gh0strat | 92d783f2cf23acba1093d709b9db39e82283f81b1caa286d1cca6f5b455fc7b3

Sharing

Copy URL Twitter E-mail

General

Target

92d783f2cf23acba1093d709b9db39e82283f81b1caa286d1cca6f5b455fc7b3
Size

109KB
MD5

e205a51782576beb1d4cb4d0a8970237
SHA1

1cf65f96f6a61bf6d63c98b3337cc1394c80f490
SHA256

92d783f2cf23acba1093d709b9db39e82283f81b1caa286d1cca6f5b455fc7b3
SHA512

93c06c52abf5683377dfca97d2a7ef5e101972ee89c6c59747368abcadb178654faf68d82b05aa3d4663022d4e13fd08cf101e709d2a0b2154ded693b6cf0aa7
SSDEEP

1536:RmTgWMkSibNG8YImT024cKau2f9d0Av5+NkXh+mHC:XWnSiDYI524Wug9d0k+aXh+mHC

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

92d783f2cf23acba1093d709b9db39e82283f81b1caa286d1cca6f5b455fc7b3
.dll windows x86

908083373c14ff9a7d66f30e43f9d08e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsnicmp
wcschr
_snprintf
_errno
sprintf
strncpy
strncmp
wcstombs
fputs
wcsncpy
wcslen
wcsrchr
_except_handler3
free
_wcsupr
wcsstr
_strnicmp
fclose
fgets
mbstowcs
wcscpy
strchr
atoi
malloc
realloc
_CxxThrowException
strstr
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
wcscat
wcsncat
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
fopen

user32

OpenWindowStationW
GetProcessWindowStation
CharNextW
MessageBoxW
LoadCursorW
DestroyCursor
MapVirtualKeyW
SetRect
GetSystemMetrics
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
DispatchMessageW
TranslateMessage
GetCursorPos
MoveWindow
GetWindowRect
ShowWindow
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationW
GetThreadDesktop
OpenDesktopW
CreateWindowExW
CloseWindow
SendMessageW
IsWindow
SetProcessWindowStation
wsprintfW
GetMessageW

winmm

waveInOpen
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveInGetNumDevs
waveInStop

ws2_32

WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
ntohs
recv
closesocket
select
send
gethostname
WSASocketW
ioctlsocket
__WSAFDIsSet
recvfrom
sendto
listen
accept
getpeername
bind
inet_addr
getsockname
inet_ntoa
WSAStartup

msvfw32

ICClose
ICSeqCompressFrameStart
ICSeqCompressFrameEnd
ICCompressorFree
ICSeqCompressFrame
ICOpen
ICSendMessage

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z

kernel32

GetModuleHandleA
CreateEventW
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
VirtualFree
VirtualAlloc
ResetEvent
CancelIo
lstrlenW
MultiByteToWideChar
OutputDebugStringW
lstrcpyW
GetVersionExW
DeleteFileA
GetFileSize
lstrcatW
SetErrorMode
SetUnhandledExceptionFilter
GetTickCount
ExitProcess
Sleep
FreeConsole
SetFileAttributesW
GetProcAddress
LoadLibraryW
LocalFree
lstrcmpW
LocalReAlloc
LocalAlloc
GetLocalTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalSize
GetCurrentProcess
lstrcmpiW

Exports

Exports

BeginProc
EndProc
RunProc
ServiceMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

908083373c14ff9a7d66f30e43f9d08e

Headers

File Characteristics

Imports

msvcrt

user32

winmm

ws2_32

msvfw32

msvcp60

kernel32

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 13KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 13KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 6KB