HEUR-Trojan-Spy[.]Win32[.]Zbot[.]gen-5db94d358dc902b0dd7bc53b75270198a134f9b30f42dcc249aae623f11e5e04

General

Target

HEUR-Trojan-Spy.Win32.Zbot.gen-5db94d358dc902b0dd7bc53b75270198a134f9b30f42dcc249aae623f11e5e04
Size

80KB
MD5

8d93c5e7610cde4680f42a428641fd83
SHA1

748bf84e0f10fde4d3f8b3f5b0d45eae70055d20
SHA256

5db94d358dc902b0dd7bc53b75270198a134f9b30f42dcc249aae623f11e5e04
SHA512

9d139c1f0771d4c228b74e0aa58b708aa61f67bf859d657a6b9a0e3c91667abe0be46fe5fe2215fcccf869e7f78ee8efa784ba6d3aadedea010a65353fc2a6ce
SSDEEP

1536:zj+soPSMOtEvwDpj4ktBl01hJ0tq1kyhuqh:zCsanOtEvwDpjW

Score

10^/10

upx

Detection of CryptoLocker Variants 1 IoCs

resource	yara_rule
sample	CryptoLocker_rule2

Detection of Cryptolocker Samples 1 IoCs

resource	yara_rule
sample	CryptoLocker_set1

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan-Spy.Win32.Zbot.gen-5db94d358dc902b0dd7bc53b75270198a134f9b30f42dcc249aae623f11e5e04