zgrat | e394ca44022eb04760fb8d06f7257a9bd581008bf87901585a64b4d0741b1010

General

Target

e394ca44022eb04760fb8d06f7257a9bd581008bf87901585a64b4d0741b1010
Size

359KB
MD5

d18c9304c6493c4e4eb99b60dcf5f404
SHA1

f38d71911d41005922963e8e6360180eae08058f
SHA256

e394ca44022eb04760fb8d06f7257a9bd581008bf87901585a64b4d0741b1010
SHA512

ec3a9cb19b693da16ed87b36d373c7825033dd8ab6e9e25c3b81d5e58f54bc3c4c2ff9dfa5ca8840042b325376ffde2424d0c840ccb5085ced5bd13b4ebb5a6e
SSDEEP

6144:qov8Y9GJ/Pq29yhO2mN8k84IlTp2jAXl6uw5c1mPoj1V/u4XI+/WPRJ:qoEY9GAeyhOnrFsl60iJ3PRJ

Score

10^/10

zgrat

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/b748181035fabd4e717bb4d8a5b86343758864353c705b386e111036280905a1.exe	family_zgrat_v1

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b748181035fabd4e717bb4d8a5b86343758864353c705b386e111036280905a1.exe

e394ca44022eb04760fb8d06f7257a9bd581008bf87901585a64b4d0741b1010
.zip

Password: infected
b748181035fabd4e717bb4d8a5b86343758864353c705b386e111036280905a1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Solution.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ