gh0strat | cd952ce46aed944930406686548dafb4f8d9c43543684c1b47cbca67ac0ca40d

Sharing

Copy URL Twitter E-mail

General

Target

cd952ce46aed944930406686548dafb4f8d9c43543684c1b47cbca67ac0ca40d
Size

228KB
MD5

c692b30620dc8e73736dd8894a128980
SHA1

57220744cb7ba96a7317be78af3e749ad070b820
SHA256

cd952ce46aed944930406686548dafb4f8d9c43543684c1b47cbca67ac0ca40d
SHA512

6e506b1408fbf28ae6b98c68b684de143e29991f078eed113247e5bc8c738be81a6b9d9889c5e7469214d28c8d32f689505cdea5302b31dbe69111d0be6b3396
SSDEEP

3072:uskveJ3k40s2EDpTSann4ciM6uFhGtTBftc5mcBJua7FR4H4QZf8HySWu8:uDEu2pnn4dM6uFhGtTBlcMcZ7n58

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

cd952ce46aed944930406686548dafb4f8d9c43543684c1b47cbca67ac0ca40d
.dll regsvr32 windows x86

26d742f966724756d012ac34616ee014

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
GetClassNameA
GetWindow
ShowWindow
EnableWindow
GetWindowRect
wvsprintfA
CloseWindowStation
MessageBoxA
LoadCursorA
DestroyCursor
PtInRect
GetCursorInfo
SendMessageTimeoutA
CopyRect
DestroyWindow
CreateWindowExA

shlwapi

SHDeleteKeyA

kernel32

RaiseException
LoadLibraryA
HeapFree
LocalAlloc
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetTempFileNameA
IsBadStringPtrW
IsBadReadPtr
ExitThread
RemoveDirectoryA
DeleteFileA
GlobalMemoryStatusEx
GetProcessTimes
GetProcAddress
GetModuleHandleA
GetTickCount
ExitProcess
GetSystemDirectoryA
InterlockedExchange
LeaveCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
InitializeCriticalSection
GetLastError
lstrcmpiA
GetCommandLineA
VirtualQuery
GetCurrentProcessId
GetCurrentThreadId
GetShortPathNameA
GetFileAttributesExA
lstrcmpA
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetCurrentProcess
GetLongPathNameA
GetModuleFileNameA
FreeLibrary
GetVersionExA
SetUnhandledExceptionFilter
GetLocalTime
FormatMessageA
IsBadWritePtr
GetProcessHeap
HeapAlloc
GetSystemInfo

advapi32

RegSaveKeyA
RegisterServiceCtrlHandlerExA
RegOpenKeyExW
RegRestoreKeyA

msvcrt

memmove
_beginthreadex
_adjust_fdiv
_initterm
_onexit
__dllonexit
_memicmp
_wcsicmp
_strupr
_stricmp
_strlwr
strncat
ceil
wcstombs
__CxxFrameHandler
strncpy
wcslen
strchr
_callnewh
malloc
free
_ftol
_except_handler3
strrchr
realloc
rand
srand
time
atoi

Exports

Exports

CLSID_CfgComp
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IID_ICfgComp

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26d742f966724756d012ac34616ee014

Headers

File Characteristics

Imports

user32

shlwapi

kernel32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 294B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 294B

.reloc
Size: 8KB - Virtual size: 7KB