zgrat | АКТ ходимларига Зудлик билан !!![.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

АКТ ходимларига Зудлик билан !!!.exe
Size

4.1MB
MD5

46d1995f95bb1dbc0cf3de793387c01c
SHA1

41da1e59e5c0f01769f9f0bba8f67d128ffed537
SHA256

bcf446de6d49b511ee558dfd6c3a3cefdc85665ef44793eac2b1a4208bf22aaf
SHA512

9f370b8b2e04c41bfb85c5ed9a765dd3b14d45560f21b819fa43367ba39def7be33b35000389b982f5b3d2c9a27a66ce4efd86d4118215fd56e38400b6d32a87
SSDEEP

98304:1HeEnCGriOWjWQLg+ndL2Wwwf5OSTseDUsexyvgM4q:FnFmOWjWYg+ndL2Wwwf5OSTseDUsexl

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
АКТ ходимларига Зудлик билан !!!.exe

Files

АКТ ходимларига Зудлик билан !!!.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

gfhhdrty.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ