zgrat | da4f54eab899182b80b1f2cd7e4c3b30_NEIKI | Triage

Sharing

General

Target

da4f54eab899182b80b1f2cd7e4c3b30_NEIKI
Size

684KB
MD5

da4f54eab899182b80b1f2cd7e4c3b30
SHA1

d3b02b6cbb9eed3df7a8809261c45c6419049ef8
SHA256

d235336263d6c291b1075f10baa354a2ed8409a73e07290c256d28afc69622ca
SHA512

6d3911e13b0054f62b1202e5fde1eed5901cf3a72509431a9339bd3bd019594eb02b146882752c2f1199961bd6b52a224a5e789dbdef07b39a4fcf648fc03fb8
SSDEEP

12288:gcqE4rUamXJZXjK8XkiH9qXeUlnvJ0udha2ssE4EDRyl+m4SjBoaFzKw/HKmBP:gctKUPHEDV1nvssODRrmBoaFzKyb

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da4f54eab899182b80b1f2cd7e4c3b30_NEIKI

Files

da4f54eab899182b80b1f2cd7e4c3b30_NEIKI
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ