gh0strat | 04149cd6b761a3d4105e0d648e8d46fd794e6158298c2a7d897d577ae2ac9665

General

Target

04149cd6b761a3d4105e0d648e8d46fd794e6158298c2a7d897d577ae2ac9665
Size

145KB
MD5

56059555ee12b0d3d5125a75f7ec59d0
SHA1

371f33ab529eda7238897758769035043ad9f8b1
SHA256

04149cd6b761a3d4105e0d648e8d46fd794e6158298c2a7d897d577ae2ac9665
SHA512

4fa141e21f1ddc689a5563c37f3698779cbe1e0075864090587910c7c7ea7ab7d1ea6225651bd46b490a79b817c6ac55eb65d1bd5c6a50dc145b68672aa09c1a
SSDEEP

3072:2H01b3K9Ini8d6z9L+23A5pXk22T94o3iIEulmJO:Mii8d6RB24TSQiIEp0

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

04149cd6b761a3d4105e0d648e8d46fd794e6158298c2a7d897d577ae2ac9665
.dll windows x86

d2c94e869010e959894c4b3b268387a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ord428
ord460
ord496
ord486
ord319
ord327
ord342
ord335
ord30
ord578
ord102
ord321
ord54
ord634
ord517
ord573
ord485
ord388
ord283
ord329
ord503
ord501
ord467
ord469
ord477
ord491
ord474
ord307
ord31
ord248
ord306
ord18
ord563
ord227
ord429
ord431
ord177
ord64
ord426
ord59
ord63
ord464
ord509
ord356
ord373

gdi32

ord423

kernel32

ord836
ord581
ord50
ord409

msvcp60

ord1201
ord1011
ord453
ord1241
ord1818
ord1215
ord1207
ord1034
ord1192
ord1106

msvcrt

ord512
ord501
ord729
ord509
ord183
ord316
ord16
ord648
ord764
ord168
ord825
ord197
ord236
ord776
ord779
ord645
ord238
ord678
ord501
ord767
ord777
ord762
ord750
ord73
ord781
ord281
ord649
ord744
ord736
ord84
ord745
ord18
ord17

shell32

ord317

user32

ord162
ord683
ord315
ord729
ord43
ord226
ord376
ord477
ord440
ord15
ord572
ord727
ord468
ord581
ord726
ord592
ord728
ord67
ord587
ord194
ord500
ord258
ord350
ord621
ord269
ord271
ord555
ord150
ord267
ord268
ord380
ord444
ord535
ord452
ord97
ord69
ord428
ord512
ord501
ord354
ord359
ord504
ord634
ord68
ord432

ws2_32

htonl
inet_ntoa
htons
getsockname
bind
getpeername
accept
listen
recvfrom
__WSAFDIsSet
WSASocketA
sendto
connect
inet_addr
send
closesocket
select
recv
socket
htons
setsockopt
WSAStartup
WSACleanup
WSAIoctl
gethostbyname

wtsapi32

ord9
ord13

Exports

Exports

CanUnloadNow
DarkAngle
GetClassObject
RegisterServer
UnregisterServer

Sections

1
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d2c94e869010e959894c4b3b268387a5

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcp60

msvcrt

shell32

user32

ws2_32

wtsapi32

Exports

Exports

Sections

1 Size: 144KB - Virtual size: 144KB

1
Size: 144KB - Virtual size: 144KB