gh0strat | d81bc6c7ab48b1f1c7de83d5c50e2cb31ef938034c97d9ed725484296aa27758

Sharing

Copy URL Twitter E-mail

General

Target

d81bc6c7ab48b1f1c7de83d5c50e2cb31ef938034c97d9ed725484296aa27758
Size

136KB
MD5

2f742e0fc4248ac3fc310e548086847e
SHA1

08ba3d15ecfb428c6f0164be0329394003abc994
SHA256

d81bc6c7ab48b1f1c7de83d5c50e2cb31ef938034c97d9ed725484296aa27758
SHA512

8ccff70189eb82f5502837fe60d9520e23004b742e51ddd4d3e1560149e3af8717b065e554e8d12ef2a7b671b5f3892de59f4ad29515714003d48f71a45fef70
SSDEEP

3072:RQjeJtA2rQzog2bzM9oSntU7B4cZjA0u8gsBcRd9Cj:ajeJfVMx6Nq03aRnk

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

d81bc6c7ab48b1f1c7de83d5c50e2cb31ef938034c97d9ed725484296aa27758
.dll windows x86

9d2be0c1a3764a8ceb4536b13db37c9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
CloseHandle
TerminateThread
Sleep
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetLastError
ResetEvent
InterlockedExchange
CancelIo
GetTickCount
GetLocalTime
GetCurrentProcessId
HeapAlloc
GetProcessHeap
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
lstrcpyA
GetWindowsDirectoryA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
DeleteFileA
CreateDirectoryA
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
GetFileSize
ReadFile
SetFilePointer
MoveFileA
CreateProcessA
InitializeCriticalSection
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
HeapFree
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetModuleHandleA
LocalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
WaitForMultipleObjects
TerminateProcess
OpenProcess
GetCurrentProcess
GetCurrentThreadId
GlobalMemoryStatus
GetSystemInfo
GetComputerNameA
GetModuleFileNameA
OpenEventA
SetErrorMode
SetFileAttributesA
CopyFileA
ExpandEnvironmentStringsA
CreateFileA
RaiseException

msvcrt

strncpy
strchr
malloc
free
_except_handler3
atoi
strrchr
strncmp
_errno
wcscpy
sprintf
_beginthreadex
wcstombs
_access
srand
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
rand
_CxxThrowException
strstr
_ftol
ceil
putchar
memmove
__CxxFrameHandler
puts
strncat
??3@YAXPAX@Z
_stricmp
_strrev
_strnicmp
??2@YAPAXI@Z
_strcmpi

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

tashanao
wangluo
woshibaba
zheshi

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d2be0c1a3764a8ceb4536b13db37c9e

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

psapi

wtsapi32

Exports

Exports

Sections

.text Size: 126KB - Virtual size: 125KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 126KB - Virtual size: 125KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB