gh0strat | fa2b06d7c6f5576825ad459b6125c7fd2d5b9491e6be6615ee63c78bc1aa5829

Sharing

Copy URL

Twitter E-mail

General

Target

fa2b06d7c6f5576825ad459b6125c7fd2d5b9491e6be6615ee63c78bc1aa5829
Size

120KB
MD5

415a6b19a8d4ca371861a7fa5abacc50
SHA1

8b2abc487ac56dd4f3cf56c9c64f9fa5d2fd6eed
SHA256

fa2b06d7c6f5576825ad459b6125c7fd2d5b9491e6be6615ee63c78bc1aa5829
SHA512

9acc723921af7da2232cc0b69716e4ca3c1786a490522466e1fd296f242511d546be49414e861aba8604ae70c2abfa2ddfcc1dfbfd0e7782c66c0c40a263b99d
SSDEEP

1536:MxLBbmTgWM6SibNC8YIaT024cKauaf9d0Cbi+NkXV+mHBlbJm6z:ERW9SinYIV24Wuc9d0l+aXV+mHBlbJmG

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

fa2b06d7c6f5576825ad459b6125c7fd2d5b9491e6be6615ee63c78bc1aa5829
.exe windows x86

7142c01c430db2b477ea02e8d8d1f541

Code Sign

71:1a:dd:19:74:0a:b8:c2:9a:58:6e:0f:46:11:75:e6:1e:d2:d8:83
Signer

Actual PE Digest

71:1a:dd:19:74:0a:b8:c2:9a:58:6e:0f:46:11:75:e6:1e:d2:d8:83

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

NO CERTIFICATE

01/01/0001, 00:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_initterm
_except_handler3
_controlfp
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_mbsstr
__set_app_type
__CxxFrameHandler

kernel32

GetModuleHandleW
lstrlenA
lstrcatA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetStartupInfoW

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 944B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 528B - Virtual size: 516B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 672B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7142c01c430db2b477ea02e8d8d1f541

Code Sign

71:1a:dd:19:74:0a:b8:c2:9a:58:6e:0f:46:11:75:e6:1e:d2:d8:83Signer

Signature Validations

Verification

01/01/0001, 00:00 Valid: false

Headers

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 208B - Virtual size: 200B

.data Size: 944B - Virtual size: 944B

INIT Size: 528B - Virtual size: 516B

.rsrc Size: 110KB - Virtual size: 110KB

.reloc Size: 672B - Virtual size: 664B

71:1a:dd:19:74:0a:b8:c2:9a:58:6e:0f:46:11:75:e6:1e:d2:d8:83
Signer

01/01/0001, 00:00
Valid: false

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 208B - Virtual size: 200B

.data
Size: 944B - Virtual size: 944B

INIT
Size: 528B - Virtual size: 516B

.rsrc
Size: 110KB - Virtual size: 110KB

.reloc
Size: 672B - Virtual size: 664B