General
-
Target
Loader.exe
-
Size
252KB
-
MD5
c65bace3e97986a638d4ac98e87747ea
-
SHA1
ef1789af63009995a39a9152215d8ed4f876c131
-
SHA256
3cce502bff8917b478c4aab36be7e1de61ffba2a0479e73580c7ed893cd57ab4
-
SHA512
3cebcb1c2b8bb692bc31d62a476d8e9a3eb43715d4e23c720d97415e2c4263a8271a76287f8ef0369c401b8c05934450fa8dc5e5f37862f7aace8c36a0e94bf5
-
SSDEEP
3072:fNj+gO7/Z+jM7SnAkwyj6N8Woy1QuXluHuUY1qSixMyMYMbMjMMOt8MJM+MKMuRC:fI3RCdb6f2as3QPSqNbhSKH8xL8oZZ
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule sample family_zgrat_v1 -
Zgrat family
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Loader.exe
Files
-
Loader.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 249KB - Virtual size: 249KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ