gh0strat | 34e791c0fe9b7c20cd1a80f86dacbe4f9e46d2c7e4bf943556839a4f78e8520f

Sharing

Copy URL Twitter E-mail

General

Target

34e791c0fe9b7c20cd1a80f86dacbe4f9e46d2c7e4bf943556839a4f78e8520f
Size

94KB
MD5

fb543a583271ef44da0a6eda2303dca8
SHA1

c669b298fe8b58a7f304790a44d25c9b3110d2b1
SHA256

34e791c0fe9b7c20cd1a80f86dacbe4f9e46d2c7e4bf943556839a4f78e8520f
SHA512

dc05a5569e4b720ad5c2641770b9504fe67bf905d8ad65817d0fedffe846d54dfdcea25e5fb8802af20e0ab516b2e0e9ab5122768698e25c859701419ac3b323
SSDEEP

1536:9UYcqgWx6FsdHqn+63+5N4MdYO6apgmdLcq7zR+fDVCnVNGcitt1VxnZ:9UYcqgWLdHI+8+X40qmdLd7V4DVCVN1C

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

34e791c0fe9b7c20cd1a80f86dacbe4f9e46d2c7e4bf943556839a4f78e8520f
.dll windows x86

ae342a4ed25fd73612d0322a6de9dc2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
SetEvent
InterlockedExchange
CancelIo
Sleep
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
DeleteCriticalSection
MoveFileA
GetModuleFileNameA
SetLastError
GetSystemDirectoryA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
TerminateThread
MoveFileExA
GetLocalTime
ExpandEnvironmentStringsA
GetTickCount
HeapFree
GetProcessHeap
MapViewOfFile
CreateFileMappingA
HeapAlloc
UnmapViewOfFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
LocalSize
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
RaiseException
WriteFile
InitializeCriticalSection

msvcrt

atoi
strncat
realloc
wcstombs
_beginthreadex
strncpy
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strrchr
_except_handler3
free
malloc
strchr
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
strstr
calloc
_ftol
ceil
memmove
??3@YAXPAX@Z
_strnicmp
_strcmpi

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

avicap32

capGetDriverDescriptionA

Exports

Exports

ServiceMain
aaaaaa
bbbbbbbbbbb

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae342a4ed25fd73612d0322a6de9dc2d

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

avicap32

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 86KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 5KB - Virtual size: 5KB