gh0strat | a19c984688f71600223d6414bf5ec89f25b494c698fcae768f531c44a4ad4f60

Sharing

Copy URL Twitter E-mail

General

Target

a19c984688f71600223d6414bf5ec89f25b494c698fcae768f531c44a4ad4f60
Size

153KB
MD5

862a6128ce4a4015fd5ff21de9243e70
SHA1

d1d822bd54bbbda38f60c8e9e38bc97d50b6e53e
SHA256

a19c984688f71600223d6414bf5ec89f25b494c698fcae768f531c44a4ad4f60
SHA512

bd9fded6c7b5dfc39639949c1bc28fb7949ec344d3582adecca0596ecf5dfbf829d425f93a489b59d72bc7e6c0b8376add56b3a16be5bdb9f05c9df9c38270b7
SSDEEP

3072:qPQczPRpHI7/8xRTRvwtE8hSTkVn9XTBftVbn3sqi8Xe:qoK1IYxLN8hST+9XTBlVb37g

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

a19c984688f71600223d6414bf5ec89f25b494c698fcae768f531c44a4ad4f60
.dll windows x86

aff4ccb8ac131819b7b62037197c0670

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
CloseHandle
GetLocalTime
FormatMessageA
GetModuleHandleA
VirtualQuery
IsBadWritePtr
lstrcpyA
lstrlenA
WideCharToMultiByte
GetLastError
LocalFree
LocalSize
LocalAlloc
Sleep
LocalReAlloc
GetCurrentProcess
InterlockedExchange
GetSystemDirectoryA
FreeLibrary
GetTickCount
ExitProcess
GetExitCodeProcess
InitializeCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsA
GetCurrentThreadId
lstrcmpiA
GetTempFileNameA
GetVersionExA
GetProcAddress
GetCurrentProcessId
GetModuleFileNameA
VirtualProtect
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GlobalUnlock
GlobalLock
GlobalSize
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
GetShortPathNameA
HeapAlloc
VirtualFree
VirtualAlloc
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GlobalFree
GlobalAlloc
GetSystemInfo
GetProcessTimes
GlobalMemoryStatusEx
DeleteFileA
RemoveDirectoryA
ExitThread
IsBadReadPtr
IsBadStringPtrW
lstrcmpA
lstrcatA
RaiseException
LoadLibraryA

advapi32

RegOpenKeyExW

user32

CloseWindowStation
GetCursorInfo
DestroyCursor
LoadCursorA
GetWindowRect
ShowWindow
GetWindow
GetClassNameA
MessageBoxA
wsprintfA
DestroyWindow
wvsprintfA
CreateWindowExA

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
_memicmp
_strlwr
_strupr
_wcsicmp
wcstombs
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
__CxxFrameHandler
wcsrchr
strncpy
_CxxThrowException
_ftol
free
malloc
_except_handler3
strstr
strrchr
_beginthreadex
realloc
srand
rand
strchr
memmove
ceil
strncat
atoi

Exports

Exports

CpyCommon

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aff4ccb8ac131819b7b62037197c0670

Headers

File Characteristics

Imports

kernel32

advapi32

user32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB