zgrat | SecuriteInfo[.]com[.]Win32[.]PWSX-gen[.]23210[.]9609 | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.PWSX-gen.23210.9609
Size

434KB
MD5

49a101f27b36c7ee8a0931a656749c43
SHA1

13874d352aa3fbb9a262e29c03ff885714ff8429
SHA256

b61c3baadd541bcafad124668888e322d70720335a6f46173b489a47d5b66c1c
SHA512

121f6b0b8c8342df96837e173cac6814fff315385a2f1a234b77c5b59fd661930b6f67e910f797db2f7a69d00f282dd9788770925c8390dfe6abcb52ac612ad3
SSDEEP

6144:1T0hyKyHzHfy5joC2zBtT5GNtBFeO1gqcID8kfn5oNfNvX82a7m5BIks:ihiHzHKjo7F/Gt0wLcE5UfNMdm5

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.Win32.PWSX-gen.23210.9609

Files

SecuriteInfo.com.Win32.PWSX-gen.23210.9609
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ