grandoreiro | zlibai[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

zlibai.dll
Size

26.1MB
MD5

eaa28762cd1fb1c7eba1fc77ef9791aa
SHA1

212142d9e2ed9c7674c975bbeb9abc9211b4af42
SHA256

6f1161528775718592e4b9dbb08e04bc7e717f15da6665e6483d699783837bad
SHA512

8fb578bd4e9422eec2d1e622abd99f95c8e32360daf4b3a003195e4d9b198c048e0b312abf73b87195c13acd3234d4f15bd66fe67a47985daa38e5ef454307e4
SSDEEP

196608:tZ1Fmw2v2mVO0iWRjwr5NUR4ureIXH5yJ7nxkYuQPP3r7DbGF/UALgV:tHFCO0bRkr5NUR4ureIXYjTuQPPy/UQ

Score

10^/10

grandoreiro

Malware Config

Signatures

Detects Grandoreiro payload 1 IoCs

resource	yara_rule
sample	family_grandoreiro_v1

Grandoreiro family
grandoreiro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zlibai.dll

Files

zlibai.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

adler32
adler32_combine
adler32_combine64
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
fill_fopen_filefunc
get_crc_table
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpenCurrentFile
unzOpenW
unzReadCurrentFile
zError
zipClose
zipCloseFileInZip
zipOpen
zipOpen2
zipOpenNewFileInZip
zipWriteInFileInZip
zlibCompileFlags
zlibVersion

Sections

CODE
Size: 16.7MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 83KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 16.7MB - Virtual size: 16.7MB

DATA Size: 73KB - Virtual size: 73KB

BSS Size: - Virtual size: 83KB

.idata Size: 15KB - Virtual size: 14KB

.edata Size: 2KB - Virtual size: 1KB

.reloc Size: 224KB - Virtual size: 223KB

.rsrc Size: 9.0MB - Virtual size: 9.0MB

CODE
Size: 16.7MB - Virtual size: 16.7MB

DATA
Size: 73KB - Virtual size: 73KB

BSS
Size: - Virtual size: 83KB

.idata
Size: 15KB - Virtual size: 14KB

.edata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 224KB - Virtual size: 223KB

.rsrc
Size: 9.0MB - Virtual size: 9.0MB