gh0strat | fd209a9eecaf2e9ebd62906b67df327f289a7df7a40398f96c4081b6bd89e2ff

Sharing

Copy URL Twitter E-mail

General

Target

fd209a9eecaf2e9ebd62906b67df327f289a7df7a40398f96c4081b6bd89e2ff
Size

101KB
MD5

9087bcc475c0ea2523e27647d9e23d4e
SHA1

5278a0ba0b26922d0fbec0d43aff898d15549dae
SHA256

fd209a9eecaf2e9ebd62906b67df327f289a7df7a40398f96c4081b6bd89e2ff
SHA512

370a79cb29ee882548324d8d88e45b4c7eb17dc0778a7f368abe16c452050b54daf66f510d9e5b1b7d320f61aa279f0b59991df8da1d394b2822b08e63f93539
SSDEEP

3072:wK3hbyIbH9TgbkyWRN95q2v2qtQob638MB:RxbyWGgxNTPvVtQc63/

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

fd209a9eecaf2e9ebd62906b67df327f289a7df7a40398f96c4081b6bd89e2ff
.dll windows x86

b962f7b5870403b8670698466ebf3a37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strrchr
_except_handler3
malloc
free
strncpy
strstr
_ftol
ceil
memmove
__CxxFrameHandler
??3@YAXPAX@Z
strncat
strchr
realloc
atoi
wcstombs
_beginthreadex
calloc
??1type_info@@UAE@XZ
_CxxThrowException
??2@YAPAXI@Z
_strnicmp
_strcmpi

kernel32

RaiseException
GetCurrentThreadId
lstrcmpiA
Process32First
Process32Next
LocalSize
SetUnhandledExceptionFilter
SetErrorMode
OpenEventA
ReleaseMutex
FreeConsole
GetModuleHandleA
LoadLibraryExA
DeviceIoControl
FindResourceA
LoadResource
SizeofResource
GetVersionExA
GlobalMemoryStatus
WaitForMultipleObjects
PeekNamedPipe
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ResetEvent
lstrcpyA
InterlockedExchange
CancelIo
Sleep
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
lstrlenA
CreateProcessA
lstrcatA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetFileTime
OutputDebugStringA
CreateMutexA
FormatMessageA
OpenMutexA
CopyFileA
GetSystemDirectoryA
SetFileAttributesA
TerminateProcess
CreateToolhelp32Snapshot
OpenProcess
SetLastError
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
FreeLibrary
GetProcAddress
LoadLibraryA
MoveFileExA
GetTickCount
GetLocalTime
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
HeapAlloc
UnmapViewOfFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvfw32

ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSeqCompressFrame
ICSeqCompressFrameStart

Exports

Exports

MyResetSSDT
MyTmpFun
ServiceMain

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b962f7b5870403b8670698466ebf3a37

Headers

File Characteristics

Imports

msvcrt

kernel32

msvcp60

msvfw32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 7KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 7KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 5KB