gh0strat | d253c00a9bfe64f9bd76b1921feb9b067f9fcfb8c79955204ec2dff7ff1911a2

Sharing

Copy URL Twitter E-mail

General

Target

d253c00a9bfe64f9bd76b1921feb9b067f9fcfb8c79955204ec2dff7ff1911a2
Size

192KB
MD5

a1dfb9c338237909177899d6ba7aa230
SHA1

3f053741afeb0068c680706cdefc5d6a4a05e8d5
SHA256

d253c00a9bfe64f9bd76b1921feb9b067f9fcfb8c79955204ec2dff7ff1911a2
SHA512

032171ca3a89f39d25a015995d468067ab6bcb547fb3be8cf98eb671c66fdd4dace2bbc4bcbb36529f3ab218ee02232f76fa833bf48278d029cd7647e52edce2
SSDEEP

3072:nlKw9QYkzli7nf0oKOX3Na+V2qE6Dgrhw6oTBftlHaQecDShuKaiJ2:nYPz0f0oNsea6DgrroTBll6cDFKam2

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

d253c00a9bfe64f9bd76b1921feb9b067f9fcfb8c79955204ec2dff7ff1911a2
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?COMToCRBvr@@YGPAVCRBvr@@PAUIUnknown@@@Z
?CRAbs@@YGPAVCRNumber@@PAV1@@Z
?CRAcos@@YGPAVCRNumber@@PAV1@@Z
?CRAcquireGCLock@@YG_NXZ
?CRAdd@@YGPAVCRNumber@@PAV1@0@Z
?CRAdd@@YGPAVCRPoint2@@PAV1@PAVCRVector2@@@Z
?CRAdd@@YGPAVCRPoint3@@PAV1@PAVCRVector3@@@Z
?CRAdd@@YGPAVCRVector2@@PAV1@0@Z
?CRAdd@@YGPAVCRVector3@@PAV1@0@Z
?CRAddBvrToRun@@YG_NPAVCRView@@PAVCRBvr@@_NPAJ@Z
?CRAddElement@@YGJPAVCRArray@@PAVCRBvr@@K@Z
?CRAddPickData@@YGPAVCRGeometry@@PAV1@PAUIUnknown@@_N@Z
?CRAddPickData@@YGPAVCRImage@@PAV1@PAUIUnknown@@_N@Z
?CRAddRefGC
?CRAddSite@@YG_NPAVCRSite@@@Z
?CRAlways@@YGPAVCREvent@@XZ
?CRAmbientColor@@YGPAVCRGeometry@@PAV1@PAVCRColor@@@Z
?CRAmbientLight@@YGPAVCRGeometry@@XZ
?CRAnd@@YGPAVCRBoolean@@PAV1@0@Z
?CRAndEvent@@YGPAVCREvent@@PAV1@0@Z
?CRAntiAliasing
?CRAntiAliasing
?CRAppTriggeredEvent@@YGPAVCREvent@@XZ
?CRApplyDXTransform@@YGPAVCRDXTransformResult@@PAUIUnknown@@JPAPAVCRBvr@@PAV3@@Z
?CRAqua@@YGPAVCRColor@@XZ
?CRArc@@YGPAVCRPath2@@NNNN@Z
?CRArcRadians@@YGPAVCRPath2@@NNNN@Z
?CRArcRadians@@YGPAVCRPath2@@PAVCRNumber@@000@Z
?CRAsin@@YGPAVCRNumber@@PAV1@@Z
?CRAtan2@@YGPAVCRNumber@@PAV1@0@Z
?CRAtan@@YGPAVCRNumber@@PAV1@@Z
?CRAttachData@@YGPAVCREvent@@PAV1@PAVCRBvr@@@Z
?CRBSpline@@YGPAVCRBvr@@HJQAPAVCRNumber@@JQAPAV1@J0PAV2@W4CR_BVR_TYPEID@@@Z
?CRBillboard@@YGPAVCRGeometry@@PAV1@PAVCRVector3@@@Z
?CRBlack@@YGPAVCRColor@@XZ
?CRBlendTextureDiffuse@@YGPAVCRGeometry@@PAV1@PAVCRBoolean@@@Z
?CRBlue@@YGPAVCRColor@@XZ
?CRBold@@YGPAVCRFontStyle@@PAV1@@Z
?CRBoundingBox@@YGPAVCRBbox2@@PAVCRImage@@@Z
?CRBoundingBox@@YGPAVCRBbox2@@PAVCRPath2@@PAVCRLineStyle@@@Z
?CRBoundingBox@@YGPAVCRBbox3@@PAVCRGeometry@@@Z
?CRBvrApplyPreference@@YGPAVCRBvr@@PAV1@PAGUtagVARIANT@@@Z
?CRBvrToCOM@@YG_NPAVCRBvr@@ABU_GUID@@PAPAX@Z
?CRCeiling@@YGPAVCRNumber@@PAV1@@Z
?CRClearLastError@@YGXXZ
?CRClearMatte@@YGPAVCRMatte@@XZ
?CRClip@@YGPAVCRImage@@PAV1@PAVCRMatte@@@Z
?CRClipPolygonImage@@YGPAVCRImage@@PAV1@PAVCRArray@@@Z
?CRClose@@YGPAVCRPath2@@PAV1@@Z
?CRColorHsl

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 12KB - Virtual size: 14KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 12KB - Virtual size: 14KB

.reloc
Size: 8KB - Virtual size: 6KB