gh0strat | ca45c06f2ebb47b038de2578e3fa2ba68e6d04afa9cc04fc19c239ccfb1e78ad

Sharing

Copy URL Twitter E-mail

General

Target

ca45c06f2ebb47b038de2578e3fa2ba68e6d04afa9cc04fc19c239ccfb1e78ad
Size

5.8MB
MD5

5aacb764a1970d882a5401ceadf8dc3d
SHA1

e8383ed3462285fadef3a18b6ddbc9a018d84e23
SHA256

ca45c06f2ebb47b038de2578e3fa2ba68e6d04afa9cc04fc19c239ccfb1e78ad
SHA512

a9344a998f458e6768fb4202d077060cf4ec3242d10248af74f91ed179a70d59a4e7c007201eb5b8d6b9533eab74e0258682d38856199604c6625757fabc172a
SSDEEP

49152:4PlEi9Z3rIKlSA/aWR/KTZlgRNG0hmS2/9H/bH6TK3wjNT3L2Wk4hOVNFNzIXM/F:Wei9XlRaqN/2/JDMjN76WiFOM/hx7J

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

ca45c06f2ebb47b038de2578e3fa2ba68e6d04afa9cc04fc19c239ccfb1e78ad
.exe windows x86

c690c59be6f18a6577d0d2371043069f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA
SHAutoComplete

winmm

mixerGetLineControlsA
waveInReset
waveInStop
waveOutWrite
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInClose
PlaySoundA
mixerGetControlDetailsA
mixerSetControlDetails
waveOutPrepareHeader
mixerGetNumDevs
mixerGetDevCapsA
waveOutOpen
waveOutGetNumDevs
mixerOpen
mixerGetLineInfoA
mixerClose
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInUnprepareHeader

kernel32

GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
FatalAppExitA
IsBadWritePtr
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
SetStdHandle
LCMapStringW
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RaiseException
ExitThread
RtlUnwind
lstrcpyW
FindResourceExA
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
VirtualProtect
GetProfileIntA
GetProfileStringA
GetTempPathA
GetPrivateProfileSectionNamesA
EnumResourceLanguagesA
EnumResourceTypesA
EnumResourceNamesA
GetExitCodeThread
ResetEvent
GetDateFormatA
GetTimeFormatA
LCMapStringA
HeapSize
CreateEventA
HeapFree
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
GetVolumeInformationA
GetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SystemTimeToFileTime
LocalFileTimeToFileTime
CopyFileA
GetOEMCP
GetCPInfo
GetComputerNameA
GetTickCount
ReadFile
GetFileSize
CreateFileA
WriteFile
GetModuleFileNameA
OutputDebugStringA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
lstrcatA
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
lstrcpyA
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
SetFilePointer
RemoveDirectoryA
DeleteFileA
GetLastError
CreateDirectoryA
GetStdHandle
GetFileAttributesA
GetProcessVersion
TlsGetValue
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
SizeofResource
GlobalFlags
MulDiv
LocalLock
LocalUnlock
SetLastError
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
SuspendThread
SetThreadPriority
lstrcmpA
GetCurrentThread
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
FreeLibrary
GetVersion
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
LockResource
FindResourceA
LoadResource
LocalReAlloc
LocalSize
GlobalSize
GetProcessHeap
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CancelIo
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileStringA
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
PostQueuedCompletionStatus
InitializeCriticalSection
WritePrivateProfileStringA
GetPrivateProfileIntA

user32

EndPaint
BeginPaint
GetWindowDC
IsClipboardFormatAvailable
GetTabbedTextExtentA
LoadStringA
IsZoomed
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
DestroyMenu
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
MapDialogRect
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
PostQuitMessage
CharUpperA
wvsprintfA
OemToCharA
CharToOemA
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
TabbedTextOutA
GrayStringA
GetClassNameA
GetDialogBaseUnits
GetSysColorBrush
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
InvalidateRect
SendMessageA
EnableWindow
RegisterWindowMessageA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SendDlgItemMessageA
InsertMenuA
PeekMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
GetMenuStringA
RemoveMenu
DestroyIcon
CopyAcceleratorTableA
GetNextDlgGroupItem
GetDCEx
LockWindowUpdate
RegisterClipboardFormatA
SetParent
IsRectEmpty
InvertRect
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenuItemID
SetRect
wsprintfA
MessageBoxA
UpdateWindow
GetCursorPos
PtInRect
GetSubMenu
LoadMenuA
PostMessageA
GetWindowRect
GetClientRect
IsWindowVisible
SetTimer
KillTimer
GetDlgCtrlID
GetParent
CloseClipboard
SetClipboardData
EmptyClipboard
WindowFromDC
GetWindowThreadProcessId
UnregisterClassA
MsgWaitForMultipleObjects
CreateMenu
InSendMessage
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
ExcludeUpdateRgn
DefDlgProcA
GetClipboardFormatNameA
GetAsyncKeyState
IsWindowUnicode
GetWindowLongW
SetWindowLongW
GetDoubleClickTime
PostThreadMessageA
MapWindowPoints
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
IntersectRect
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
FillRect
GetSysColor
ShowScrollBar
CheckMenuRadioItem
GetMenuState
SetCursorPos
LoadMenuIndirectA
GetMenuStringW
LookupIconIdFromDirectoryEx
CopyImage
DrawFrameControl
GetCursor
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
UnionRect
DrawAnimatedRects
FindWindowA
EnumChildWindows
SetMenuDefaultItem
SetWindowRgn
CreatePopupMenu
GetMenuDefaultItem
GetWindowRgn
IsMenu
GetMenuItemInfoA
WaitMessage
MapVirtualKeyA
CopyIcon
CreateIconIndirect
GetIconInfo
CreateIconFromResourceEx
DrawFocusRect
DrawStateA
HideCaret
ShowCaret
DrawEdge
OpenClipboard
DeleteMenu
LoadCursorA
SetCursor
SystemParametersInfoA
GetClipboardData
DrawTextA
GetScrollBarInfo
DrawIconEx
GetKeyState
GetDC
ReleaseDC
SetClassLongA
ClipCursor
DestroyCursor
LoadImageA
GetWindowLongA
SetWindowLongA
RedrawWindow
GetDesktopWindow
GetFocus
SetMenu
GetMenu
GetSystemMenu
ReleaseCapture
SendMessageTimeoutA
SetWindowPos
CharNextA
CheckMenuItem
EnableMenuItem
GetMenuItemCount
ClientToScreen
ScreenToClient
SetCapture
GetWindow
WindowFromPoint
GetSystemMetrics
MessageBeep
InflateRect
OffsetRect
AppendMenuA

gdi32

SetBkMode
SetTextColor
TextOutA
StretchDIBits
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteDC
DeleteObject
SelectPalette
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
GetTextExtentPointA
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetCurrentPositionEx
SetArcDirection
SetStretchBltMode
PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
ExtCreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
Escape
CopyMetaFileA
CreateDCA
GetTextColor
GetBkColor
LPtoDP
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
CreateDIBitmap
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
ExtTextOutA
SetBkColor
CreateSolidBrush
CreatePen
CreateCompatibleBitmap
BitBlt
GetObjectA
GetDCOrgEx
GetClipBox
CreateBitmap
PatBlt
CreateRectRgnIndirect
GetTextExtentPoint32A
GetTextMetricsA
GetCharWidthA
CreateFontA
CreateFontIndirectA
GetDeviceCaps
GetStockObject
DPtoLP
GetMapMode
GetTextExtentPoint32W
PolyDraw
ExtTextOutW
CreatePatternBrush
SetRectRgn
CombineRgn
CreateRectRgn
StartDocA
SaveDC
OffsetClipRgn
ArcTo
Polygon
GetWindowOrgEx
StretchBlt
GetDIBits
SetPixel
GetPixel
GetTextAlign
PtInRegion
Rectangle
GetBitmapBits
ExtCreateRegion
GetCurrentObject
EnumFontFamiliesExA
GetRgnBox
CreatePolygonRgn
RoundRect
Polyline
GetViewportOrgEx
ExtFloodFill
Ellipse
SetBrushOrgEx
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
RestoreDC

comdlg32

ChooseColorA
FindTextA
ReplaceTextA
GetFileTitleA
PageSetupDlgA
PrintDlgA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueA
GetFileSecurityA
SetFileSecurityA

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
ShellExecuteA
SHAppBarMessage
ExtractIconA
ord71
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHGetMalloc

comctl32

CreatePropertySheetPageA
ImageList_Write
ImageList_Read
ImageList_Merge
ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ord14
ord13
ord17
ImageList_AddMasked
ImageList_ReplaceIcon
DestroyPropertySheetPage
PropertySheetA
ImageList_Remove
ImageList_Draw
ImageList_GetImageInfo
ImageList_Add
ImageList_GetIcon
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageCount
_TrackMouseEvent

oledlg

ord9
ord5
ord6
ord7
ord3
ord1
ord8
ord4

ole32

CoInitialize
GetRunningObjectTable
IsAccelerator
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
OleDuplicateData
CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleRun
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleTranslateAccelerator
CreateDataAdviseHolder
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegEnumVerbs
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CreateFileMoniker
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
OleQueryCreateFromData
OleQueryLinkFromData
OleLoad
OleIsRunning
CreateItemMoniker
CreateGenericComposite
GetClassFile
OleLockRunning
OleSetContainedObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleCreateLinkToFile
OleCreate
OleSave
GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
OleSaveToStream
OleSetMenuDescriptor
DoDragDrop
CoGetMalloc
ReadFmtUserTypeStg

olepro32

ord253

oleaut32

SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SysAllocString
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
SysStringLen
SysReAllocStringLen
LoadTypeLi
VariantCopy
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayPutElement
VariantInit
OleLoadPicturePath
VariantChangeTypeEx
SafeArrayCreateVector
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SafeArrayAccessData

ws2_32

WSACreateEvent
WSAEventSelect
WSAGetLastError
bind
listen
WSACleanup
WSAStartup
gethostname
gethostbyname
closesocket
getpeername
inet_ntoa
WSASocketA
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAIoctl
setsockopt
accept
socket
WSARecv
WSASend
WSACloseEvent
send
ntohs
shutdown
getsockname
ioctlsocket
recv
__WSAFDIsSet
select
connect
inet_addr
htons

pdh

PdhOpenQueryA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddCounterA
PdhCloseQuery

avifil32

AVIFileExit
AVIStreamSetFormat
AVIFileCreateStreamA
AVIFileOpenA
AVIStreamWrite
AVIFileRelease
AVIFileInit
AVIStreamRelease

msvfw32

ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICDecompress
DrawDibOpen
DrawDibClose
DrawDibDraw

dbghelp

MiniDumpWriteDump

wininet

FtpDeleteFileA
FtpRenameFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpOpenFileA
FtpPutFileA
FtpGetFileA
GopherCreateLocatorA
GopherGetAttributeA
GopherOpenFileA
HttpOpenRequestA
InternetErrorDlg
HttpAddRequestHeadersA
HttpSendRequestA
HttpEndRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpFindFirstFileA
InternetFindNextFileA
GopherFindFirstFileA
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetReadFile
InternetConnectA
InternetWriteFile
InternetSetFilePointer
InternetGetCookieA
InternetSetCookieA
InternetSetStatusCallback
InternetSetOptionExA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetConnectedState

imm32

ImmAssociateContext

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 744KB - Virtual size: 741KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c690c59be6f18a6577d0d2371043069f

Headers

File Characteristics

Imports

shlwapi

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

ws2_32

pdh

avifil32

msvfw32

dbghelp

wininet

imm32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 112KB - Virtual size: 108KB

.rdata Size: 480KB - Virtual size: 477KB

.data Size: 1.8MB - Virtual size: 2.3MB

.rsrc Size: 744KB - Virtual size: 741KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 112KB - Virtual size: 108KB

.rdata
Size: 480KB - Virtual size: 477KB

.data
Size: 1.8MB - Virtual size: 2.3MB

.rsrc
Size: 744KB - Virtual size: 741KB