zgrat | d5f5c011ac69ce4c93a8608647ce4aea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5f5c011ac69ce4c93a8608647ce4aea
Size

8.9MB
MD5

d5f5c011ac69ce4c93a8608647ce4aea
SHA1

6472120c90911ef8a392216a43762381b5adae8b
SHA256

b637540a6e99c2a704caea3e55ad2c3ad18e5464ddc95f134a38303ab62acf48
SHA512

163cf56fff0235003dc78817f3f2a89b17367a683ccf1cc48c23940e0d40ea74a17281d584a8af8e8fb8f094ea4430a765655881210020a5b7c7c37886613ea1
SSDEEP

98304:S04YFQIdJokQKslUE0ISz9DrHcsAiXwUUhGHo6awPx/FpT0I:SLEdXQ5qrHXVAUqGjHPDpj

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5f5c011ac69ce4c93a8608647ce4aea

Files

d5f5c011ac69ce4c93a8608647ce4aea
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AutoWin.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ