MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f06047b09abc77529969c5949deda36ff154539d1b9ed8942c22fbb307d8aac9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: f06047b09abc77529969c5949deda36ff154539d1b9ed8942c22fbb307d8aac9
SHA3-384 hash: e364819ffb37aa82aa0e3e9c49c51ebf34862eb85c1077dd7f7ff32b2a866460d25a8f58142757fa6788612fdd930072
SHA1 hash: f107596acaa9e7a0916a46a68db923e3ab228be1
MD5 hash: a0173bd7d459e734f3417e40e612bb0c
humanhash: indigo-butter-ohio-wyoming
File name:uncategorized_1.2.0.1.vir
Download: download sample
Signature VMZeuS
File size:311'296 bytes
First seen:2020-07-19 17:32:27 UTC
Last seen:2020-07-19 19:19:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 1d1e60fec5749d15748d2db9f025d80a
ssdeep 6144:1aT/ocZ3Q9RZDYGjShebqUyrfQ0bhj/aS4n6IlKrgqQUHYd6tkPx:U/oMyRZDnFbYrjbUS4mgqbHYd6qPx
TLSH B66439C6BFA7D889F28240703225E7B5341678317865DA0AF2C56FA5B1242EE58DFF07
Reporter @tildedennis
Tags:uncategorized vmzeus


Twitter
@tildedennis
uncategorized version 1.2.0.1

Intelligence


File Origin
# of uploads :
2
# of downloads :
21
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Launching the default Windows debugger (dwwin.exe)
Sending a TCP request to an infection source
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2011-11-30 13:32:00 UTC
AV detection:
27 of 31 (87.10%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Drops autorun.inf file
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Drops autorun.inf file
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments