Extracted

• • Target

    254f8d074c069e55870426682a68552a95faf35df76b024d7069ddccd7e58e76

  • Size

    5.0MB

  • MD5

    b1339ad6250fec1d3a23a937e5bac9e8

  • SHA1

    9168638e8819de7a7415412f2bac059db500ca4b

  • SHA256

    254f8d074c069e55870426682a68552a95faf35df76b024d7069ddccd7e58e76

  • SHA512

    5c2b630985e7f79bee3a5851b2344ea109457dce4b6d1e792f4d293889d4b8fe44107231a06972a8335ef928398533d1c3288b87f6619a961d71e8d2748c8d01

  • SSDEEP

    49152:10PYJq3qZ4XZr2Uuac+kp5Zu0i93Dg2rXlBAz55QENm3rUEexR3OFwqGu+AUUWUv:1XJq3qZYnAl+2m3rFeR+6R0HG

  Score

  10^/10

  amadeyzgratrattrojan

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Drops startup file

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2