gh0strat | 8fa2e8f9a30db3f41856db752951f24d75452fa5e29b6c54f9b06c2955ccc9cd

Sharing

Copy URL Twitter E-mail

General

Target

8fa2e8f9a30db3f41856db752951f24d75452fa5e29b6c54f9b06c2955ccc9cd
Size

169KB
MD5

5540085f6ab12d5c10343599ace6a25a
SHA1

c8a8ec12c377c050d957f7228f3a8b31f5376e85
SHA256

8fa2e8f9a30db3f41856db752951f24d75452fa5e29b6c54f9b06c2955ccc9cd
SHA512

72a2dbc281e6ea36d4b8d913b0ce30afc3db6cfd9733b9f2b8cd6b8f9fc8f5a6c7ff22422eaf8b84cb5bc1bca6d3a958be55f6d6ede67128ba94989379e0afcf
SSDEEP

3072:5lT6QTlxjLXCKDcMERjtJXVtEhKwBDf0cUyueqovjPZ/N:5l3HyvjTXLiKwBDftUreqoBN

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

8fa2e8f9a30db3f41856db752951f24d75452fa5e29b6c54f9b06c2955ccc9cd
.exe windows x86

1f3943b6e423d10b83dd43e75c79ba04

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:98:0d:b9:9b:39:14:e5:f0:5e:34:24:8e:b2:08:03:41:7b:d3:f1
Signer

Actual PE Digest

d7:98:0d:b9:9b:39:14:e5:f0:5e:34:24:8e:b2:08:03:41:7b:d3:f1

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

04/02/2009, 03:39
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA

msvcrt

rand
srand
_exit
_XcptFilter
exit
_acmdln
__getmainargs
sprintf
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??2@YAPAXI@Z
_initterm

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f3943b6e423d10b83dd43e75c79ba04

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

d7:98:0d:b9:9b:39:14:e5:f0:5e:34:24:8e:b2:08:03:41:7b:d3:f1Signer

Signature Validations

Verification

04/02/2009, 03:39 Valid: false

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 586B

.data Size: 4KB - Virtual size: 936B

.rsrc Size: 148KB - Virtual size: 148KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

d7:98:0d:b9:9b:39:14:e5:f0:5e:34:24:8e:b2:08:03:41:7b:d3:f1
Signer

04/02/2009, 03:39
Valid: false

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 586B

.data
Size: 4KB - Virtual size: 936B

.rsrc
Size: 148KB - Virtual size: 148KB