Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20240226-en
Target
tmp
Size
549KB
MD5
541265de5e9bbbdbd0a8105716fc6ef8
SHA1
1c4a44cd380e87a1d53db9ae6ceac5f4e8166837
SHA256
3ed565443e0c49b991d90cd32c4c060db6fe2af30b3a24586379024e0adc2e02
SHA512
4a9cd4acd085b6ee902b8292f7aa9381458338ad87b5881183f427bfdbb75ca1b97589fb831bd5ab19de279ae6f4ee9b8ed2380e597021f82767521a5705668f
SSDEEP
12288:xB/p8smtRpl73V7SxNWM/MOt/9fSLtZ8I6:xB6NV7SxNWMU2/MLfw
Processes:
resource | yara_rule |
---|---|
sample | family_zgrat_v1 |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Levitating.pdb
_CorExeMain
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ