gh0strat | a77770d75c56c47a5d06223b95af7ef87d358814c04e29582854f88647616807

General

Target

a77770d75c56c47a5d06223b95af7ef87d358814c04e29582854f88647616807
Size

404KB
MD5

33668a8b464b1dacf738c58da52467c0
SHA1

c5665c4bf0c212340a8a713d2cf003e1d8d4f41e
SHA256

a77770d75c56c47a5d06223b95af7ef87d358814c04e29582854f88647616807
SHA512

5da4baf9036b467f83ec9a0127caaabdc86681ae2644428ea38e02311a7bdfc22af2be602ec5ac36587181b0843b885755755f2137e7de3ece9866b53a9adfcc
SSDEEP

12288:TQiqIM8ujfSNVPeO6gbiTeEEWBwg6+vddgQWCPi:TQiqn8SiPeO6gXE36H+vdN

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

a77770d75c56c47a5d06223b95af7ef87d358814c04e29582854f88647616807
.exe windows x86

b7ed6fec5ba1202c8f1229540dbc7ecc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetTickCount
GetLocalTime
Sleep
CreateThread
FreeLibrary
GetCurrentProcessId
HeapAlloc
GetProcessHeap
MoveFileA
MultiByteToWideChar
lstrlenA
HeapFree
GlobalUnlock
GetCurrentProcess
CloseHandle
InterlockedExchange
LocalAlloc
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
SetFilePointer
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
SetStdHandle

shell32

SHGetSpecialFolderPathA
ShellExecuteA

Exports

Exports

dasad
dsad
dsasd
dssad
dssasd

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7ed6fec5ba1202c8f1229540dbc7ecc

Headers

File Characteristics

Imports

kernel32

shell32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 165KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 28KB - Virtual size: 36KB

.rsrc Size: 188KB - Virtual size: 188KB

.text
Size: 168KB - Virtual size: 165KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 28KB - Virtual size: 36KB

.rsrc
Size: 188KB - Virtual size: 188KB