The Zeus malware, it is incredible and it seems that Zeus is here to stay.
We have decided to share a analysis on a Zeus malware sample.
In the information below, you will see the behaviour of the Zeus malware.
If you take a close look, you will see that the anti-virus companies are having a hard time to identify the Zeus malware.
File Details
File Name | 89c4c9fd55c7c5d68fb52688b00c12d29b4537e2c8bfcd987ebf4a1b8c7cbc5f.bin |
---|---|
File Size | 395776 bytes |
File Type | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 329975284bb63cef4d666b00b5eebc3d |
SHA1 | fb2af919131938cc808043a02bc05802d41ce2b7 |
SHA256 | 89c4c9fd55c7c5d68fb52688b00c12d29b4537e2c8bfcd987ebf4a1b8c7cbc5f |
SHA512 | 0480eec303cd4b526c104c2f5bfc1067ee288c2b4f5d07358f65ac97bc3d1323f35b50a26a30dc768597608911708e1ed28d602f35ae3d994b34575ec56d4af6 |
CRC32 | F7012531 |
Ssdeep | 6144:WkoKT3jUf9DIDmV8VF8oIwIfppmuyT78LUa7Z7L3S2:ptqDIxVpNii78oaV7Li2 |
Zeus mutexes from Zeus sample
- mutex: Global\{572E2B8D-1628-48D7-95A9-13B74EAA1643}
- mutex: Global\{C9916BF6-5653-D668-95A9-13B74EAA1643}
- mutex: Local\{C9916BF6-5653-D668-95A9-13B74EAA1643}
- mutex: Global\{C9916BF7-5652-D668-95A9-13B74EAA1643}
- mutex: Local\{C9916BF7-5652-D668-95A9-13B74EAA1643}
- mutex: Global\{A877DDE5-E040-B78E-95A9-13B74EAA1643}
- mutex: Local\{A877DDE5-E040-B78E-95A9-13B74EAA1643}
- mutex: Global\{A877DDE2-E047-B78E-95A9-13B74EAA1643}
- mutex: Local\{A877DDE2-E047-B78E-95A9-13B74EAA1643}
- mutex: Global\{729D3CE4-0141-6D64-95A9-13B74EAA1643}
- mutex: Local\{729D3CE4-0141-6D64-95A9-13B74EAA1643}
- mutex: Global\{C24F3ECF-036A-DDB6-95A9-13B74EAA1643}
- mutex: Local\{E8370EC6-3363-F7CE-95A9-13B74EAA1643}
- mutex: Global\{37219547-A8E2-28D8-09F2-7F41D2F17AB5}
- mutex: Global\{37219547-A8E2-28D8-0DF3-7F41D6F07AB5}
- mutex: Global\{37219547-A8E2-28D8-5DF3-7F4186F07AB5}
- mutex: Global\{37219547-A8E2-28D8-8DF3-7F4156F07AB5}
- mutex: Global\{37219547-A8E2-28D8-85F3-7F415EF07AB5}
- mutex: Global\{37219547-A8E2-28D8-BDF3-7F4166F07AB5}
- mutex: Global\{37219547-A8E2-28D8-D1F3-7F410AF07AB5}
- mutex: Global\{37219547-A8E2-28D8-E9F3-7F4132F07AB5}
- mutex: Global\{37219547-A8E2-28D8-E1F3-7F413AF07AB5}
- mutex: Global\{37219547-A8E2-28D8-55F0-7F418EF37AB5}
- mutex: Global\{37219547-A8E2-28D8-95F0-7F414EF37AB5}
- mutex: Global\{37219547-A8E2-28D8-C1F0-7F411AF37AB5}
- mutex: Global\{37219547-A8E2-28D8-29F1-7F41F2F27AB5}
- mutex: Global\{37219547-A8E2-28D8-75F1-7F41AEF27AB5}
- mutex: Global\{37219547-A8E2-28D8-BDF1-7F4166F27AB5}
- mutex: Global\{37219547-A8E2-28D8-05F6-7F41DEF57AB5}
- mutex: Global\{37219547-A8E2-28D8-91F6-7F414AF57AB5}
- mutex: Global\{37219547-A8E2-28D8-FDF6-7F4126F57AB5}
- mutex: Global\{37219547-A8E2-28D8-19F7-7F41C2F47AB5}
- mutex: Global\{37219547-A8E2-28D8-51F7-7F418AF47AB5}
- mutex: Global\{37219547-A8E2-28D8-75F7-7F41AEF47AB5}
- mutex: Global\{37219547-A8E2-28D8-A9F7-7F4172F47AB5}
- mutex: Global\{37219547-A8E2-28D8-B1F7-7F416AF47AB5}
- mutex: Global\{37219547-A8E2-28D8-49F4-7F4192F77AB5}
- mutex: Global\{37219547-A8E2-28D8-A5F4-7F417EF77AB5}
- mutex: Global\{37219547-A8E2-28D8-C5F5-7F411EF67AB5}
- mutex: Global\{37219547-A8E2-28D8-D9F5-7F4102F67AB5}
- mutex: Global\{37219547-A8E2-28D8-ADF5-7F4176F67AB5}
- mutex: Global\{37219547-A8E2-28D8-79F0-7F41A2F37AB5}
- mutex: Global\{37219547-A8E2-28D8-05FA-7F41DEF97AB5}
- mutex: Global\{37219547-A8E2-28D8-85FA-7F415EF97AB5}
- mutex: Global\{37219547-A8E2-28D8-9DFA-7F4146F97AB5}
- mutex: Global\{37219547-A8E2-28D8-C9FB-7F4112F87AB5}
- mutex: Global\{37219547-A8E2-28D8-39F8-7F41E2FB7AB5}
- mutex: Global\{37219547-A8E2-28D8-95F8-7F414EFB7AB5}
- mutex: Global\{37219547-A8E2-28D8-05F9-7F41DEFA7AB5}
- mutex: Global\{37219547-A8E2-28D8-11F9-7F41CAFA7AB5}
- mutex: Global\{37219547-A8E2-28D8-ADF9-7F4176FA7AB5}
- mutex: Global\{37219547-A8E2-28D8-51FE-7F418AFD7AB5}
- mutex: Global\{37219547-A8E2-28D8-0DFC-7F41D6FF7AB5}
- mutex: Global\{37219547-A8E2-28D8-25FC-7F41FEFF7AB5}
- mutex: Global\{37219547-A8E2-28D8-71FC-7F41AAFF7AB5}
- mutex: Global\{37219547-A8E2-28D8-C1FC-7F411AFF7AB5}
- mutex: Global\{A49B0AD7-3772-BB62-95A9-13B74EAA1643}
- mutex: Global\{37219547-A8E2-28D8-D9FE-7F4102FD7AB5}
- mutex: Global\{37219547-A8E2-28D8-5DF8-7F4186FB7AB5}
- mutex: Global\{5734B106-8CA3-48CD-95A9-13B74EAA1643}
- mutex: Global\{37219547-A8E2-28D8-59F4-7F4182F77AB5}
- mutex: Global\{37219547-A8E2-28D8-85F5-7F415EF67AB5}
Zeus malware sample connects to
Domain | IP |
---|---|
WHITELISTED | WHITELISTED |
dlm0ls1vq66ou15zih0n1nqo9nh.org | |
1k03ivtcfrpuct6dnmckwyczg.com | |
3vegh4zfviyr1eqbqa03u6vdx.net | |
1sruwspmqlcqcgj60lrwlad31.biz | |
11fkeza2io4xot0fu971w42wu5.org | |
qsd5l4vgk8b16nvzsfn95bmp.com | |
joi2n1gr8izo1lhtymc1uxa9bv.net | |
orkq2r1wpi335kr952y1cihdd7.org | |
ipnku115ra0511wlsxvtembz51.net | |
h0s1zapllm9mc1olk9zxlox.com | |
rj7f9k3nbfh4154pig610eqnv9.org | |
WHITELISTED | WHITELISTED |
1hhdja81ynlbgs1j9nw7fdyfrt5.biz | |
1vxhawa1njphi81xwq26l7617in.net | |
1086cmv17hn18g1ep8lg11lg7e3e.com | |
al83ga1thrgzw1f0r3g91fw390n.net | |
8mkx9s1651zt81ijz7lc1otdper.biz | |
7w5r3rjhmx1n687mew1kqsgsg.org | |
12lx7q04qi1fi1ujm6plc8ohzb.com | |
n1njzb1aipngm1unqzfg8wjsu7.net | |
1ol8wo31w7wjk2hywbv31pu8aa8.org | |
wfnjhv1m7x7xj1eoocce173lubj.net | |
3i5qa01r6n3yz13pe8wb10g95ih.com | |
nox99i1iqlet0dkwah0t67igu.org | |
mx3ngm2g0l661pm8j4s78tc9n.biz | |
f0cx021pn67kv1o8o7ix1hmugjf.net | |
WHITELISTED | WHITELISTED |
WHITELISTED | WHITELISTED |
WHITELISTED | WHITELISTED |
vgkhph1e0f37117h8wi01bkmg9q.com | |
lnfdxq18zcpil1kk90akvnmene.net | |
c7b7ra1izs9k37a1yrp18rh1pg.biz | |
1um98274gziduc9jztmrfxjss.org | |
1ulfc2d1ya5rpt1k4leusbh05uc.com | |
1eweiadlgn4dtupgrzz1xx7io9.net | |
1oahftt1056oni1twvogc56l943.org | |
34i4ww10rsbp31fm871evjf4m6.net | |
6m8yzq82ysqo1ysr4fkrq77bx.com | |
1vdjvylsnu7hx59wd1i164afcf.org | |
i7tcbau06fjf1xk020k8kak0n.biz | |
1vu2gtavpupg41pccc0d13r9z4y.net | |
1fmxnfk1jwqom514bjt7zv96nfe.com | |
k5nmkk1gle17g1iv4o7h1uw1b1x.net | |
9xbu7ck8m1h3181s91x1svgppz.biz | |
a90fph1k1sd5a15s24mo1ig052r.org | |
fzff4ruwf4h0hdvxqo11celu1.com | |
188aha16y34w5mcr895szw68k.net | |
13w32fk1y5qu9k1r690hx1xvbu91.biz | |
1b74p2gpd5wxkhkfx3e17f1jjs.org | |
1gojzvyhrxvyp3nd32j9fyznq.com | |
j04y8h1qapbadbtgj6qvhdkq8.net | |
1dr99nnmhjn2mp748lhbi1ajo.org | |
1yy6pee135f83x1jwh91qih2oov.net | |
zik03z93t26biw2fh59xr3if.com | 82.165.38.206 |
1ucib2514u4r9jl1kbtw14dpsjn.org | |
hwn3fv1n0t1qs20zkzmcv6pu4.biz | |
1tunasvzwz8sc1xo9kt1c9xo8b.net | |
1iqb1wq1b9q2lo1vyx88cgsdi3t.com | |
1r2aq2269jxfojzamig15tpva7.net | |
gfwf8oknsq3x1nh9gzm4svftu.biz | |
1wcrc3680qli21tcmzbpam2enx.org | |
1k8mcqf1lzo95km6nldzkmr5hq.com | |
16ojic417avmb2rbinf11b9nd50.net | |
1skoct0vvt8xe1636f8d15zwyo4.org | |
ergfga194y881161l8rg186cbtp.net | |
13nvwnn1b26881x4b8g41x2rr6d.com | |
9dawsd5ome52e70bnjc6orbo.org | |
1ecx0wgl6ad7w14iep1g12mjrqr.biz | |
18b6sn4fgrh7xu4dx8e12d09go.net | |
1sqstnzycz6lsjjks82f49hlm.com | |
ahz5rq15e5cxuh1l6z44hd44s.net | |
1oytw7f1su1e9vbwyavj1s8vh5o.biz | |
u2i3geelg3ugedl4oy1q2rl35.org | |
819dtcxbdta21p1uoy9b278v8.com | |
l4g1p4zztwrl1k9wq4av5c98a.net |
Zeus Malware sample detected by the following anti-virus companies
Antivirus | Signature |
---|---|
Bkav | Clean |
MicroWorld-eScan | Trojan.GenericKD.1774288 |
nProtect | Trojan.GenericKD.1774288 |
CMC | Packed.Win32.Ransom-Crypter.1!O |
CAT-QuickHeal | Clean |
McAfee | RDN/Generic PWS.y!b2m |
Malwarebytes | Clean |
K7AntiVirus | Trojan-Downloader ( 003c37051 ) |
K7GW | Trojan-Downloader ( 003c37051 ) |
TheHacker | Clean |
NANO-Antivirus | Trojan.Win32.Injector.dcrlic |
F-Prot | Clean |
Symantec | Packed.Generic.459 |
Norman | Troj_Generic.VBSAJ |
TotalDefense | Clean |
TrendMicro-HouseCall | TSPY_ZBOT.AEBT |
Avast | Win32:Malware-gen |
ClamAV | Clean |
Kaspersky | Trojan-Dropper.Win32.Injector.kipw |
BitDefender | Trojan.GenericKD.1774288 |
Agnitum | Clean |
ViRobot | Clean |
AegisLab | Clean |
Rising | PE:[email protected]!1.9C3C |
Ad-Aware | Trojan.GenericKD.1774288 |
Emsisoft | Trojan.GenericKD.1774288 (B) |
Comodo | UnclassifiedMalware |
F-Secure | Trojan.GenericKD.1774288 |
DrWeb | Trojan.PWS.Panda.5676 |
VIPRE | Trojan.Win32.Generic!SB.0 |
AntiVir | TR/Rogue.395776.2 |
TrendMicro | TSPY_ZBOT.AEBT |
McAfee-GW-Edition | Artemis!329975284BB6 |
Sophos | Mal/EncPk-AMF |
Jiangmin | Clean |
Antiy-AVL | Trojan[Dropper]/Win32.Injector |
Kingsoft | Clean |
Microsoft | PWS:Win32/Zbot |
SUPERAntiSpyware | Trojan.Agent/Gen-Kazy |
AhnLab-V3 | Spyware/Win32.Zbot |
GData | Trojan.GenericKD.1774288 |
Commtouch | Clean |
ByteHero | Clean |
VBA32 | Clean |
Panda | Trj/Chgt.C |
Zoner | Clean |
ESET-NOD32 | Win32/TrojanDownloader.FakeAlert.GI |
Tencent | Win32.Trojan-dropper.Injector.Ljan |
Ikarus | Trojan-Dropper.Win32.Injector |
Fortinet | W32/Injector.KIPW!tr |
AVG | SHeur4.BYVU |
Baidu-International | Trojan.Win32.FakeAlert.bGI |
Qihoo-360 | HEUR/Malware.QVM20.Gen |