gh0strat | 83c71a25bd2c2cbf0a56c2676335522c59ef6ed88363e271e2f9ce2211c2984e

General

Target

83c71a25bd2c2cbf0a56c2676335522c59ef6ed88363e271e2f9ce2211c2984e
Size

334KB
MD5

eef89bf44f944635ba4c803a0ea875b9
SHA1

87381ac389c2e0a5995591015457e991cd0c2b9d
SHA256

83c71a25bd2c2cbf0a56c2676335522c59ef6ed88363e271e2f9ce2211c2984e
SHA512

1783fb8292010bc11abe5d20bd2d50c4a63cf4f0b603f6d1408bf5ab7312575e57751e2e9d40fb8515762aca5426e27a31711d96f4f4b8ff5f34afc35e54a14a
SSDEEP

6144:9CtzQf1ffrHBPfKOWG8/VY/dUcxrW7qkO:9WQfxLdfKdp9mdUcxW9O

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

83c71a25bd2c2cbf0a56c2676335522c59ef6ed88363e271e2f9ce2211c2984e
.exe windows x86

d572382ee5fce4df2c47955dccf28077

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetLocalTime
Sleep
CreateThread
FreeLibrary
GetCurrentProcessId
HeapAlloc
GetProcessHeap
MoveFileA
lstrcatA
MultiByteToWideChar
lstrlenA
HeapFree
GlobalUnlock
OpenProcess
GetCurrentProcess
CloseHandle
InterlockedExchange
LocalAlloc
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
SetFilePointer
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
SetStdHandle

msvfw32

ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrame

Exports

Exports

aabbccdd
daxuewuli
eeffgghh
gaoshu
gongchengshuxue
iijjkkmm

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 27KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d572382ee5fce4df2c47955dccf28077

Headers

File Characteristics

Imports

kernel32

msvfw32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 172KB

.data Size: 27KB - Virtual size: 36KB

.rsrc Size: 134KB - Virtual size: 136KB

.text
Size: 172KB - Virtual size: 172KB

.data
Size: 27KB - Virtual size: 36KB

.rsrc
Size: 134KB - Virtual size: 136KB