zgrat | 15909167c6a125757e0a931c7c486269 | Triage

Sharing

General

Target

15909167c6a125757e0a931c7c486269
Size

780KB
MD5

15909167c6a125757e0a931c7c486269
SHA1

4ee9f50d549e09f16a708be0132a52f022e1e30b
SHA256

52dc36893fc7e6d2df03eb3c9d14dba3f037f8788acc95236453bb54dca6f433
SHA512

8132da92007a455538158c3b9bb5ecb4fcd52b3e456f6b679756d987563d4a8e17f50a55ea4070fc077b64f0bb5a46df86206895e57e629b60f39338b0e75b48
SSDEEP

6144:y4Vud/QiBcScbBuHGGr0CxM1R6KMC5PNHYsIjrm2JMDo4IHa2PC3l96Lb:y4G7BcFYprBoB5u3Jgleb

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15909167c6a125757e0a931c7c486269

Files

15909167c6a125757e0a931c7c486269
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 771KB - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ