General
-
Target
DexProtectEditor.dll
-
Size
750KB
-
MD5
76c0b7ac872356bd13fbe7f14fe5029c
-
SHA1
14903305286eb390a7d887689a64eecab0b4c94e
-
SHA256
cb1cfe8c78b3280745401f18abb17a37ea98238c53346c37de955deafdc1f64f
-
SHA512
cdbb175cc466b55540e422107dc52a9e6c9bf59ec81c9bafb00eef24c9a6a12327e1d469b3a54e41d87a4c9b080fede0e9e9f43ca8454cbe392921b12eb9e1e4
-
SSDEEP
12288:UjskbiuEDmHVSn1nEKXJXncmWvhNpbJY79XTmDz3qDnJ7r9yBR:Kbiu8EKXVWpP7z3qDnJoB
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule sample family_zgrat_v1 -
Zgrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource DexProtectEditor.dll
Files
-
DexProtectEditor.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 748KB - Virtual size: 747KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 948B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ