gh0strat | 18df76d065e1e16e001556b0a9f358a5c4566171101ee2971e674771b73285a4

Sharing

Copy URL Twitter E-mail

General

Target

18df76d065e1e16e001556b0a9f358a5c4566171101ee2971e674771b73285a4
Size

328KB
MD5

3b45187ac52856016b2602d2b29fb182
SHA1

5205b7b31209b751a7b35f9f51b181148d810fec
SHA256

18df76d065e1e16e001556b0a9f358a5c4566171101ee2971e674771b73285a4
SHA512

ff688860f0a0ccf23f44c3ba78d9ef1c80aec65629e2119ab11c84ed225cff2f94a80c78e4d1cfba4067e6aadf3d19b05e530d3ce811d9eb2b855966166f4303
SSDEEP

6144:4THZm1aJMbtyKA+J5WCer+TJXkjw/clXZu53pa4:WHZm1a40KA+J5WCer+Ttkjw2XM53p

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

18df76d065e1e16e001556b0a9f358a5c4566171101ee2971e674771b73285a4
.exe windows x86

d73973e4822be3f66c78ab875fe74c8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
calloc
_beginthreadex
fopen
fputs
fclose
sprintf
printf
atoi
strncat
memmove
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
??1type_info@@UAE@XZ
memcpy
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
strlen
??0exception@@QAE@ABV0@@Z
_mkdir
_strnicmp
_strnset
malloc
free
_except_handler3
strstr
strrchr
strncpy
wcscpy
_ftol
exit

kernel32

LocalAlloc
InterlockedExchange
RaiseException
GlobalAlloc
FreeLibrary
GetStartupInfoA
GetModuleHandleA
GetLastError
GlobalLock
GlobalUnlock
GlobalFree
ReadFile
RemoveDirectoryA
GetSystemInfo
GetTickCount
GlobalMemoryStatus
GetCurrentProcess
GetPriorityClass
GetCurrentThread
GetThreadPriority
SetPriorityClass
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
MoveFileA
FindFirstFileA
LocalFree
FindClose
GetDriveTypeA
lstrcatA
CreateProcessA
lstrlenA
lstrcpyA
CreateDirectoryA
GetProcAddress
LoadLibraryA
lstrcmpA
GetVersionExA
DeleteFileA

user32

GetDC
GetDesktopWindow
LoadCursorA
DestroyCursor
ReleaseDC
keybd_event
SetCapture
WindowFromPoint
SetCursorPos
GetSystemMetrics
OpenClipboard
GetClipboardData
CreateWindowExA
PostMessageA
GetThreadDesktop
IsWindowVisible
GetWindowThreadProcessId
GetKeyState
GetAsyncKeyState
GetForegroundWindow
EmptyClipboard
SetRect
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowPos
ShowWindow
CreateDialogParamA
EndDialog
SendMessageA
GetDlgItem
SetDlgItemTextA
GetWindowTextA
wsprintfA
CharNextA
GetDlgItemTextA
IsWindow

gdi32

CreateDIBSection
DeleteObject
DeleteDC
BitBlt
GetDIBits
SelectObject
CreateCompatibleBitmap

winmm

waveInGetNumDevs
waveOutWrite
waveInStop
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveInPrepareHeader
waveInStart

Sections

.text
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d73973e4822be3f66c78ab875fe74c8b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

winmm

Sections

.text Size: 244KB - Virtual size: 240KB

.rodata Size: 12KB - Virtual size: 10KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 16KB - Virtual size: 217KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 244KB - Virtual size: 240KB

.rodata
Size: 12KB - Virtual size: 10KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 16KB - Virtual size: 217KB

.rsrc
Size: 12KB - Virtual size: 11KB