zgrat | 345bcaa054ef95e2995a2acec9ca89a7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

345bcaa054ef95e2995a2acec9ca89a7
Size

251KB
MD5

345bcaa054ef95e2995a2acec9ca89a7
SHA1

2607ec7af04dea42af6eebe61d967f84c90481af
SHA256

1be3f1f47db07a515b9ad15aa470938e5ad1294a03d57393c60a073aa4a49ad2
SHA512

cf0d76138e5d663fcc2f324d19fd269d788917a66887d6323fe568f2588477b75007ed355c15976468b0685cdf623f5d93154e97266666f6f78836b48c5847a3
SSDEEP

6144:cfdY83uv2M/ZQvF0/NVfPeo4ZgnVVdCg:n83uv2MxQC/n

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
345bcaa054ef95e2995a2acec9ca89a7

Files

345bcaa054ef95e2995a2acec9ca89a7
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ