gh0strat | 9e16a45c2431b9e2f319d5047e73634e751e29ea6656d1c7da3c993a5e781d6f

General

Target

9e16a45c2431b9e2f319d5047e73634e751e29ea6656d1c7da3c993a5e781d6f
Size

212KB
MD5

24fd48d8cf832c91e2ce13b0c6cd3e9e
SHA1

7c39d34937e539fe1d9a071634c1e9a75947f1df
SHA256

9e16a45c2431b9e2f319d5047e73634e751e29ea6656d1c7da3c993a5e781d6f
SHA512

04bc0ba4c22f106e914c19a2b69637af1db858b18ab92a69c1370bf53058efca912ed69e12602bc022a175f563cfa0c77347661dce85be7bfbad0d57a251025a
SSDEEP

3072:0z3FAlDCzBf5deWkfsXh7BG98h8ry/sarXrOU2yClbxt:AVvN5dp7Y9YGy06XrYywxt

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

9e16a45c2431b9e2f319d5047e73634e751e29ea6656d1c7da3c993a5e781d6f
.exe windows x86

eec0b8986f99bf25c32694d8b5f2c9dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
CreateProcessA
GetSystemDirectoryA
lstrlenA
FindResourceA
SizeofResource
LoadResource
GlobalAlloc
LockResource
GlobalFree
CreateFileA
WriteFile
CloseHandle
HeapAlloc
HeapFree
GetStringTypeA
FlushFileBuffers
LCMapStringW
LCMapStringA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadCodePtr
GetLastError
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueExA

ole32

CoUninitialize
CoInitialize
CoCreateGuid

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eec0b8986f99bf25c32694d8b5f2c9dd

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 168KB - Virtual size: 164KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 168KB - Virtual size: 164KB