zgrat | 36acaaa764862b14182872ad468a03fc | Triage

Sharing

General

Target

36acaaa764862b14182872ad468a03fc
Size

826KB
MD5

36acaaa764862b14182872ad468a03fc
SHA1

ae6f90dac8aba6be21792f78b10959fad630bed0
SHA256

e418490bbf99e4ab5832082fefac164502c35b6c4cff15b6b356565b9c8ef3cd
SHA512

34ea9610a49391c04320224be8e86f81d81d6a29c03b7de2829cca7ccda99878856c33773e9dec0c16bc0a4ce499aca7183551176af55eb72cc52749e97be163
SSDEEP

12288:7BYOo4h9jANBze3Up/9PX90sps6OfCsdsmfR2KUpS1+u8Yzo:7BYOo4Aze3Up110sjSCSsOUpS1+lYzo

Score

10^/10

zgrat mercurialgrabber

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Mercurialgrabber family
mercurialgrabber
Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36acaaa764862b14182872ad468a03fc

Files

36acaaa764862b14182872ad468a03fc
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ