zgrat | 1E52EEB3ECA446ED04980D05750CFCF411E81919AEA1E29E7B888DAD3D6B5992[.]zip

General

Target

1E52EEB3ECA446ED04980D05750CFCF411E81919AEA1E29E7B888DAD3D6B5992.zip
Size

1.4MB
MD5

dbc211156fc3188043440ec62acba094
SHA1

13c4794e0335a43c2c2991e26b54a8c769fd7cf2
SHA256

446e5f6d907c97fa750f7e8e83d7f21daa26778843b3790970bf2ff80ea77a4f
SHA512

beb3104af26b72d370b9610f3069dad6acea8ebdadb1c60a1f4dba72b91dd529b0bf51e3e0dfebae7e3bc4bf2968d4a6896abf3179124b54d23a81c2f7156a74
SSDEEP

24576:vUWtksL9ZZwjf3a0pm81cW1ga1YWJQ4c92kjBm1Xmiw47oX0/7Sel2xlww2OzWQn:cYX03a0pmW1mFjBMXmijEXGJlGe6WQ9R

Score

10^/10

zgrat

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/1E52EEB3ECA446ED04980D05750CFCF411E81919AEA1E29E7B888DAD3D6B5992.exe	family_zgrat_v1

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1E52EEB3ECA446ED04980D05750CFCF411E81919AEA1E29E7B888DAD3D6B5992.exe

1E52EEB3ECA446ED04980D05750CFCF411E81919AEA1E29E7B888DAD3D6B5992.zip
.zip

Password: infected
1E52EEB3ECA446ED04980D05750CFCF411E81919AEA1E29E7B888DAD3D6B5992.exe
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ