gh0strat | b8c705eda12035ed69a96af7a8b522ed2680850da81fb22158476cb462d169a0

Sharing

Copy URL

Twitter E-mail

General

Target

b8c705eda12035ed69a96af7a8b522ed2680850da81fb22158476cb462d169a0
Size

108KB
MD5

671c713740730b77ce0e0169e18c0b70
SHA1

6a7fd87674c9e2ab5ed7a1ee0f0bd5782cc24f6e
SHA256

b8c705eda12035ed69a96af7a8b522ed2680850da81fb22158476cb462d169a0
SHA512

38ca9db5cca3dabbbfbf0168f01fe307edb1c17141025eb30405182be189e78107a7f26ec27a371b65cbed5656b376f2b3804d438107886ab19a22673db3384a
SSDEEP

1536:N/EbdPOal9OvppWdmRmscm3Afx10NF1z9ZzWtj8oVZV5I:REblO+OhA4msV3ax10NF1z9m8oJ5I

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

b8c705eda12035ed69a96af7a8b522ed2680850da81fb22158476cb462d169a0
.exe windows x86

fd90f3d35ceff08b0fe4937fb2129a3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetTickCount
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetDriveTypeA
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
SetErrorMode
OpenProcess
LocalSize
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
GetLocalTime
GetSystemDirectoryA
lstrcatA
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateThread
InitializeCriticalSection
DeleteCriticalSection
CreateThread
GetCurrentProcess
lstrlenA
WinExec
CreateProcessA
GetLastError
GetModuleFileNameA
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
VirtualFree
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
FreeLibrary
DeleteFileA
CancelIo
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
Sleep
LoadLibraryA
GetProcAddress
VirtualAlloc
GetDiskFreeSpaceExA

user32

mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetCursorPos
DestroyCursor
SetCapture
GetDC
GetDesktopWindow
SetRect
GetCursorInfo
GetCursorPos
SetProcessWindowStation
LoadCursorA
WindowFromPoint
CloseWindow
CreateWindowExA
IsWindow
wsprintfA
MessageBoxA
MapVirtualKeyA
SendMessageA
GetKeyState
GetAsyncKeyState
GetForegroundWindow
EnumWindows
GetWindowTextA
ReleaseDC
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetProcessWindowStation
OpenWindowStationA

gdi32

DeleteDC
DeleteObject
GetDIBits
CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
RegCreateKeyExA
AdjustTokenPrivileges
OpenProcessToken
RegEnumValueA
RegEnumKeyExA

shell32

SHGetFileInfoA
ShellExecuteA

msvcrt

_strnicmp
_strupr
__getmainargs
_strrev
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
strncat
strchr
_snprintf
_errno
atoi
strncmp
strrchr
strncpy
sprintf
ceil
_ftol
strstr
memmove
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException
??2@YAPAXI@Z
free
malloc
_except_handler3

ws2_32

__WSAFDIsSet
recvfrom
sendto
listen
accept
getpeername
bind
inet_addr
inet_ntoa
ioctlsocket
send
select
closesocket
recv
ntohs
socket
gethostbyname
htons
WSAStartup
WSACleanup
WSAIoctl
setsockopt
gethostname
connect
getsockname

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

wininet

InternetGetConnectedState

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameEnd
ICCompressorFree
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose

Exports

Exports

Dni
Wang

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd90f3d35ceff08b0fe4937fb2129a3e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ws2_32

msvcp60

wininet

msvfw32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 4KB