gh0strat | 95ef7ef06fa934f5193636f6a3cd77590e98d6c34d622448d20e9678a28fd585

General

Target

95ef7ef06fa934f5193636f6a3cd77590e98d6c34d622448d20e9678a28fd585
Size

335KB
MD5

576c944d763c21d3d096fb2041bdfb39
SHA1

035fb33ced84087e2007a03c69bd38c298ced8bd
SHA256

95ef7ef06fa934f5193636f6a3cd77590e98d6c34d622448d20e9678a28fd585
SHA512

d478aed02c9faea2261d4372780c252bdc0f74aacdc6382913b9dd8bec51db7c6e8c83efe91969af39909fd51361a188b5c4bea76fa65fd0098d0fda017b24d1
SSDEEP

6144:dedLNomEVppa3+Q8L9ai7JAHJdlRY5wALXqo1jmUZxL6xQGQW8w:dMymazO+QIaoAp3u3LXqs76l5

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

95ef7ef06fa934f5193636f6a3cd77590e98d6c34d622448d20e9678a28fd585
.exe windows x86

fb295a4131f841666dd62a7c5941780d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
ExitProcess
FreeResource
CloseHandle
lstrlenA
WriteFile
SizeofResource
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
LoadResource
FindResourceA
lstrcpyA
lstrcmpiA
SetLastError
GetLastError
lstrcatA
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
ReadFile
SetFilePointer
GetModuleFileNameA
FreeLibrary
Sleep
WinExec
GetLocalTime
CopyFileA
lstrcmpA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
DeleteFileA
SetFileAttributesA
MoveFileA
GetFileAttributesA
CreateDirectoryA
ExpandEnvironmentStringsA
CreateThread
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
GetCurrentThreadId
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA
GetModuleHandleA

msvcrt

sprintf
_except_handler3
realloc
malloc
fopen
rand
srand
time
fclose
fputs
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler
strchr
??2@YAPAXI@Z
strtok
_strrev

Sections

111
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tc
Size: 199KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb295a4131f841666dd62a7c5941780d

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

111 Size: 19KB - Virtual size: 18KB

.rsrc Size: 115KB - Virtual size: 115KB

.tc Size: 199KB - Virtual size: 200KB

111
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 115KB - Virtual size: 115KB

.tc
Size: 199KB - Virtual size: 200KB