zgrat | 14055e84711757b5b23f0ef56feac2f6

Sharing

Copy URL Twitter E-mail

General

Target

14055e84711757b5b23f0ef56feac2f6
Size

3.9MB
MD5

14055e84711757b5b23f0ef56feac2f6
SHA1

3409524597930a18c5ba89780fe1584552b5955f
SHA256

50a9cbc2ecbf5180a3066a2bcc9577d3dabc53398cca31ea4e1b04424328e5f0
SHA512

643a9a557144ea8ec1bbbfa9b0985f0d2c7b0ca1de0140887ff2e824c85f6336ca730a86af50817983e9931af28162cea4c5b389bdcddd263f0a06d563457e31
SSDEEP

98304:VNZ5mM8a/v3AazLeLWv831rcFgoDkkMyck3p3:VNZw8v3AaXyWv831rqRDkkd33

Score

10^/10

themida zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

14055e84711757b5b23f0ef56feac2f6
.exe windows:4 windows x86 arch:x86

Code Sign

70:9c:e3:af:f5:bc:6f:a1:4c:ab:ee:1c:b2:8d:11:64
Certificate

Issuer

CN=Toshiba Canvio Basics New 2.5@ HDTB405EK3AA

Not Before

30/07/2021, 10:03

Not After

31/07/2031, 10:03

Subject

CN=Toshiba Canvio Basics New 2.5@ HDTB405EK3AA

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:05:b7:a2:9d:b4:35:fa:2b:7c:e4:b3:1d:0d:13:16:00:94:7d:fb:17:a1:09:2b:34:2a:ef:8b:f7:7a:e6:17
Signer

Actual PE Digest

f0:05:b7:a2:9d:b4:35:fa:2b:7c:e4:b3:1d:0d:13:16:00:94:7d:fb:17:a1:09:2b:34:2a:ef:8b:f7:7a:e6:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 189KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

✅GOOGL
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

70:9c:e3:af:f5:bc:6f:a1:4c:ab:ee:1c:b2:8d:11:64Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f0:05:b7:a2:9d:b4:35:fa:2b:7c:e4:b3:1d:0d:13:16:00:94:7d:fb:17:a1:09:2b:34:2a:ef:8b:f7:7a:e6:17Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 189KB - Virtual size: 192KB

Size: 1.1MB - Virtual size: 1.2MB

.reloc Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

✅GOOGL Size: 102KB - Virtual size: 102KB

.themida Size: - Virtual size: 5.1MB

.boot Size: 2.4MB - Virtual size: 2.4MB

.rsrc Size: 102KB - Virtual size: 101KB

70:9c:e3:af:f5:bc:6f:a1:4c:ab:ee:1c:b2:8d:11:64
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f0:05:b7:a2:9d:b4:35:fa:2b:7c:e4:b3:1d:0d:13:16:00:94:7d:fb:17:a1:09:2b:34:2a:ef:8b:f7:7a:e6:17
Signer

.text
Size: 189KB - Virtual size: 192KB

.reloc
Size: 512B - Virtual size: 12B

.idata
Size: 512B - Virtual size: 8KB

✅GOOGL
Size: 102KB - Virtual size: 102KB

.themida
Size: - Virtual size: 5.1MB

.boot
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 102KB - Virtual size: 101KB