gh0strat | b7475192e39f335c74149c4b1969b969e51e6bd19e5e547c3648bfedc724c409

Sharing

Copy URL Twitter E-mail

General

Target

b7475192e39f335c74149c4b1969b969e51e6bd19e5e547c3648bfedc724c409
Size

109KB
MD5

307cf846d2ed470d001117dcf33fbf8d
SHA1

807eebc2eedd3cea6d517792563009abc66bf8ae
SHA256

b7475192e39f335c74149c4b1969b969e51e6bd19e5e547c3648bfedc724c409
SHA512

7e70ceeccfae1de8f6735409382db7c6d1d966ab50d80968beb5532d4f5d7c348a58b1b4a8e72d39288aa066b2fc8b987e983032827aadf6a6c479d7ad9eb477
SSDEEP

1536:NKT0Wi0SiDNG8YIaTw24cKau2f9d0aA5+NkX++mHz:LWdSi7YI524Wug9d0J+aX++mHz

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

b7475192e39f335c74149c4b1969b969e51e6bd19e5e547c3648bfedc724c409
.dll windows x86

908083373c14ff9a7d66f30e43f9d08e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsnicmp
wcschr
_snprintf
_errno
sprintf
strncpy
strncmp
wcstombs
fputs
wcsncpy
wcslen
wcsrchr
_except_handler3
free
_wcsupr
wcsstr
_strnicmp
fclose
fgets
mbstowcs
wcscpy
strchr
atoi
malloc
realloc
_CxxThrowException
strstr
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
wcscat
wcsncat
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
fopen

user32

OpenWindowStationW
GetProcessWindowStation
CharNextW
MessageBoxW
LoadCursorW
DestroyCursor
MapVirtualKeyW
SetRect
GetSystemMetrics
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
DispatchMessageW
TranslateMessage
GetCursorPos
MoveWindow
GetWindowRect
ShowWindow
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationW
GetThreadDesktop
OpenDesktopW
CreateWindowExW
CloseWindow
SendMessageW
IsWindow
SetProcessWindowStation
wsprintfW
GetMessageW

winmm

waveInOpen
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveInGetNumDevs
waveInStop

ws2_32

WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
ntohs
recv
closesocket
select
send
gethostname
WSASocketW
ioctlsocket
__WSAFDIsSet
recvfrom
sendto
listen
accept
getpeername
bind
inet_addr
getsockname
inet_ntoa
WSAStartup

msvfw32

ICClose
ICSeqCompressFrameStart
ICSeqCompressFrameEnd
ICCompressorFree
ICSeqCompressFrame
ICOpen
ICSendMessage

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z

kernel32

GetModuleHandleA
CreateEventW
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
VirtualFree
VirtualAlloc
ResetEvent
CancelIo
lstrlenW
MultiByteToWideChar
OutputDebugStringW
lstrcpyW
GetVersionExW
DeleteFileA
GetFileSize
lstrcatW
SetErrorMode
SetUnhandledExceptionFilter
GetTickCount
ExitProcess
Sleep
FreeConsole
SetFileAttributesW
GetProcAddress
LoadLibraryW
LocalFree
lstrcmpW
LocalReAlloc
LocalAlloc
GetLocalTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalSize
GetCurrentProcess
lstrcmpiW

Exports

Exports

BeginProc
EndProc
RunProc
ServiceMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

908083373c14ff9a7d66f30e43f9d08e

Headers

File Characteristics

Imports

msvcrt

user32

winmm

ws2_32

msvfw32

msvcp60

kernel32

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 13KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 13KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB