gh0strat | d72d04f2b1dcb4fccfa96992f8d2af83385a6615021414db81de1f7e7736b64a

Sharing

Copy URL Twitter E-mail

General

Target

d72d04f2b1dcb4fccfa96992f8d2af83385a6615021414db81de1f7e7736b64a
Size

5.0MB
MD5

c8e583bc0071c13ae7d10b3993b319c0
SHA1

75ce651845ac34667e45ab3873955ce0dc224c41
SHA256

d72d04f2b1dcb4fccfa96992f8d2af83385a6615021414db81de1f7e7736b64a
SHA512

34fd974c10b781e26b6daba579f2413cfea16c5b95418cfa58d2d706a666ef36bde01c946369ffa816f4d7d81c83dc3a7a4500c988a19c8844f6d7115bd7d501
SSDEEP

3072:vvPbyv9EueS4ma+Jn0wZ7RIf5HR/bXV1YdAL65vQV3skikmo4vewN1IKIFN1x/6B:TgF+qkCQB5ido4vxN1IKIFN1x/zsH

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

d72d04f2b1dcb4fccfa96992f8d2af83385a6615021414db81de1f7e7736b64a
.dll windows x86

cc17785b6d98188870638b70d80e419c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CancelIo
GetLastError
lstrlenA
FindClose
LocalFree
FreeLibrary
lstrcpyA
MultiByteToWideChar
InterlockedExchange
ExitProcess
lstrcatA
GlobalFree
GlobalAlloc
GlobalUnlock
PeekNamedPipe
SetErrorMode
FreeConsole
RaiseException
LocalAlloc

msvcrt

atoi
strncmp
strchr
_errno
wcscpy
_snprintf
strncat
realloc
memmove
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strrchr
_except_handler3
malloc
free
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
wcstombs
ceil
_strupr
_strnicmp
??3@YAXPAX@Z
strncpy
_strcmpi

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvfw32

ICCompressorFree
ICSeqCompressFrameEnd
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrame
ICClose

Exports

Exports

Group
Identifi

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc17785b6d98188870638b70d80e419c

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

msvfw32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 7KB