zgrat | 44ae03fe50c0375bcaf2d8636daa6d2e | Triage

Sharing

General

Target

44ae03fe50c0375bcaf2d8636daa6d2e
Size

673KB
MD5

44ae03fe50c0375bcaf2d8636daa6d2e
SHA1

a66fb6c4377966296d623351b54f5e2dd330b568
SHA256

22fc72bf7944d527de7b6c86417ffce23c08d98137160db3a25898012c26e359
SHA512

a3857393e7d7e29db751207d7c762a592d178e414ae0427534d553a552d382bf5881ff4e0a1766d6e8f36027c4b97b2a384699ba25a0c81afb3627c496558a41
SSDEEP

12288:7eGZYm7ds6GikjPZ695jzC1owCmS4r9Wge8sHT:7eGZYb6HwPM95jeo7P4hWjT

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44ae03fe50c0375bcaf2d8636daa6d2e

Files

44ae03fe50c0375bcaf2d8636daa6d2e
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 666KB - Virtual size: 665KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ