zgrat | tmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp
Size

1.1MB
MD5

99a4c0caef6106e91ae180b37a299d7b
SHA1

e3f97894836e386fd8f959587863f70abaa05153
SHA256

1816a8a595ccb3d33dd3d0b4948aa60febbf28f93bbc25c776055a471eaaa318
SHA512

1eef84d50077399c5aa0c2a10a5689783e560a5934f3cc5e2c59d19b488ead46dd8b1115e7e4d0692ca47f7a11636984ef345c1b7527cac3eb5967b774e71bee
SSDEEP

24576:yyh8/lJNBFDdPgOQwBVcVxlTk0ATgh89XipPCOAKg3Gb:5YlJNBFpPZ9ym06ghKipaxKg3G

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ