iClient-Spoofer.pdb
General
-
Target
iClient-Spoofer.exe
-
Size
395KB
-
MD5
7dfc197ee5451e8a6861d820e08fa2c3
-
SHA1
e470a64c96191aa03be07e16751d19a859699e71
-
SHA256
d63ffe1d9abffb5d9c5033c4fc762540c1dd8a16345176e5ca2112b9b595db99
-
SHA512
d07a7619ebafbe4b0e01c8e3f35432f63ebeb6666cb02ff91e3c79f0401e70aae6534c110d26192855b54f520f6ce5efeade6b0e511ae181879c00b38e610cf3
-
SSDEEP
6144:IaOsamSQ1uUtWgV82IL15pObe41qDJuC5n15VF8Cq:GsVP3c17wEtFA
Score
10/10
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule sample family_zgrat_v1 -
Zgrat family
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource iClient-Spoofer.exe
Files
-
iClient-Spoofer.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 390KB - Virtual size: 389KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ