gh0strat | 0029683632de516d4b5385e25e695d04ae1ec905a6efd006527d632cb3f0e2e1

General

Target

0029683632de516d4b5385e25e695d04ae1ec905a6efd006527d632cb3f0e2e1
Size

780KB
MD5

91beedc33383f3b067324351e0f297b0
SHA1

ba49238970179378cda33f1d3c9ce3ffbb4d4109
SHA256

0029683632de516d4b5385e25e695d04ae1ec905a6efd006527d632cb3f0e2e1
SHA512

f5014305c494aa016691bacd066646b9e3ae6ce57ef5e74a85e132b4adbada21fea1198c90ab9d0859409713879dd7e5dbaa09f98615b9ce5de42d5673649768
SSDEEP

3072:JF2cfxkE32sQbMm2rAxLxK1cJAPTBftFh1AKPunALVketJi8iAH8:JkFsQbEYLxKKAPTBlFh1FunAxHt4S8

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

0029683632de516d4b5385e25e695d04ae1ec905a6efd006527d632cb3f0e2e1
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

AddMRUStringW
CreateMRUListW
CreateMappedBitmap
CreatePropertySheetPage
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
CreateStatusWindowA
CreateStatusWindowW
CreateToolbar
CreateToolbarEx
CreateUpDownControl
DPA_Create
DPA_DeleteAllPtrs
DPA_DeletePtr
DPA_Destroy
DPA_DestroyCallback
DPA_EnumCallback
DPA_GetPtr
DPA_InsertPtr
DPA_Search
DPA_SetPtr
DPA_Sort
DSA_Create
DSA_DeleteAllItems
DSA_Destroy
DSA_DestroyCallback
DSA_GetItemPtr
DSA_InsertItem
DefSubclassProc
DestroyPropertySheetPage
DllGetVersion
DllInstall
DrawInsert
DrawStatusText
DrawStatusTextA
DrawStatusTextW
EnumMRUListW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollProp
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
FreeMRUList
GetEffectiveClientRect

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 12KB - Virtual size: 15KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 12KB - Virtual size: 15KB

.reloc
Size: 8KB - Virtual size: 6KB