gh0strat | e41187b9447c863f5f695f573a53af735148bd7c93a6d44a009b27848e68f97e

Sharing

Copy URL

Twitter E-mail

General

Target

e41187b9447c863f5f695f573a53af735148bd7c93a6d44a009b27848e68f97e
Size

148KB
MD5

e9edab770a39000062115d2d07e6e280
SHA1

47c4ee70d9969c8f9962ba66a67938598bfb75d0
SHA256

e41187b9447c863f5f695f573a53af735148bd7c93a6d44a009b27848e68f97e
SHA512

05a4871f2b4f338d3f7a868d2c377b2e27d52eb343c5d953b4cdaa66daf31401ce5594c9095d855c187af7b659b66381b118b83a268b19ba5ea5691bd26a83f7
SSDEEP

3072:rhwBwFTNXL1CkYq04LD+Sxgx6qQlaTBftVnE:FdNIq04LqSxgx6qQlaTBlVn

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

e41187b9447c863f5f695f573a53af735148bd7c93a6d44a009b27848e68f97e
.dll regsvr32 windows x86

e3a8a53b296798fbd9ebc6e6df5fe817

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

shlwapi

SHDeleteKeyA

kernel32

CreateFileMappingA
MapViewOfFile
GetPrivateProfileSectionNamesA
GetCommandLineA
CloseHandle
VirtualQuery
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
lstrlenA
GetShortPathNameA
VirtualAlloc
GetLastError
GetFileAttributesExA
lstrcmpA
lstrcmpiA
GetSystemDirectoryA
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetCurrentProcess
GetLongPathNameA
GetModuleFileNameA
GetTempFileNameA
LocalFree
LocalSize
GetTickCount
InterlockedExchange
LocalReAlloc
LocalAlloc
ExitProcess
GetSystemInfo
GetVersionExA
GetProcessTimes
GlobalMemoryStatusEx
HeapFree
GetProcessHeap
VirtualFree
HeapAlloc
DeleteFileA
RemoveDirectoryA
ExitThread
IsBadReadPtr
GetPrivateProfileStringA
InitializeCriticalSection
LeaveCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
FreeLibrary
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
IsBadWritePtr
IsBadStringPtrW

advapi32

RegisterServiceCtrlHandlerExA
RegOpenKeyExW

oleaut32

SysFreeString

user32

wsprintfA
MessageBoxA
LoadCursorA
DestroyCursor
EnableWindow
CreateWindowExA
DestroyWindow
CloseWindowStation
wvsprintfA
ShowWindow
GetWindow
GetCursorInfo
GetClassNameA

shell32

SHFileOperationA

userenv

GetUserProfileDirectoryA
GetProfilesDirectoryA

iphlpapi

GetAdaptersInfo

ws2_32

connect
shutdown
send
recv
select
getsockname
closesocket
gethostbyname
setsockopt
WSAIoctl
WSACleanup
WSAStartup
gethostname
socket

msvcrt

_strupr
__dllonexit
_onexit
_initterm
_adjust_fdiv
_wcsicmp
strchr
strstr
_memicmp
_stricmp
_strlwr
_beginthreadex
strncat
wcsrchr
ceil
wcstombs
atoi
strncpy
wcslen
strrchr
free
__CxxFrameHandler
_ftol
time
srand
rand
malloc
realloc
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z
_except_handler3

Exports

Exports

CLSID_CfgComp
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IID_ICfgComp

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3a8a53b296798fbd9ebc6e6df5fe817

Headers

File Characteristics

Imports

ole32

shlwapi

kernel32

advapi32

oleaut32

user32

shell32

userenv

iphlpapi

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 294B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 294B

.reloc
Size: 8KB - Virtual size: 6KB