gh0strat | b3154b6e1732e340fc0921b4e3db1851e748c7edf97df24efc31794e8d4a0044

General

Target

b3154b6e1732e340fc0921b4e3db1851e748c7edf97df24efc31794e8d4a0044
Size

334KB
MD5

c57b448e1d5df42c05d65797195677b4
SHA1

247c9c1774bbf334ca3b96c96b3d2e2909a0dd65
SHA256

b3154b6e1732e340fc0921b4e3db1851e748c7edf97df24efc31794e8d4a0044
SHA512

4404b915b448b0540e7f54250314cffbab7fc4bd82b1000e63af7aeba585343f40ad0abf3c97a4c3345a775b4f06d85b73694d8f1b64d5e886a56f9c6b3e0a30
SSDEEP

6144:2CtzQf1ffrHBPfKOWG8/VY/dUcxrW7qkO:2WQfxLdfKdp9mdUcxW9O

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

b3154b6e1732e340fc0921b4e3db1851e748c7edf97df24efc31794e8d4a0044
.exe windows x86

d572382ee5fce4df2c47955dccf28077

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetLocalTime
Sleep
CreateThread
FreeLibrary
GetCurrentProcessId
HeapAlloc
GetProcessHeap
MoveFileA
lstrcatA
MultiByteToWideChar
lstrlenA
HeapFree
GlobalUnlock
OpenProcess
GetCurrentProcess
CloseHandle
InterlockedExchange
LocalAlloc
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
SetFilePointer
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
SetStdHandle

msvfw32

ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrame

Exports

Exports

aabbccdd
daxuewuli
eeffgghh
gaoshu
gongchengshuxue
iijjkkmm

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 27KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d572382ee5fce4df2c47955dccf28077

Headers

File Characteristics

Imports

kernel32

msvfw32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 172KB

.data Size: 27KB - Virtual size: 36KB

.rsrc Size: 134KB - Virtual size: 136KB

.text
Size: 172KB - Virtual size: 172KB

.data
Size: 27KB - Virtual size: 36KB

.rsrc
Size: 134KB - Virtual size: 136KB