gh0strat | 5b6f8bff5a309a0be7a88d2af9c2886f9926292c2846032db5c35f774d162b03

Sharing

Copy URL Twitter E-mail

General

Target

5b6f8bff5a309a0be7a88d2af9c2886f9926292c2846032db5c35f774d162b03
Size

164KB
MD5

354e854c034ca3a833abb7b85a00b410
SHA1

b3b5fe2a58cf644297e5f1898fcca2ba8034a40b
SHA256

5b6f8bff5a309a0be7a88d2af9c2886f9926292c2846032db5c35f774d162b03
SHA512

367d8fcbfbe32b67cff0fa85a5df85303225bccb5bc19ec55a7d05cb4331e93f28b74a0a5ef2911077efb5461a033c6001ac2955e354ffadd1c9c4028401098a
SSDEEP

3072:9CzB25deWkfsXh7BG98h8ry/sarXrOU2yClzxt:k85dp7Y9YGy06XrYyQxt

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

5b6f8bff5a309a0be7a88d2af9c2886f9926292c2846032db5c35f774d162b03
.dll windows x86

f4d2122f72c8c0e258eb10e15320965a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseMutex
OutputDebugStringA
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
GlobalUnlock
GlobalLock
GlobalSize
GlobalFree
GlobalAlloc
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
UnmapViewOfFile
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
HeapSize
ExitProcess
GetModuleHandleA
TlsFree
TlsAlloc
GetVersion
GetCommandLineA
ExitThread
TlsGetValue
TlsSetValue
HeapReAlloc
RaiseException
InterlockedIncrement
InterlockedDecrement
RtlUnwind
HeapAlloc
CreateFileMappingA
MapViewOfFile
GetProcessHeap
HeapFree
GetLocalTime
GetTickCount
MoveFileExA
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
GetSystemDirectoryA
SetLastError
GetModuleFileNameA
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
CreateEventA
FindFirstFileA
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetVersionExA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcatA
lstrlenA
CancelIo
Sleep
lstrcpyA
ResetEvent
LocalAlloc
LocalSize
LocalReAlloc
WideCharToMultiByte
InterlockedExchange
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle

user32

GetUserObjectInformationA
OpenClipboard
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
GetClientRect
wsprintfA
CharNextA
GetWindowTextA
GetActiveWindow
GetKeyNameTextA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
LoadCursorA
DestroyCursor
SetClipboardData
EmptyClipboard
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
GetCursorPos
ExitWindowsEx
EnumWindows
GetClipboardData
BlockInput
SystemParametersInfoA
IsWindowVisible
PostMessageA
ShowWindow
SendMessageA
GetSystemMetrics
CloseClipboard
OpenDesktopA
GetThreadDesktop
CloseDesktop
OpenInputDesktop
SetThreadDesktop

gdi32

DeleteObject
CreateCompatibleBitmap
GetDIBits
SelectObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateDIBSection

advapi32

QueryServiceStatus
StartServiceA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
EnumServicesStatusA
QueryServiceConfigA
RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegisterServiceCtrlHandlerA
SetServiceStatus
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
OpenSCManagerA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey

shell32

SHGetFileInfoA

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

shlwapi

SHDeleteKeyA
PathStripPathA

winmm

waveOutReset
waveOutUnprepareHeader
waveOutClose
waveInReset
waveInUnprepareHeader
waveInAddBuffer
waveInStop
waveOutWrite
waveInStart
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInClose

ws2_32

closesocket
htons
gethostbyname
WSAStartup
WSACleanup
WSAIoctl
setsockopt
getsockname
gethostname
send
select
socket
recv
ntohs
connect

imm32

ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext

msvfw32

ICSeqCompressFrameStart
ICSeqCompressFrame
ICOpen
ICClose
ICSendMessage
ICSeqCompressFrameEnd
ICCompressorFree

avicap32

capGetDriverDescriptionA

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

FirstRun
MainRun
ServiceMain
TestRun

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4d2122f72c8c0e258eb10e15320965a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

shlwapi

winmm

ws2_32

imm32

msvfw32

avicap32

psapi

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 20KB - Virtual size: 26KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 20KB - Virtual size: 26KB

.reloc
Size: 12KB - Virtual size: 8KB