gh0strat | f0eb865d6e1baa66ac0becb84a972578b6c8df3fc6ab21ad6fb47c53580899e9

Sharing

Copy URL Twitter E-mail

General

Target

f0eb865d6e1baa66ac0becb84a972578b6c8df3fc6ab21ad6fb47c53580899e9
Size

36KB
MD5

f472b53060576c101ba673f8bbdc04ae
SHA1

a87e77ab72cb86f67affdedaeb45d687dcf3c094
SHA256

f0eb865d6e1baa66ac0becb84a972578b6c8df3fc6ab21ad6fb47c53580899e9
SHA512

7e60273ff3f5c96a5ca1a476fb296feec8ca06f2bc23491b7dd15a42c2944a9480394c97644d8ebd771a6f7594797e457cb97d37e3adaeb857a7fb75089d2ec3
SSDEEP

768:mYKD1+NMTZCSRW37tnJZflYGhYNXQnQqqL4s4ngSh3w2X:meNRSRo7tJZfl3nFbnfA2X

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

f0eb865d6e1baa66ac0becb84a972578b6c8df3fc6ab21ad6fb47c53580899e9
.dll windows x86

58556f4f13eb31817f36e9c17a41607b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
GlobalFree
ReadFile
GlobalAlloc
SetFilePointer
WriteFile
MoveFileA
GetSystemDirectoryA
TerminateThread
MoveFileExA
GetStartupInfoA
GetTempPathA
InterlockedExchange
GlobalUnlock
GlobalLock
GetProcAddress
GetTickCount
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
FindNextFileA
SetErrorMode
SetUnhandledExceptionFilter
GetLastError
CreateMutexA
FreeConsole
GetVersionExA
SetEvent
CreateThread
lstrcmpiA
GetCurrentThreadId
LoadLibraryA
Sleep
CancelIo
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
LocalFree
FindClose
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
GetDriveTypeA
lstrlenA
GetDiskFreeSpaceExA
FreeLibrary
lstrcatA
lstrcpyA
DeleteFileA
ReleaseMutex
GetModuleHandleA
DeleteCriticalSection
GlobalSize
InitializeCriticalSection

user32

PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
GetCursorPos
ReleaseDC
GetDC
GetSystemMetrics
SetRect
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
wsprintfA
SystemParametersInfoA
GetDesktopWindow
SendMessageA
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event

gdi32

DeleteDC
CreateCompatibleDC
GetPaletteEntries
CreateHalftonePalette
BitBlt
DeleteObject
SelectObject
CreateDIBSection

advapi32

RegCloseKey
CloseEventLog
ClearEventLogA
OpenEventLogA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegQueryValueExA
RegOpenKeyA

msvcrt

_ftol
ceil
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3
rand
wcstombs
strncpy
??1type_info@@UAE@XZ
malloc
__dllonexit
_onexit
free
_initterm
_adjust_fdiv
??0exception@@QAE@ABV0@@Z
strlen
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memcpy
__CxxFrameHandler

ws2_32

send
gethostname
getsockname
closesocket
socket
WSAStartup
WSACleanup
recv
gethostbyname
htons
connect
setsockopt
select

avicap32

capGetDriverDescriptionA

Exports

Exports

ServiceMain

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58556f4f13eb31817f36e9c17a41607b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

ws2_32

avicap32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 2KB - Virtual size: 2KB