MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f831d088c3a64b06843d970337f1c8877c9c1988d56720a7dee9d67efeaf78f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



ZeuS


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments

SHA256 hash: f831d088c3a64b06843d970337f1c8877c9c1988d56720a7dee9d67efeaf78f0
SHA3-384 hash: 0dc01039296cc57cd48d0d1ad9a9428beeb1e2b83a9089b704c647cf798eded988d0afc3b6899558dfebaa64ebb2d919
SHA1 hash: 91a27477c847ebf9ef3e2cb34e0bc93e323f449d
MD5 hash: 0ad89e86b34a226ff2a3042103afc7f1
humanhash: river-one-fillet-fish
File name:0ad89e86b34a226ff2a3042103afc7f1.bin
Download: download sample
Signature ZeuS
File size:96'256 bytes
First seen:2022-07-09 01:59:47 UTC
Last seen:2022-07-09 02:30:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ef02dd1adb61f4fee262f301b547fa3 (1 x ZeuS)
ssdeep 1536:uxDWt8Z1R4ayClVUbHTcM7Y62lO+5FZyoaGSMCDjTyF1ac9OtRHhmV:+Wt8ZIalVQzccKO+5FqBIItRAV
Threatray 118 similar samples on MalwareBazaar
TLSH T18693021941C6B4ABEAA44BF71BB5F117302413A14FB246E259A76E3FCF793CE0294349
TrID 32.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
28.9% (.EXE) Win32 Executable (generic) (4505/5/1)
13.0% (.EXE) OS/2 Executable (generic) (2029/13)
12.8% (.EXE) Generic Win/DOS Executable (2002/3)
12.8% (.EXE) DOS Executable Generic (2000/1)
Reporter @tildedennis
Tags:exe ZeuS zitmo


Twitter
@tildedennis
zitmo version 2.0.8.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
459
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Behaviour
MalwareBazaar
CheckNumberOfProcessor
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found evasive API chain (may stop execution after checking mutex)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2011-06-10 23:15:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
24 of 25 (96.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
00c683dffbf9f5f340dffc076db4a980ba0ced6fb4b1796856945705a4fd2b80
MD5 hash:
d2feaa53322bba25c566d0f88f9cfac3
SHA1 hash:
8c741b433d916440d6f2a4a7b92deff5c5d2008b
SH256 hash:
f831d088c3a64b06843d970337f1c8877c9c1988d56720a7dee9d67efeaf78f0
MD5 hash:
0ad89e86b34a226ff2a3042103afc7f1
SHA1 hash:
91a27477c847ebf9ef3e2cb34e0bc93e323f449d

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments