid to: | Dec 31 23:59:59 2039 GMT |
| Serial number: | -6F376ED7D8A1C343B6071CD9784A8DF3 |
| Thumbprint Algorithm: | SHA256 |
| Thumbprint: | FECD840A5708A6B6F6FACB8154789F152296FD6434081EB32E85ABD7342A3F7F |
| Source: | This information was brought to you by ReversingLabs A1000 Malware Analysis Platform |
Intelligence
File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Changing the hosts file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
adwa.evad
Score:
80 / 100
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Modifies the hosts file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zenpak
Status:
Malicious
First seen:
2020-10-14 11:10:18 UTC
File Type:
PE (Exe)
Extracted files:
26
AV detection:
42 of 48 (87.50%)
Threat level:
5/5
Verdict:
suspicious
Similar samples:
Result
Malware family:
n/a
Score:
8/10
Tags:
n/a
Behaviour
Drops file in Drivers directory
Unpacked files
SH256 hash:
eb00200334f8adca5820d9036174d59cb8ca0e0d5a85d9693fb2ec39981039a2
MD5 hash:
015dd61bce0205fb5e5c893a6feb5308
SHA1 hash:
a2fed612da1af680d2abde232cdc35f2879e7a5f
SH256 hash:
a8bf9ee096f36c8462428cbc3c0ebfdf77b5d9a82fe9c4476fa13872029a2bd9
MD5 hash:
3b62ccb8ad2dcb8db5450570e18fd725
SHA1 hash:
aec0d2c11fd7b5fcedb4cf0fb5d1ad6583db4f1c
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
XPACK
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.