zh grabber[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

zh grabber.exe
Size

132KB
MD5

9b7cb3b518b13bdab012ccef79e30bed
SHA1

f305a53d9308fe8c46441119c75fb37e9d5ba619
SHA256

5b8add988c56dbc57e61d0a8a0ed13c07426bf37dc1de44eda49a16da39c953c
SHA512

19c2bc7b2a968c8ec4d12d4280a37b12283026146d757852384c8182ed38a05fe68038147f36956b85e71d325480f4ac5d74ffe9254da9a64d8117989d287cee
SSDEEP

768:cgGDtJoJzgd4MmzycmWdaDDp3E2BzmzycmWdaDDp3E2BzeGLCfXo5P0UICwZ3vP/:JGn8gwzNaOJzNaOb48Xo5x8HuzNaO2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zh grabber.exe

Files

zh grabber.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ