zgrat | 957537119d1d808725d08308b0189a99[.]exe | Triage

Sharing

General

Target

957537119d1d808725d08308b0189a99.exe
Size

4.6MB
MD5

957537119d1d808725d08308b0189a99
SHA1

ad323601b5ada9b142273189cb63519265427ff1
SHA256

7bdbf20eb742e859dc999d8b31f15900c8c7a55d14fe93e283cac6dda3ca2137
SHA512

03d7c651c80e505e0d88a8324641fa191bafacd528caa8e9521df3dfe10c4e80c2993f45b9cd0dbacb9eb5f95dac036c69352920bf15688884f0d0e1f2e48bc1
SSDEEP

49152:N7CfKCu9sD+yw1LviJw5ReL+2QyLG48aSYHtDRPGUHFv/3+iUD0pdSdvDtrm:sfK6RKvieCL+HyqeVbPGoN+iUDgkd

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
957537119d1d808725d08308b0189a99.exe

Files

957537119d1d808725d08308b0189a99.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

development_of_a_team_of_engineers.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ