gh0strat | 56a9db544dc3df1ceaa05d1dc3e51262e42a854b447016ce0b39e3a339f6ac5c

Sharing

Copy URL

Twitter E-mail

General

Target

56a9db544dc3df1ceaa05d1dc3e51262e42a854b447016ce0b39e3a339f6ac5c
Size

202KB
MD5

2ba013d08116985438bdd915d6e6f7d0
SHA1

ea74fd79e43a5837f7bb1080cc425dc9e4e81a15
SHA256

56a9db544dc3df1ceaa05d1dc3e51262e42a854b447016ce0b39e3a339f6ac5c
SHA512

6328b6a75695d45b3676faef499614bb44efa49353b894c7253ca902157db5362817cd3215010d481550e92119b2d9389644ad16cd443bb840c7613f931fe8cf
SSDEEP

3072:ugxxClZbgMiXyxezdcNj12JIHd7ht0ukLFyBkIA9WuqqDbyWTBftCCzNt8Z:uEDMVQfJQtV0RIkWuqqDuWTBlCi8Z

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

56a9db544dc3df1ceaa05d1dc3e51262e42a854b447016ce0b39e3a339f6ac5c
.exe windows x86

c764fb7eb995b160b03f3b3eadd63f47

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
GetProcAddress
LoadLibraryW
HeapFree
VirtualFree
VirtualAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetSystemDirectoryA
DeviceIoControl
GetModuleHandleW
GetSystemInfo
GetVersionExA
GetModuleFileNameA
OpenEventW
SetErrorMode
GetComputerNameA
CreateMutexW
ExitProcess
GetCurrentThreadId
ExpandEnvironmentStringsA
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
WaitForMultipleObjects
PeekNamedPipe
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
SetCurrentDirectoryA
InitializeCriticalSection
GetWindowsDirectoryA
FileTimeToSystemTime
GetCurrentDirectoryA
SetEndOfFile
lstrcpyW
MoveFileExA
DeleteCriticalSection
VirtualProtect
FreeLibrary
LoadLibraryA
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
GetModuleHandleA
Process32Next
Process32First
CreateToolhelp32Snapshot
MultiByteToWideChar
WideCharToMultiByte
LocalSize
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetProcessHeap
HeapAlloc
GetCurrentProcessId
GetLocalTime
GetTickCount
CancelIo
InterlockedExchange
lstrcpyA
ResetEvent
lstrlenA
lstrcatA
CreateThread
ResumeThread
Sleep
SetEvent
WaitForSingleObject
TerminateThread
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
HeapSize
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetVersion
GetCommandLineA
HeapReAlloc
RaiseException
RtlUnwind
CloseHandle
lstrcmpiA
CreateEventW

advapi32

RegCreateKeyA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
StartServiceA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerW
EnumServicesStatusA
OpenServiceA
QueryServiceConfigA
CloseServiceHandle
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegQueryValueA
RegOpenKeyExA

user32

GetMessageA
SendMessageA
GetUserObjectInformationA
SetDlgItemTextA
GetDlgItemTextA
SetWindowPos
ShowWindow
UpdateWindow
CreateDialogParamA
GetDlgItem
wsprintfA
CharNextA
LoadCursorA
BlockInput
SystemParametersInfoA
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
TranslateMessage
CreateWindowExA
DispatchMessageA
IsWindow
CloseWindow
OpenDesktopA
EndDialog
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
CloseDesktop
ExitWindowsEx
FindWindowW
GetClassNameA
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
GetWindow
MessageBoxW
GetInputState
PostThreadMessageA
wsprintfW
GetCursorInfo
GetCursorPos
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
DestroyCursor

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

shell32

SHGetFileInfoA
ShellExecuteA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowW

msvfw32

ICSeqCompressFrameStart
ICSeqCompressFrameEnd
ICSeqCompressFrame
ICClose
ICOpen
ICSendMessage
ICCompressorFree

shlwapi

SHDeleteKeyA
PathRemoveFileSpecA

winmm

waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveOutWrite
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose
waveInStart

wininet

InternetReadFile
InternetOpenW
InternetOpenUrlA
InternetCloseHandle

netapi32

NetUserEnum
NetUserAdd
NetUserDel
NetLocalGroupAddMembers
NetApiBufferFree

psapi

GetModuleFileNameExA
EnumProcessModules

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c764fb7eb995b160b03f3b3eadd63f47

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ole32

shell32

setupapi

avicap32

msvfw32

shlwapi

winmm

wininet

netapi32

psapi

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 19KB - Virtual size: 36KB

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 19KB - Virtual size: 36KB