gh0strat | f18bd63b02fd753a337c80e2effd5767fd64d8cd4bbf930ae8b52a8e79bb0666

Sharing

Copy URL Twitter E-mail

General

Target

f18bd63b02fd753a337c80e2effd5767fd64d8cd4bbf930ae8b52a8e79bb0666
Size

148KB
MD5

f58b3092204c3433ef5d6d7d2602122f
SHA1

c35ebe3cd80ea2d92e1f4743785ce2170f38bb3f
SHA256

f18bd63b02fd753a337c80e2effd5767fd64d8cd4bbf930ae8b52a8e79bb0666
SHA512

f1c464a035af95ce9d2177ae8ed6ec304af2f922cf9b46dd2b99e7c6f7a224be78321df034fb92282765dbffe574cb108ed61417b2e4ca0b4626708801a22d7d
SSDEEP

3072:uSjqUiGJPIadoCk7cjTj6FTBftidHl40:uSmIPI1hqTj6FTBlidHl4

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

f18bd63b02fd753a337c80e2effd5767fd64d8cd4bbf930ae8b52a8e79bb0666
.dll windows x86

39e0e8f8afed5e0a7981cb9f2fe2f43b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetCursorInfo
BlockInput
wsprintfA
ShowWindow
FindWindowA
wvsprintfA
MessageBoxA
CreateWindowExA
DestroyWindow
CloseWindowStation
DestroyCursor
LoadCursorA

advapi32

RegOpenKeyExW

kernel32

ExpandEnvironmentStringsA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
RaiseException
IsBadStringPtrW
IsBadReadPtr
FreeLibraryAndExitThread
ExitThread
RemoveDirectoryA
lstrcmpA
WideCharToMultiByte
GetLastError
Sleep
lstrcmpiA
lstrlenA
lstrcpyA
CloseHandle
GetTickCount
InterlockedExchange
lstrcatA
GetSystemDirectoryA
FreeLibrary
GetVersionExA
GetCurrentThreadId
GetProcAddress
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalFree
LocalSize
LocalAlloc
LocalReAlloc
GetCurrentProcess
GetModuleHandleA
InitializeCriticalSection
LeaveCriticalSection
Thread32Next
VirtualQuery
OpenThread
Thread32First
GetCurrentProcessId
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetModuleFileNameA
SuspendThread
ResumeThread
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
IsBadWritePtr
GetTempFileNameA
ExitProcess
GetExitCodeProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
VirtualFree
VirtualAlloc
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
HeapAlloc
GetSystemInfo
GetProcessTimes
GlobalMemoryStatusEx
DeleteFileA

msvfw32

ICGetInfo

msvcrt

strchr
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_strupr
_itoa
_strlwr
_memicmp
_wcsicmp
wcstombs
__CxxFrameHandler
??3@YAXPAX@Z
strncpy
??2@YAPAXI@Z
free
malloc
wcsrchr
_beginthreadex
_except_handler3
rand
srand
_ftol
atoi
_CxxThrowException
toupper
strstr
strrchr
strncat
wcslen
memmove
ceil

Exports

Exports

TestProject

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39e0e8f8afed5e0a7981cb9f2fe2f43b

Headers

File Characteristics

Imports

user32

advapi32

kernel32

msvfw32

msvcrt

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB