zgrat | bf48b02e030020e086751115915f3721

Sharing

Copy URL Twitter E-mail

General

Target

bf48b02e030020e086751115915f3721
Size

3.6MB
MD5

bf48b02e030020e086751115915f3721
SHA1

4a545b6b24bf3fde681014986cf35db2d59bbe62
SHA256

ab8451ccb62d4667ecebadcb728768832dfd5286136ba3ec6b898295d291d39b
SHA512

b66ef40a2128f89d6f19965d17e885c124a41c8a9a4de8b23c8669383447fb852ca8c84636e29626e2700cc13f304d5f8b0efc2d8873fd1dc0147ce3d45c5f53
SSDEEP

98304:5TErrUc1cZ4SFTT+CcUhgWkkh62V3QX4z/D/MuyfJRyGzPc:5wrgc1AVT+NU6Wtr2X4H0uyhRLY

Score

10^/10

themida zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

bf48b02e030020e086751115915f3721
.exe windows:4 windows x86 arch:x86

Code Sign

70:9c:e3:af:f5:bc:6f:a1:4c:ab:ee:1c:b2:8d:11:64
Certificate

Issuer

CN=Toshiba Canvio Basics New 2.5@ HDTB405EK3AA

Not Before

30/07/2021, 10:03

Not After

31/07/2031, 10:03

Subject

CN=Toshiba Canvio Basics New 2.5@ HDTB405EK3AA

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:83:ff:42:7b:11:40:de:e2:f1:48:70:92:28:75:4d:3b:53:99:c9:91:14:c0:29:14:09:be:7b:b8:c9:ae:30
Signer

Actual PE Digest

ba:83:ff:42:7b:11:40:de:e2:f1:48:70:92:28:75:4d:3b:53:99:c9:91:14:c0:29:14:09:be:7b:b8:c9:ae:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

✅GOOGL
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

✅GOOGL
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

✅GOOGL
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

✅GOOGL
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

✅GOOGL
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

70:9c:e3:af:f5:bc:6f:a1:4c:ab:ee:1c:b2:8d:11:64Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ba:83:ff:42:7b:11:40:de:e2:f1:48:70:92:28:75:4d:3b:53:99:c9:91:14:c0:29:14:09:be:7b:b8:c9:ae:30Signer

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 184KB - Virtual size: 184KB

Size: 1.1MB - Virtual size: 1.2MB

.reloc Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

✅GOOGL Size: 102KB - Virtual size: 102KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 2.1MB - Virtual size: 2.1MB

✅GOOGL Size: 2KB - Virtual size: 2KB

✅GOOGL Size: 2KB - Virtual size: 2KB

✅GOOGL Size: 2KB - Virtual size: 2KB

✅GOOGL Size: 2KB - Virtual size: 2KB

.rsrc Size: 102KB - Virtual size: 101KB

70:9c:e3:af:f5:bc:6f:a1:4c:ab:ee:1c:b2:8d:11:64
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ba:83:ff:42:7b:11:40:de:e2:f1:48:70:92:28:75:4d:3b:53:99:c9:91:14:c0:29:14:09:be:7b:b8:c9:ae:30
Signer

.text
Size: 184KB - Virtual size: 184KB

.reloc
Size: 512B - Virtual size: 12B

.idata
Size: 512B - Virtual size: 8KB

✅GOOGL
Size: 102KB - Virtual size: 102KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 2.1MB - Virtual size: 2.1MB

✅GOOGL
Size: 2KB - Virtual size: 2KB

✅GOOGL
Size: 2KB - Virtual size: 2KB

✅GOOGL
Size: 2KB - Virtual size: 2KB

✅GOOGL
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 102KB - Virtual size: 101KB