gh0strat | cba58ee0bcd880987c8262f4f31b2a29c30ea944c7847762a28585d0971c3f71 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cba58ee0bcd880987c8262f4f31b2a29c30ea944c7847762a28585d0971c3f71
Size

109KB
MD5

45e3e6d4e901298fa58f1cb56a43501d
SHA1

35619c9620aebaaf3be463a44230d98669eb9f35
SHA256

cba58ee0bcd880987c8262f4f31b2a29c30ea944c7847762a28585d0971c3f71
SHA512

97985983d6baf73e82f00a775375d175848088a96e397c7e71613186bda8588eede9683fde4a09867da63e61d3920fa37ddb44aa8f6fa9240bee804b402f5333
SSDEEP

1536:BCTwSV4SibNn8YIaT624cKau2f9d0uH3+Nvo+mHT:zS2SiuYIb24Wug9d04+lo+mHT

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

cba58ee0bcd880987c8262f4f31b2a29c30ea944c7847762a28585d0971c3f71
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

BeginProc
EndProc
RunProc
ServiceMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ