MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f990daf6364d6aeb0a8482a8fdab098b5790f29f2f34dd38ef4a83ac36827fe9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: f990daf6364d6aeb0a8482a8fdab098b5790f29f2f34dd38ef4a83ac36827fe9
SHA3-384 hash: 6f5a360271cc49651f02061f8ff552dc36fcee9d89aa5d1aa381f6807514b074e92b6f3fb0e9b816b88ac6f5ff738cdb
SHA1 hash: 0a57892f4f92507f0f3405228274c5bfeb1103c5
MD5 hash: 8e326a09b93cc447d0ea9a3992bb4962
humanhash: salami-kentucky-glucose-oscar
File name:uncategorized_3.0.0.0b.vir
Download: download sample
Signature n/a
File size:1'245'316 bytes
First seen:2020-07-19 19:27:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c6547fb7428b7b25516cda653d89b67f
ssdeep 24576:1MeM/8gkM/sN9ntCob7VKywqWsxwQQ8D2TgwsM6igmKD6oQRNFCzezsSC92:1XMzkN9tBHIvqjmQDgNR3MrSg2
TLSH 50453364FFA499BBF4465F35540BCBF23F315D501A67932BA280B62D3C66E31790CA22
Reporter @tildedennis
Tags:uncategorized


Twitter
@tildedennis
uncategorized version 3.0.0.0b

Intelligence


File Origin
# of uploads :
1
# of downloads :
18
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
ZeusVM
Detection:
malicious
Classification:
bank.troj.spyw.evad
Score:
100 / 100
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 247303 Sample: uncategorized_3.0.0.0b.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 100 47 Antivirus / Scanner detection for submitted sample 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 Detected ZeusVM e-Banking Trojan 2->51 53 4 other signatures 2->53 9 uncategorized_3.0.0.0b.exe 2->9         started        process3 dnsIp4 39 3.0.0.0 AMAZON-02US United States 9->39 63 Detected unpacking (changes PE section rights) 9->63 65 Detected unpacking (overwrites its own PE header) 9->65 67 Detected ZeusVM e-Banking Trojan 9->67 69 3 other signatures 9->69 13 uncategorized_3.0.0.0b.exe 5 9->13         started        signatures5 process6 file7 35 C:\Users\user\AppData\Roaming\...\kyud.exe, PE32 13->35 dropped 37 C:\Users\user\AppData\...\tmp758a7bb0.bat, DOS 13->37 dropped 16 kyud.exe 13->16         started        19 cmd.exe 1 13->19         started        process8 signatures9 41 Antivirus detection for dropped file 16->41 43 Detected ZeusVM e-Banking Trojan 16->43 45 Machine Learning detection for dropped file 16->45 21 kyud.exe 16->21         started        24 conhost.exe 19->24         started        process10 signatures11 55 Injects code into the Windows Explorer (explorer.exe) 21->55 57 Writes to foreign memory regions 21->57 59 Allocates memory in foreign processes 21->59 61 2 other signatures 21->61 26 explorer.exe 21->26 injected 29 TuMYMYbmZdZpXjmSr.exe 21->29 injected 31 TuMYMYbmZdZpXjmSr.exe 21->31 injected 33 12 other processes 21->33 process12 signatures13 71 Detected ZeusVM e-Banking Trojan 26->71
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2013-12-13 03:10:00 UTC
AV detection:
23 of 25 (92.00%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Adds Run key to start application
Looks up external IP address via web service
Deletes itself
Loads dropped DLL
Executes dropped EXE
UPX packed file
Executes dropped EXE
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments