gh0strat | 3a768a56e81a3b7eef6ee3561791224e39af334e4cff85afd0a84178874c0fc9

Sharing

Copy URL

Twitter E-mail

General

Target

3a768a56e81a3b7eef6ee3561791224e39af334e4cff85afd0a84178874c0fc9
Size

152KB
MD5

3f171fbb1e271a794da0858edb26e6f0
SHA1

6484d42d8eb042914e9e02500a67b7d69df792ba
SHA256

3a768a56e81a3b7eef6ee3561791224e39af334e4cff85afd0a84178874c0fc9
SHA512

1a4d9e302e07210a51acb926ed488b4f7c25419ada668c35c00ae807b31396c6e413269574b7e0e886dc12af6a9eaf228807ddad78b819a95ebe9444177698f6
SSDEEP

3072:eUeaqfGUZw7WPVHQpV0UjOhAWvf9QhSTmTTBftSha8VOjJ:waOA+GpV0UMAWvf9QhSTmTTBlSha8

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

3a768a56e81a3b7eef6ee3561791224e39af334e4cff85afd0a84178874c0fc9
.dll windows x86

03e26cded6c6893fc0265329d8c92c3c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExA
DestroyWindow
MessageBoxA
CloseWindowStation
LoadCursorA
DestroyCursor
GetCursorInfo
GetClassNameA
GetWindow
ShowWindow
EnableWindow
wsprintfA
wvsprintfA

kernel32

FreeLibrary
RaiseException
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetLongPathNameA
GetTempPathA
SetEnvironmentVariableA
MultiByteToWideChar
lstrcmpA
GetFileAttributesExA
GetExitCodeProcess
ExitProcess
CloseHandle
Sleep
lstrcatA
GetModuleFileNameA
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
GetModuleHandleA
VirtualQuery
IsBadWritePtr
ExpandEnvironmentStringsA
GetLastError
lstrcpyA
lstrlenA
LocalFree
LocalReAlloc
LocalAlloc
GetTickCount
GlobalUnlock
GlobalLock
GlobalSize
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
HeapAlloc
InterlockedExchange
GlobalFree
GlobalAlloc
GetProcAddress
lstrcmpiA
GetVersionExA
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetTempFileNameA
LocalSize
GetSystemInfo
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
LoadLibraryA
GetSystemDirectoryA
GetCurrentProcessId
VirtualFree
DeleteFileA
RemoveDirectoryA
ExitThread
IsBadReadPtr
IsBadStringPtrW
VirtualAlloc

msvcrt

_ftol
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_stricmp
_wcsicmp
_memicmp
_strlwr
_strupr
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
free
malloc
_except_handler3
strstr
strrchr
strchr
strncat
strncpy
_beginthreadex
_CxxThrowException
wcsrchr
wcslen
atoi
rand
srand
strtol
wcstombs
memmove
ceil
realloc

Exports

Exports

VidBitBlt
VidBufferToScreenBlt
VidCleanUp
VidDisplayString
VidDisplayStringXY
VidInitialize
VidResetDisplay
VidScreenToBufferBlt
VidSetScrollRegion
VidSetTextColor

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03e26cded6c6893fc0265329d8c92c3c

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB