gh0strat | cd4d51afb7ad47dcb421a97ea37ea59225d2406e4ff1074927960e8ae2972b12

Sharing

Copy URL Twitter E-mail

General

Target

cd4d51afb7ad47dcb421a97ea37ea59225d2406e4ff1074927960e8ae2972b12
Size

40KB
MD5

931c8dc2cd0ab77db04077b9d2ea073e
SHA1

8c58b3991c4c34c72bd505aa21f9111b18e50e53
SHA256

cd4d51afb7ad47dcb421a97ea37ea59225d2406e4ff1074927960e8ae2972b12
SHA512

838798139c30d286b5caaa03313e216e52945726bef54de24d01ba718fbe9636bb76c4df3545e006b59a7c7cb77e234c2d51d02b8390c2a3685c76552ddc0168
SSDEEP

768:0kIAaaE/KYUgj05S/I0sRUWHD401CrFaKYnkG49sBlDe9ILlw:0Z4Eyn565Wz1kGbqMu

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

cd4d51afb7ad47dcb421a97ea37ea59225d2406e4ff1074927960e8ae2972b12
.exe windows x86

73d1b7e3957ff309dd0392b84f972c31

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_beginthreadex
_access
sprintf
_except_handler3
free
realloc
malloc
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
memmove
??3@YAXPAX@Z

kernel32

GetStartupInfoA
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpiA
CopyFileA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
Sleep
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
SetEvent
InterlockedExchange
CancelIo
WriteFile
SetFilePointer
CreateFileA
GetFileSize
ReadFile
GetWindowsDirectoryA
GetFileAttributesA
CreateProcessA
lstrlenA
TerminateThread
lstrcatA
GetTickCount
GetLastError
GetCurrentProcess
HeapAlloc
GetProcessHeap
VirtualProtect
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExA
ExitProcess
GetCurrentThreadId
DeleteFileA
DuplicateHandle
OpenProcess
CreateDirectoryA
GetLocalTime
OpenEventA
WinExec
ExpandEnvironmentStringsA
GetModuleFileNameA

user32

OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
OpenDesktopA
PostThreadMessageA
GetInputState
GetMessageA
ExitWindowsEx
wsprintfA
CloseDesktop

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
OpenServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
OpenSCManagerA

shell32

ShellExecuteA

ws2_32

connect
htons
gethostbyname
socket
closesocket
ntohs
recv
select
send
gethostname
getsockname
WSAIoctl
WSACleanup
WSAStartup
setsockopt

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73d1b7e3957ff309dd0392b84f972c31

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ws2_32

wininet

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 3KB