Behavioral task
behavioral1
Sample
e84cad4f234445a47bf803591ac168031558e9215ba714c2197fe75b5188aa1c.exe
Resource
win7-20231129-en
General
-
Target
e84cad4f234445a47bf803591ac168031558e9215ba714c2197fe75b5188aa1c.exe
-
Size
4.5MB
-
MD5
4de76ad34e9ccffc91bbec7a3c4e79e0
-
SHA1
ff1a420b36557b306df4e2c3e020c49abeb3620a
-
SHA256
e84cad4f234445a47bf803591ac168031558e9215ba714c2197fe75b5188aa1c
-
SHA512
ff317dd768d14ec10d1cfc5cf2111b08a2943be55f58066b450ecb27e4531ea54d68911faf7ad4990e1bcb6d56f67b6c2179749266634c1dbb7bcfc57ed27dbe
-
SSDEEP
49152:Fw+k41fhgCT4O3Qdx09EwApWjGUAN1ZtgX+cvfrmhC0w9O2XM+OBFpGMEMBF:FE2ScXywApWyZZWXLvjmo9iB
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule sample family_zgrat_v1 -
Detects executables packed with unregistered version of .NET Reactor 1 IoCs
resource yara_rule sample INDICATOR_EXE_Packed_DotNetReactor -
Zgrat family
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule sample net_reactor -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e84cad4f234445a47bf803591ac168031558e9215ba714c2197fe75b5188aa1c.exe
Files
-
e84cad4f234445a47bf803591ac168031558e9215ba714c2197fe75b5188aa1c.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 81KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ