zt[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

zt.exe
Size

5.8MB
MD5

6cf7f6ebe5f03ad70180a329c517ce4b
SHA1

751d9ff20ca8cb7d07be69f41f622f4b3c307a1a
SHA256

76e903b09acc821ce7b8033dfd5882f04bc455ebdb31d446af44fdc0289b17d1
SHA512

4e6dd332024285ed860b0708f5bd456f50351ab437e55ae8dd34551ea0fd0187f5c2a73fc8afa7f274c5464bbf7fbe6fb33141013b9477015f42daf5492eb2a2
SSDEEP

98304:2eI2sYwqrVmJbThtpgEn1zHVbDZPw8tGUbzTZnGII0L5GBH7H:2eDVkbThRI8tzvlnGII0LcZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zt.exe

Files

zt.exe
.exe windows x86

1df929fa5b1129c43985c38affc5c5ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

log4z

Log4zFormat
Log4zEnd
Log4zBegin

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces

ws2_32

WSAStartup
gethostname
WSACleanup
WSAGetLastError
listen
closesocket
send
socket
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSASetLastError
WSAIoctl
__WSAFDIsSet
select
accept
ioctlsocket
freeaddrinfo
getaddrinfo
htonl
sendto
recvfrom

winmm

PlaySoundW

wldap32

ord142
ord79
ord133
ord147
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord301
ord145

kernel32

SetFilePointer
HeapCompact
GetFileSize
HeapReAlloc
GetFullPathNameA
TryEnterCriticalSection
InitializeCriticalSectionEx
SleepEx
VerSetConditionMask
GetSystemDirectoryW
VerifyVersionInfoW
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GlobalSize
SetThreadPriority
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GlobalDeleteAtom
OutputDebugStringW
GlobalAddAtomW
GlobalFindAtomW
lstrcmpA
GetVolumeInformationW
DuplicateHandle
GetThreadLocale
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedExchange
GetCurrentThread
GetFileSizeEx
GetFileTime
GlobalGetAtomNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
lstrlenA
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SetErrorMode
GetCurrentDirectoryW
GetTempFileNameW
GetUserDefaultLCID
GetWindowsDirectoryW
lstrcpyW
GetProfileIntW
SearchPathW
VirtualProtect
FindResourceExW
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
FindFirstFileExW
GetDriveTypeW
ExitThread
RtlUnwind
SetFilePointerEx
GetFileInformationByHandle
RaiseException
VirtualAlloc
VirtualQuery
SetStdHandle
ExitProcess
GetModuleHandleExW
HeapQueryInformation
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
IsValidCodePage
GetACP
GetOEMCP
GetTimeZoneInformation
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
SetEnvironmentVariableA
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
GetFileAttributesA
HeapValidate
FlushFileBuffers
MapViewOfFile
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetTempPathA
AreFileApisANSI
GetModuleHandleA
GetVersionExA
GetModuleHandleW
GetSystemTime
MulDiv
SetLastError
GetFileAttributesW
FlushInstructionCache
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
FormatMessageW
LocalAlloc
ResumeThread
SuspendThread
ReleaseMutex
CreateMutexW
GetFileAttributesExW
FindNextFileW
FindClose
FindFirstFileW
GetFullPathNameW
TerminateProcess
GetLocalTime
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
WaitCommEvent
SetCommTimeouts
GetCommTimeouts
CreateFileA
SetCommMask
CreateThread
GetOverlappedResult
ReadFile
SetupComm
SetCommState
GetCommState
GetPrivateProfileStringW
GlobalFree
GlobalAlloc
DeleteFileA
DeleteCriticalSection
FreeLibrary
WinExec
LoadLibraryA
GetProcAddress
LoadLibraryW
InitializeCriticalSection
CreateFileW
CopyFileA
CreateDirectoryA
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteFileW
CreateDirectoryW
GlobalUnlock
GlobalLock
GetPrivateProfileIntW
CreateEventW
ResetEvent
SetEvent
CloseHandle
WaitForSingleObject
GetExitCodeThread
TerminateThread
LeaveCriticalSection
EnterCriticalSection
Sleep
WriteFile
PurgeComm
ClearCommError
GetLastError
OutputDebugStringA
WideCharToMultiByte
WritePrivateProfileStringA
GetPrivateProfileStringA
WritePrivateProfileStringW
GetPrivateProfileIntA
lstrcmpiW
lstrlenW
FreeResource
GetCPInfo
GetVersionExW
GetVersion
LocalFree
InterlockedIncrement
CopyFileW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetModuleFileNameW
InterlockedDecrement
SetEndOfFile
UnmapViewOfFile
SystemTimeToFileTime
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
GetTempPathW
WaitForSingleObjectEx
lstrcmpW
LocalReAlloc

user32

NotifyWinEvent
RegisterClipboardFormatW
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawFrameControl
MonitorFromPoint
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
SetCursorPos
SetClassLongW
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
CharUpperBuffW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetUpdateRect
SubtractRect
GetWindowRgn
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassLongW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetMenu
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
IsChild
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetMessageTime
RegisterWindowMessageW
ValidateRect
MapVirtualKeyW
GetKeyNameTextW
SetRectEmpty
GetWindowDC
GetLastActivePopup
GetMenuStringW
SetMenuContextHelpId
SetMenuInfo
GetMenuInfo
TrackPopupMenu
CheckMenuItem
DestroyMenu
MapVirtualKeyA
CharLowerBuffW
UpdateLayeredWindow
SetCaretPos
HideCaret
CreateCaret
SystemParametersInfoA
GetWindowPlacement
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
GetMessageW
CreateIconFromResource
CharNextW
WaitMessage
PeekMessageW
EqualRect
GetClassNameW
UnionRect
SetWindowTextW
EndPaint
BeginPaint
GetCapture
SetFocus
IsZoomed
SetLayeredWindowAttributes
AnimateWindow
GetMonitorInfoW
InvertRect
LoadCursorW
MapWindowPoints
GetDlgItem
CreateWindowExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
SetActiveWindow
IsWindowEnabled
ShowWindow
PostQuitMessage
DrawTextA
DispatchMessageW
TranslateMessage
GetAsyncKeyState
GetMenu
MoveWindow
RedrawWindow
DrawIcon
IsIconic
GetSystemMenu
LoadIconW
SetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetWindowPos
FindWindowW
MessageBoxW
MessageBoxExW
EnableMenuItem
KillTimer
LoadMenuW
GetMessagePos
SetWindowLongW
DestroyWindow
IsWindow
GetWindow
MessageBoxA
ReleaseCapture
SetCapture
MessageBoxExA
GetForegroundWindow
IsWindowVisible
SetTimer
GetKeyState
GetFocus
UpdateWindow
PtInRect
ScreenToClient
GetCursorPos
IsRectEmpty
IntersectRect
LoadImageW
CreateIconIndirect
GetIconInfo
DrawStateW
GetClientRect
DrawFocusRect
OffsetRect
InflateRect
FrameRect
PostMessageW
GetWindowRect
GetActiveWindow
WindowFromPoint
ClientToScreen
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageW
GetWindowLongW
DestroyCursor
GrayStringW
DrawTextExW
TabbedTextOutW
EnableWindow
GetSubMenu
DeleteMenu
RemoveMenu
LoadBitmapW
GetSysColorBrush
CreatePopupMenu
CreateMenu
GetMenuItemID
GetMenuState
ModifyMenuW
InsertMenuW
GetMenuItemCount
AppendMenuW
ReleaseDC
GetDC
GetDesktopWindow
GetSystemMetrics
DestroyIcon
DrawIconEx
SystemParametersInfoW
DrawTextW
EnableScrollBar
GetMenuDefaultItem
LockWindowUpdate
IsClipboardFormatAvailable
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetParent
CopyImage
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
GetMenuItemInfoW
SetRect
DrawEdge
FillRect
GetSysColor
CopyRect
SetMenuItemInfoW
RealChildWindowFromPoint
SetWindowRgn
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
CharUpperW
SendDlgItemMessageA
EndDialog
CreateDialogIndirectParamW
MonitorFromWindow
IsDialogMessageW
CheckDlgButton
TrackMouseEvent
MessageBeep

gdi32

StartPage
StretchBlt
EndPage
EndDoc
CreateFontW
StartDocW
CreateDCW
GetTextMetricsW
LPtoDP
SetPixelV
CreateRoundRectRgn
FrameRgn
SetGraphicsMode
EnumFontsW
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
RestoreDC
SaveDC
GetClipBox
SetBkMode
SetViewportOrgEx
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
SetWorldTransform
ExtCreatePen
SetViewportExtEx
SetWindowExtEx
LineTo
OffsetViewportOrgEx
OffsetWindowOrgEx
CreateRectRgn
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetBkColor
CreateEllipticRgn
GetTextColor
GetRgnBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
EnumFontFamiliesExW
OffsetRgn
GetCurrentObject
RoundRect
PtInRegion
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
CreatePatternBrush
CopyMetaFileW
SetTextColor
MoveToEx
Arc
CreateEllipticRgnIndirect
EqualRgn
SetBkColor
CreateBitmap
GetStockObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
Rectangle
CreateHatchBrush
PatBlt
SetPixel
GetPixel
GetObjectW
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
Ellipse
GetTextExtentPoint32W
CreateFontIndirectW
GetBkMode
Pie
RectInRegion
GetWorldTransform
CreatePen
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
SetWindowOrgEx
ExcludeClipRect
GetClipRgn

msimg32

AlphaBlend
TransparentBlt
GradientFill

comdlg32

GetOpenFileNameW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
ord204

advapi32

RegDeleteKeyW
RegQueryValueExW
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegEnumKeyExW
RegEnumValueW
RegQueryValueExA
CryptAcquireContextW
CryptReleaseContext
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
ShellExecuteA
SHGetSpecialFolderPathW
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoW
SHAppBarMessage
SHGetDesktopFolder
ShellExecuteExW
DragFinish
DragQueryFileW

comctl32

InitCommonControlsEx
ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent

shlwapi

PathFileExistsW
StrToIntExW
PathFileExistsA
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW

uxtheme

GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize

ole32

RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateBindCtx
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoCreateGuid
CoUninitialize
OleRun
CoCreateInstance
CoInitialize
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
VarBstrFromDate
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
SysStringLen
VariantInit
VariantCopy
VariantClear
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
SafeArrayDestroy
GetErrorInfo

oledlg

OleUIBusyW

wsock32

inet_addr

imm32

ImmAssociateContext
ImmCreateContext
ImmDestroyContext
ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

gdiplus

GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetImageEncoders
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetPropertyItemSize
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetPropertyItem
GdipGraphicsClear
GdipGetImageEncodersSize
GdipSaveImageToFile

dbghelp

MiniDumpWriteDump

libxl

xlCreateBookW

iphlpapi

GetAdaptersInfo

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 855KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 750KB - Virtual size: 749KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1df929fa5b1129c43985c38affc5c5ef

Headers

DLL Characteristics

File Characteristics

Imports

log4z

setupapi

ws2_32

winmm

wldap32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

wsock32

imm32

gdiplus

dbghelp

libxl

iphlpapi

oleacc

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 855KB - Virtual size: 855KB

.data Size: 76KB - Virtual size: 486KB

.tls Size: 512B - Virtual size: 33B

.rsrc Size: 412KB - Virtual size: 412KB

.reloc Size: 750KB - Virtual size: 749KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 855KB - Virtual size: 855KB

.data
Size: 76KB - Virtual size: 486KB

.tls
Size: 512B - Virtual size: 33B

.rsrc
Size: 412KB - Virtual size: 412KB

.reloc
Size: 750KB - Virtual size: 749KB