gh0strat | 4d2b4895a98e9b785d5fb181d2c96c2bd98cdc0936aca3f4b57d51ee493cbf2e

General

Target

4d2b4895a98e9b785d5fb181d2c96c2bd98cdc0936aca3f4b57d51ee493cbf2e
Size

428KB
MD5

6d34dbcbef15bf325bef6cce21bd6740
SHA1

2c286c30ae74846685c21960d2fb6004dca876e8
SHA256

4d2b4895a98e9b785d5fb181d2c96c2bd98cdc0936aca3f4b57d51ee493cbf2e
SHA512

cd5b401586780cdd75d090695ba00c0bc05c8eaf3b42c4b310a9e6a8d80770a5fb61f05e16dea9a169f0a80cd66880c404637fbc72c000f5641e6505f2534694
SSDEEP

3072:JF2cfxkE32sQbMm2rAxLxK1cJAPTBftFh1AKPunA/bbbbbbbbbb19b57bbbN9tkJ:JkFsQbEYLxKKAPTBlFh1FunADIS9Qik

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

4d2b4895a98e9b785d5fb181d2c96c2bd98cdc0936aca3f4b57d51ee493cbf2e
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

AddMRUStringW
CreateMRUListW
CreateMappedBitmap
CreatePropertySheetPage
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
CreateStatusWindowA
CreateStatusWindowW
CreateToolbar
CreateToolbarEx
CreateUpDownControl
DPA_Create
DPA_DeleteAllPtrs
DPA_DeletePtr
DPA_Destroy
DPA_DestroyCallback
DPA_EnumCallback
DPA_GetPtr
DPA_InsertPtr
DPA_Search
DPA_SetPtr
DPA_Sort
DSA_Create
DSA_DeleteAllItems
DSA_Destroy
DSA_DestroyCallback
DSA_GetItemPtr
DSA_InsertItem
DefSubclassProc
DestroyPropertySheetPage
DllGetVersion
DllInstall
DrawInsert
DrawStatusText
DrawStatusTextA
DrawStatusTextW
EnumMRUListW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
FreeMRUList
GetEffectiveClientRect

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 12KB - Virtual size: 15KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 12KB - Virtual size: 15KB

.reloc
Size: 8KB - Virtual size: 6KB