Extracted

• • Target

    cYNhXOc.dll

  • Size

    508KB

  • MD5

    7bebb1b85a609733df0b3205406723bb

  • SHA1

    384f07648c732cd9490b7d3bff41ce5a0911b138

  • SHA256

    02846dbf25b333625a0720075fb47da62a946e5b0b4f9e9ba14cef514d576b37

  • SHA512

    4147af9ed60d340218deb382374a015a3bb4cc4abc585e833e1a81ba21bf05f485e2a4cfc7b99223e9015ccda993c5ff19693ce7c00fb18701e66cd259422865

  Score

  10^/10

  trojanbotnetzloaderpersistencespyware

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader

  • Blacklisted process makes network request

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Modifies service

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2