zgrat | 06dd9d3a56a4839aba849b05e946d3ebdf3142d1e3021c3b59806ded1e1e7572

General

Target

06dd9d3a56a4839aba849b05e946d3ebdf3142d1e3021c3b59806ded1e1e7572
Size

251KB
MD5

f26291ea20cfa18d200d2f95cae62863
SHA1

847f69a9d1448a6ea30249e088f3ec4f71d48ecb
SHA256

06dd9d3a56a4839aba849b05e946d3ebdf3142d1e3021c3b59806ded1e1e7572
SHA512

452dda614f6a3371500c0c0d67f459d24de383552c198f28c1871dce8e667f1d16547c043ac5eef7d018a8b7a13df0b11df11a0ea2f55a837af02509ecc263f7
SSDEEP

6144:9/mLU523jS0vhS4POV3eUSlGBtCNuxOXRBaS5KTyOWJxcPM6vICqWW:9OI420ZS3eUSEBAaODaS5KTyOUe3vxw

Score

10^/10

zgrat

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/b03aa6bdff66cb4a9114ebb3615f07af455b474f7af998cd35ba47f84bbf05b1.exe	family_zgrat_v1

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b03aa6bdff66cb4a9114ebb3615f07af455b474f7af998cd35ba47f84bbf05b1.exe

06dd9d3a56a4839aba849b05e946d3ebdf3142d1e3021c3b59806ded1e1e7572
.zip

Password: infected
b03aa6bdff66cb4a9114ebb3615f07af455b474f7af998cd35ba47f84bbf05b1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Blinsson.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ