zgrat | DexProtectRC1[.]8[.]16[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

DexProtectRC1.8.16.zip
Size

427KB
MD5

a33f24d11b13fd59cb65b1e11c83ee22
SHA1

dc758460f638ce4512617181093d3a2859ee28c5
SHA256

524a99c8ba31aca44b92d02787ae4815609d4a28cce8e637ac529e1411b65366
SHA512

0da5491080693377d0e17591d4319a9659ad3f03be2232437722a3f7c433c06f4f7fbbcda287525b20c6b0892ce9d748f53f08f5d0b9d427b9e121a182b8b0c8
SSDEEP

6144:nK2niaR3BCvkJCvZW47WDxN4rNk05NP6+DK/npy7ackgeexhDjTUAN2feOQpW:JnBuceZV7WVNcNP5N/e/QaqvjDakW

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack005/96883d934aec4c34088ce2873d1fb994/asset	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DexProtectOSC.exe
unpack005/96883d934aec4c34088ce2873d1fb994/asset

Files

DexProtectRC1.8.16.zip
.zip
DexProtectOSC.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DexProtectRC1.8.16.unitypackage
.gz
archtemp.tar
.tar .js polyglot
3f3f49d6993fe8e47b3309673ff9d498/asset
3f3f49d6993fe8e47b3309673ff9d498/asset.meta
3f3f49d6993fe8e47b3309673ff9d498/pathname
4fec87a22c62f6644bda2dfd9de22615/asset
.js
4fec87a22c62f6644bda2dfd9de22615/asset.meta
4fec87a22c62f6644bda2dfd9de22615/pathname
53ccf7646a3f85d40abc0fa6c392887b/asset
53ccf7646a3f85d40abc0fa6c392887b/asset.meta
53ccf7646a3f85d40abc0fa6c392887b/pathname
89a280c1aeab41945901c574a010794f/asset
.gz
archtemp.tar
.tar
96883d934aec4c34088ce2873d1fb994/asset
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 712KB - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
96883d934aec4c34088ce2873d1fb994/asset.meta
96883d934aec4c34088ce2873d1fb994/pathname
89a280c1aeab41945901c574a010794f/asset.meta
89a280c1aeab41945901c574a010794f/pathname
9d6f95759ad14ec43a68da8c18750792/asset.meta
9d6f95759ad14ec43a68da8c18750792/pathname
c3aa90a5e6ea3a744bfdec873df23e9a/asset.meta
c3aa90a5e6ea3a744bfdec873df23e9a/pathname
e949ea01dbe4571478cf916596d1e61c/asset
e949ea01dbe4571478cf916596d1e61c/asset.meta
e949ea01dbe4571478cf916596d1e61c/pathname
README.txt

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 71KB - Virtual size: 71KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 712KB - Virtual size: 711KB

.rsrc Size: 1024B - Virtual size: 948B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 71KB - Virtual size: 71KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 712KB - Virtual size: 711KB

.rsrc
Size: 1024B - Virtual size: 948B

.reloc
Size: 512B - Virtual size: 12B