gh0strat | 1e61dcfe716a1440288b0fbb1e0d27cbae0bc57df30eaeb26a66407720feecc5

Sharing

Copy URL Twitter E-mail

General

Target

1e61dcfe716a1440288b0fbb1e0d27cbae0bc57df30eaeb26a66407720feecc5
Size

91KB
MD5

3b77239543f074efdd73313fc016c8b7
SHA1

28b20179bd8686e217d56f12c6f10b4e92fc2276
SHA256

1e61dcfe716a1440288b0fbb1e0d27cbae0bc57df30eaeb26a66407720feecc5
SHA512

2d7920eddc96f8036a5c6a1580f5dd525283ab5e0b18cc0c297d00546af379b89588aa5dacd977fb6b4c1ed8f0814de806ec3df6523fda4234b528aea6daa22c
SSDEEP

1536:ddOC7t9aozGDo5xszi2MyIuCkj+7cb0IYfxCSpj8RXNHFfWDQG:LOCRAQWzfiuCkj+740ICxCSBcJFfWDQ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

1e61dcfe716a1440288b0fbb1e0d27cbae0bc57df30eaeb26a66407720feecc5
.dll windows x86

5a25749a77ce0f5ca309115ab5c257fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

select
recv
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSACleanup
closesocket
send
inet_addr
sendto
WSASocketA
htonl
getsockname
WSAStartup

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

ICSeqCompressFrameStart
ICSendMessage
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICSeqCompressFrame

msvcrt

??1type_info@@UAE@XZ
wcstombs
_stricmp
atoi
calloc
strchr
strncat
_strnicmp
strrchr
_except_handler3
malloc
free
strncpy
sprintf
rand
_CxxThrowException
strstr
puts
_ftol
ceil
putchar
memmove
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
_strrev

msvcp60

?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Xlen@std@@YAXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

winmm

waveOutUnprepareHeader
waveOutClose
waveInStart
waveInAddBuffer
waveOutReset
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveInPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutWrite

kernel32

GetSystemDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcatA
CreateToolhelp32Snapshot
Process32First
Process32Next
MoveFileExA
CreateProcessA
MoveFileA
WriteFile
SetFilePointer
ReadFile
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrlenA
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
lstrcmpiA
GetCurrentThreadId
GlobalMemoryStatus
CreateFileA
GetSystemInfo
GetComputerNameA
GetVersionExA
GlobalSize
CreateMutexA
SetErrorMode
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
Sleep
VirtualAlloc
GetLastError
ResetEvent
InterlockedExchange
CancelIo
GetTickCount
GetLocalTime
GetCurrentProcessId
HeapAlloc
GetProcessHeap
DeleteFileA
CreateDirectoryA
GetFileAttributesA
lstrcpyA

user32

EnumWindows
MessageBoxA
LoadCursorA
DestroyCursor
BlockInput
SystemParametersInfoA
SendMessageA
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindowTextA
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
GetCursorPos
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
CreateWindowExA
IsWindow
CloseWindow
LoadMenuA
RegisterClassA
LoadIconA
CharLowerBuffA
wsprintfA
CharNextA
GetMessageA
TranslateMessage
DispatchMessageA
GetClipboardData

gdi32

GetDIBits
DeleteObject
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateDIBSection
DeleteDC
SelectObject

advapi32

OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
CreateServiceA
LockServiceDatabase
ChangeServiceConfig2A
UnlockServiceDatabase
RegOpenKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
OpenSCManagerA
RegOpenKeyExA
RegQueryValueExA
CloseEventLog
DeleteService
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
OpenEventLogA
RegCloseKey
ClearEventLogA

shell32

SHGetFileInfoA
ShellExecuteA

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

Exports

Exports

EndWork
IsRuning
ServiceMain
Working

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a25749a77ce0f5ca309115ab5c257fc

Headers

File Characteristics

Imports

ws2_32

avicap32

msvfw32

msvcrt

msvcp60

winmm

kernel32

user32

gdi32

advapi32

shell32

wininet

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB