gh0strat | cfbdd60f47f9cef738d967c84731e4e432827d9c56ea19eb82d4d1ddb4e9df5a

General

Target

cfbdd60f47f9cef738d967c84731e4e432827d9c56ea19eb82d4d1ddb4e9df5a
Size

24KB
MD5

454eeba83f55cb2b0e6a58ae611f54d9
SHA1

1f77a94f4ab16fddb58d3e2c551f7cff27551fd9
SHA256

cfbdd60f47f9cef738d967c84731e4e432827d9c56ea19eb82d4d1ddb4e9df5a
SHA512

b39767b6584354eeef80fcfa502f1c1e98a418cbbaa04a1286fdb04747bdfd4398afae339920240021c95673bf5320b087b26309a0277bc0a4ec98dbdd6b2e33
SSDEEP

384:ohXC8UXcnW4RdXl4TNsIZhF61ANkgUZ5nSWcMZMuVmrys2EACV6I19J+:wS8UQ0BsIZhF8AN8QYMuG2Eh+

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

cfbdd60f47f9cef738d967c84731e4e432827d9c56ea19eb82d4d1ddb4e9df5a
.exe windows x86

46be7a3f97b1f450eb737934702f5792

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringA
WritePrivateProfileStringA
CreateDirectoryA
GetFileAttributesA
SetUnhandledExceptionFilter
ReleaseMutex
GetModuleFileNameA
GetCommandLineA
CreateThread
GetCurrentThreadId
GetStartupInfoA
SetFilePointer
ReadFile
GetWindowsDirectoryA
SetLastError
lstrcpyA
GetTempPathA
GetTickCount
FindResourceA
LoadResource
CreateFileA
GetSystemDirectoryA
lstrcatA
FindFirstFileA
LocalFileTimeToFileTime
SetFileTime
SizeofResource
WriteFile
FreeResource
MoveFileA
lstrcmpiA
DeleteFileA
GetLastError
GetModuleHandleA
OutputDebugStringA
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
ExitProcess
Sleep
lstrlenA
CreateMutexA

user32

GetWindow
SetForegroundWindow
IsWindow
GetCursorPos
CreateWindowExA
WindowFromPoint
GetClassNameA
GetTopWindow
GetDesktopWindow
SendMessageA
MessageBoxA
wsprintfA
GetMessageA
PostThreadMessageA
GetWindowTextA
GetWindowRect
SetCursorPos
mouse_event
GetInputState

advapi32

AdjustTokenPrivileges
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
RegRestoreKeyA
RegCreateKeyExA
RegCloseKey
RegSaveKeyA
RegOpenKeyExA
RegCreateKeyA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
StartServiceA
OpenServiceA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

msvcrt

strchr
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
strstr
??2@YAPAXI@Z
_except_handler3
__CxxFrameHandler
realloc
malloc
??3@YAXPAX@Z
rand

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46be7a3f97b1f450eb737934702f5792

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 11KB - Virtual size: 11KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 11KB - Virtual size: 11KB