General
-
Target
comInto.exe
-
Size
3.4MB
-
MD5
acf8cd01af956bdcd5dd9b932d1da43e
-
SHA1
375ccdfa57684b2e40800eb7340cd7bc238e1ee4
-
SHA256
4723d355a68496451231510be6bdbd63c69b4486e09a541dfb37e5098071eecd
-
SHA512
d44fa90328220b535deed3394a6314c1438e2ec1ae5892e410c28ce3b83115d8ed4f464032c4e4cfce95b82d6ced4f8a36d04466465880cc4cd34c92554755a4
-
SSDEEP
98304:HLSY9ernRPb0e3yZMENUCSNQ5O6HvVXP:HLdwnUtR
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule sample family_zgrat_v1 -
Zgrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource comInto.exe
Files
-
comInto.exe.exe windows:4 windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.4MB - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 880B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ