gh0strat | 46ae502fa81edd93620b5d37634545448b4cc6bc1363cdc6e6298302b42c7965

Sharing

Copy URL Twitter E-mail

General

Target

46ae502fa81edd93620b5d37634545448b4cc6bc1363cdc6e6298302b42c7965
Size

244KB
MD5

0a208334beaabc3de7c93945c0c15791
SHA1

4390aeed968f44f22c0c19a10e6ca2c9e40d427a
SHA256

46ae502fa81edd93620b5d37634545448b4cc6bc1363cdc6e6298302b42c7965
SHA512

94c4734897ab80f8072c6cb7a609f5245de31dd779bdafc8f679381c43315bc183227543f0465d52f9d3785d5d10a7488ca7b821e67bf15d92ee62cda8051d1a
SSDEEP

6144:5WyU2iYOFTBlo8HcasEhgpgmRWiER5BwnfR6ag+OD:s2MFT3igg2YUnMZY7

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

46ae502fa81edd93620b5d37634545448b4cc6bc1363cdc6e6298302b42c7965
.exe windows x86

8c3b5ddab2a51f9bc13910316b6dfd61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

msvcrt

__p__fmode
__p__commode
_stricmp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_beginthreadex
_except_handler3
__set_app_type
exit
strrchr
_mkdir
puts
ceil
memmove
atoi
strncpy
atol
strstr
free
malloc
realloc
_ftol
??2@YAPAXI@Z
_CxxThrowException
??3@YAXPAX@Z
__CxxFrameHandler
_controlfp
_strcmpi

shlwapi

PathFindExtensionA

ws2_32

setsockopt
closesocket
getsockname
socket
WSAIoctl
connect
gethostbyname
htons
select
recv
WSACleanup
WSAStartup
send

kernel32

Process32First
Process32Next
lstrcmpiA
DeleteFileA
MoveFileA
MoveFileExA
TerminateThread
lstrcpyA
CreateProcessA
HeapAlloc
WriteFile
LocalSize
LocalFree
CreateDirectoryA
GetFileAttributesA
CreateFileA
ReadFile
LocalReAlloc
LocalAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
GetTempPathA
GetModuleFileNameA
CreateMutexA
GetWindowsDirectoryA
GetCurrentThreadId
GetProcessHeap
VirtualProtect
IsBadReadPtr
HeapFree
FreeLibrary
GetModuleHandleA
GetStartupInfoA
SetFilePointer
CreateEventA
CloseHandle
WaitForSingleObject
SetEvent
InterlockedExchange
CancelIo
Sleep
ResetEvent
GlobalMemoryStatusEx
lstrlenA
lstrcatA
GetTickCount
GetDiskFreeSpaceExA
GetDriveTypeA
GetSystemInfo
GetVersionExA
GetProcAddress
LoadLibraryA
OpenEventA
SetErrorMode
GetLastError
GetFileSize

user32

GetThreadDesktop
OpenDesktopA
GetDlgItemTextA
MessageBoxA
GetUserObjectInformationA
SendMessageA
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
DialogBoxParamA
wsprintfA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
EndDialog
GetDlgItem
PostQuitMessage

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA

shell32

SHFileOperationA

comctl32

ord17

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString

iphlpapi

GetIfTable

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c3b5ddab2a51f9bc13910316b6dfd61

Headers

File Characteristics

Imports

wininet

msvcrt

shlwapi

ws2_32

kernel32

user32

advapi32

shell32

comctl32

ole32

oleaut32

iphlpapi

msvcp60

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 172KB - Virtual size: 170KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 172KB - Virtual size: 170KB