gh0strat | dc07c526a3a21e8014f51754e917aff23dd86f51d9d16efcaf886d46548c08aa

Sharing

Copy URL Twitter E-mail

General

Target

dc07c526a3a21e8014f51754e917aff23dd86f51d9d16efcaf886d46548c08aa
Size

125KB
MD5

93dfa0ca95f668537b81c91ef26b10e2
SHA1

58a91a3c2975fad22722d1020c71812c27e45e38
SHA256

dc07c526a3a21e8014f51754e917aff23dd86f51d9d16efcaf886d46548c08aa
SHA512

b1eacb271d630ac4f211edd48ac6e198de696ec1f135771e82b2784143bb1393e57f25a244eb765d0a4eb5c73f2c2ec35565c5660d159ec71b949a9cf75d8ec1
SSDEEP

3072:47X0DEUo4J4EImX1Tl851gYqqSfX1CoR0X:4T0DNz4rcPqgjbFC1

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

dc07c526a3a21e8014f51754e917aff23dd86f51d9d16efcaf886d46548c08aa
.dll windows x86

3f64f0f11c5ba510720b17f02c3143aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CancelIo
Sleep
GetFileAttributesA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
GetLastError
CreateDirectoryA
lstrlenA
GetDiskFreeSpaceExA
FindClose
LocalFree
LocalReAlloc
LocalAlloc
GetFileSize
CreateFileA
ReadFile
WriteFile
MoveFileA
lstrcatA
GetCurrentProcess
GetLocalTime
GetTickCount
HeapFree
GetProcessHeap
HeapAlloc
OutputDebugStringA
ResetEvent
InterlockedExchange
VirtualFree
VirtualAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
GlobalMemoryStatusEx
DeviceIoControl
GetSystemInfo
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
CreateRemoteThread
GetModuleHandleA
OpenProcess
Module32Next
Module32First
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateThread
ResumeThread
CreateEventA
SetEvent
WaitForSingleObject
DeleteFileA
LoadLibraryA
RaiseException
GetProcAddress
lstrcpyA
CloseHandle

gdi32

DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GetDIBits
BitBlt
DeleteObject
GetStockObject

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

msvcrt

strncpy
fclose
fwrite
fopen
sprintf
realloc
atoi
strncmp
strncat
strchr
atol
strrchr
_snprintf
calloc
_initterm
_adjust_fdiv
_strnicmp
_stricmp
_strrev
_strnset
malloc
_strcmpi
free
_except_handler3
strstr
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
_beginthreadex
??2@YAPAXI@Z

winmm

waveOutOpen
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveOutPrepareHeader
waveInGetNumDevs

userenv

GetProfilesDirectoryA
GetUserProfileDirectoryA

msvcp60

?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

msvfw32

ICClose
ICCompressorFree
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrame
ICSeqCompressFrameEnd

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

main

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f64f0f11c5ba510720b17f02c3143aa

Headers

File Characteristics

Imports

kernel32

gdi32

shell32

msvcrt

winmm

userenv

msvcp60

msvfw32

wtsapi32

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 11KB - Virtual size: 83KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 11KB - Virtual size: 83KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB