gh0strat | 22f885067fab0edec4e96d20bfbdf62df899c202b422dbac133dee775695b81e

Sharing

Copy URL Twitter E-mail

General

Target

22f885067fab0edec4e96d20bfbdf62df899c202b422dbac133dee775695b81e
Size

776KB
MD5

59855678fc0907ad699eadd2643aa8f4
SHA1

cdfb617215b92b8bdfc9b27253a50712be188f84
SHA256

22f885067fab0edec4e96d20bfbdf62df899c202b422dbac133dee775695b81e
SHA512

9bade51bc3708fc17e4142d68b8a101fb6ca0eebcba8946626971e2730b3f1fb6f6997ff402f8bc1ff06cd171a8c795ac6430b20d194439f25666d996ce0d2eb
SSDEEP

12288:FAfta46pFgABPXr+TMv9BLW6CmMm1lRyHM57gp3x/3jDj:etUFgABPXr+TMv9B5C21iHM576x/3Xj

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

22f885067fab0edec4e96d20bfbdf62df899c202b422dbac133dee775695b81e
.exe windows x86

b2506347eb9967f5998f3db6453d6bfb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

kernel32

lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
GetWindowsDirectoryA
FreeLibrary
MultiByteToWideChar
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetCurrentProcess
GetVersion
DeviceIoControl
GetSystemDirectoryA
GetLocalTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetTickCount
GetModuleFileNameA
OpenEventA
CreateMutexA
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
LocalSize
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentThreadId
GetModuleHandleA
CreateEventA
CloseHandle
TerminateThread
GetProcAddress
LoadLibraryA
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
WideCharToMultiByte
ResetEvent
lstrcpyA
Sleep
InterlockedExchange
CancelIo

user32

SetClipboardData
CloseClipboard
mouse_event
SetCursorPos
GetMessageA
CreateWindowExA
CloseWindow
GetClientRect
SendMessageA
GetDlgItem
SetDlgItemTextA
GetDlgItemTextA
SetWindowPos
ShowWindow
UpdateWindow
CreateDialogParamA
EndDialog
wsprintfA
TranslateMessage
DestroyCursor
ExitWindowsEx
GetWindowTextA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
GetCursorPos
GetCursorInfo
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
MessageBoxA
CharNextA
LoadCursorA
BlockInput
WindowFromPoint
SystemParametersInfoA
keybd_event
MapVirtualKeyA
SetCapture
EmptyClipboard

gdi32

CreateCompatibleBitmap
GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject

advapi32

LookupAccountNameA
IsValidSid
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString

msvcrt

strncat
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
vsprintf
sprintf
_beginthreadex
_strcmpi
wcscpy
_errno
strncpy
strncmp
atoi
exit
strrchr
_except_handler3
free
malloc
strchr
_purecall
strstr
_ftol
ceil
memmove
_CxxThrowException
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z

winmm

waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInStart
waveOutWrite
waveInStop
waveInClose
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInUnprepareHeader

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ws2_32

htons
gethostbyname
socket
ntohs
recv
closesocket
select
send
inet_ntoa
inet_addr
connect
bind
getpeername
accept
listen
WSACleanup
sendto
recvfrom
__WSAFDIsSet
gethostname
WSAStartup
WSAIoctl
setsockopt
getsockname

urlmon

URLDownloadToFileA

netapi32

NetLocalGroupAddMembers
NetUserAdd

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Sections

.text
Size: 400KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2506347eb9967f5998f3db6453d6bfb

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcrt

winmm

msvcp60

ws2_32

urlmon

netapi32

psapi

wtsapi32

Sections

.text Size: 400KB - Virtual size: 398KB

.rodata Size: 12KB - Virtual size: 10KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 12KB - Virtual size: 471KB

.rsrc Size: 304KB - Virtual size: 304KB

.text
Size: 400KB - Virtual size: 398KB

.rodata
Size: 12KB - Virtual size: 10KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 12KB - Virtual size: 471KB

.rsrc
Size: 304KB - Virtual size: 304KB