zgrat | 9c9cfb46f054ba152005a24e4bc13cd0_NeikiAnalytics | Triage

Sharing

General

Target

9c9cfb46f054ba152005a24e4bc13cd0_NeikiAnalytics
Size

1.8MB
MD5

9c9cfb46f054ba152005a24e4bc13cd0
SHA1

894e8cce959ed8d0fccfefa585891f5fd85c6aeb
SHA256

105661772dbcadfa0e07c1d790efb26adce0e54d33ecb6bee0e42ae201eecef1
SHA512

3923648a5708f884150318bb5ee9f4df2713bd826b85861bbf2cf1026487ab8b1d5668e361081493ab4cd8b3ede7b7cf9bd173dc7b72eaf95c4082b20aad98a4
SSDEEP

24576:P+ss0unD9Gm7yQGbSMZ6/YnFAHZ5r24ZPW5HuehnP2uC/X2nLU:PM5H78bSEnmxZ+Juehnc/2

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c9cfb46f054ba152005a24e4bc13cd0_NeikiAnalytics

Files

9c9cfb46f054ba152005a24e4bc13cd0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ