zgrat | 2f68b724d76755b75967bf9b7e87c115

Sharing

Copy URL

Twitter E-mail

General

Target

2f68b724d76755b75967bf9b7e87c115
Size

2.3MB
MD5

2f68b724d76755b75967bf9b7e87c115
SHA1

79a97bd686ad4e73069244477323a048137cca35
SHA256

adc802f51574c78be643be565344cf9ab94fd25c7320e007cc6487ee28a881cb
SHA512

9a849a054c194d89a87bab4ba86584ca451ccf6e0b38f77b59695980476134a06e9205acb00297f8a1c647d458d03eb1e1a025773bc8bc2b9d390f2f0739515b
SSDEEP

49152:XX8+jyYwFY/B2ez5wMN1kPEh0uvrqeSn3LsSUZ/iI7UFs0Ijpuzj:XX8+jfwFYpPzOek8bqr3GZLUyV6

Score

10^/10

themida zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

2f68b724d76755b75967bf9b7e87c115
.exe windows:4 windows x86 arch:x86

Code Sign

56:98:74:f5:77:07:3c:9c:4a:88:df:6c:7a:5c:9f:3a
Certificate

Issuer

CN=Viewsonic VX2718-2KPC-MHD 27

Not Before

21-07-2021 15:19

Not After

22-07-2031 15:19

Subject

CN=Viewsonic VX2718-2KPC-MHD 27

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:89:cc:ea:e3:6b:57:24:7d:dc:63:7b:37:22:31:ed:63:6b:04:7f:55:a4:4e:22:b1:bf:53:84:f5:dc:7f:70
Signer

Actual PE Digest

af:89:cc:ea:e3:6b:57:24:7d:dc:63:7b:37:22:31:ed:63:6b:04:7f:55:a4:4e:22:b1:bf:53:84:f5:dc:7f:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 182KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 29KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

56:98:74:f5:77:07:3c:9c:4a:88:df:6c:7a:5c:9f:3aCertificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

af:89:cc:ea:e3:6b:57:24:7d:dc:63:7b:37:22:31:ed:63:6b:04:7f:55:a4:4e:22:b1:bf:53:84:f5:dc:7f:70Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 182KB - Virtual size: 184KB

Size: 29KB - Virtual size: 233KB

.reloc Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 232KB - Virtual size: 232KB

.themida Size: - Virtual size: 4.5MB

.boot Size: 1.9MB - Virtual size: 1.9MB

56:98:74:f5:77:07:3c:9c:4a:88:df:6c:7a:5c:9f:3a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

af:89:cc:ea:e3:6b:57:24:7d:dc:63:7b:37:22:31:ed:63:6b:04:7f:55:a4:4e:22:b1:bf:53:84:f5:dc:7f:70
Signer

.text
Size: 182KB - Virtual size: 184KB

.reloc
Size: 512B - Virtual size: 12B

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 232KB - Virtual size: 232KB

.themida
Size: - Virtual size: 4.5MB

.boot
Size: 1.9MB - Virtual size: 1.9MB