gh0strat | 3b9386b9e922282472898b5025b8897ce916403b0cd1685e8c15ff811c893f92

Sharing

Copy URL

Twitter E-mail

General

Target

3b9386b9e922282472898b5025b8897ce916403b0cd1685e8c15ff811c893f92
Size

3.7MB
MD5

5ec675b18c58509f39f5ddc79cfba2a7
SHA1

fb5532ad9a05e0b51d34ca2f63b9bab167e84e94
SHA256

3b9386b9e922282472898b5025b8897ce916403b0cd1685e8c15ff811c893f92
SHA512

20a7a96bb06d5d77d898b92790e4b6f686b6989b708207aca00c12c64173a11d794d1851d59a06337d960fdc6d46c186d66ae46011addd123d34e68ffd26b9c5
SSDEEP

49152:UZIOKTtlCrOKL858vvTW6rTROVNFNzIn9w7XAVhaus9Pi:UZmTtl3KLi/FC9wr+4uQP

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

3b9386b9e922282472898b5025b8897ce916403b0cd1685e8c15ff811c893f92
.exe windows x86

21f67791d2ea671afe7f75b8a6960fa2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

smtp

SendMail
GetSmtpError

avifil32

AVIFileExit
AVIStreamSetFormat
AVIFileCreateStreamA
AVIFileOpenA
AVIStreamWrite
AVIFileRelease
AVIStreamRelease
AVIFileInit

msvfw32

DrawDibClose
DrawDibDraw
DrawDibOpen

winmm

waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
mixerClose
mixerGetLineInfoA
mixerOpen
mixerGetDevCapsA
mixerGetNumDevs
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
PlaySoundA

kernel32

GetACP
HeapReAlloc
HeapSize
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetSystemTime
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTimeZoneInformation
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
ExitThread
RtlUnwind
GetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SystemTimeToFileTime
LocalFileTimeToFileTime
CopyFileA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
SetThreadPriority
GetCurrentThread
SetLastError
GetProfileIntA
GetProfileStringA
GetTempPathA
GetPrivateProfileSectionNamesA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
GetExitCodeThread
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
Sleep
VirtualFree
VirtualAlloc
GetFileAttributesA
lstrcatA
GetModuleFileNameA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
HeapFree
ReadFile
HeapAlloc
GetProcessHeap
GetFileSize
CreateFileA
DeleteFileA
lstrlenA
lstrcpyA
GetTickCount
WriteFile
GetProcAddress
LoadLibraryA
SetUnhandledExceptionFilter
GetDriveTypeA
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
LocalFree
LocalAlloc
FindClose
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynA
FormatMessageA
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
GetVersion
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
lstrcmpA
LocalReAlloc
LocalSize
GlobalSize
ResetEvent
FindResourceA
LoadResource
SizeofResource
FreeResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
GetLocalTime
OutputDebugStringA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
CancelIo
InterlockedExchange
GetQueuedCompletionStatus
InterlockedDecrement
CreateIoCompletionPort
GetSystemInfo
PostQueuedCompletionStatus
InitializeCriticalSection
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateDirectoryA
GetLastError
MoveFileA
RemoveDirectoryA
SetFilePointer
FindFirstFileA
FindNextFileA

user32

BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetMenu
DestroyMenu
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
MapDialogRect
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
PostQuitMessage
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
CharUpperA
wvsprintfA
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
GetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
GetCursorPos
PtInRect
GetSubMenu
LoadMenuA
PostMessageA
GetWindowRect
LoadImageA
LoadCursorA
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
IsZoomed
LoadStringA
GetClassNameA
GetDialogBaseUnits
GetSysColorBrush
DestroyIcon
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
CopyAcceleratorTableA
GetForegroundWindow
SetCursor
ReleaseCapture
CharNextA
DeleteMenu
EnableMenuItem
GetMenuItemCount
GetClientRect
ClientToScreen
ScreenToClient
UpdateWindow
IsWindowVisible
GetNextDlgGroupItem
FindWindowA
IsRectEmpty
RegisterClipboardFormatA
GetDCEx
SetCapture
GetFocus
UnregisterClassA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
InvalidateRect
SendMessageA
EnableWindow
RegisterWindowMessageA
SetRect
wsprintfA
LockWindowUpdate
PostThreadMessageA
SetParent
SetForegroundWindow
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
InsertMenuA
GetMenuStringA
CreateMenu
GetKeyState
GetDlgCtrlID
ShowScrollBar
CheckMenuRadioItem
GetMenuState
DrawIconEx
GetClipboardData
DrawTextA
IntersectRect
GetIconInfo
SetClassLongA
DestroyCursor
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CopyRect
GetSysColor
ExcludeUpdateRgn
DefDlgProcA
GetTabbedTextExtentA
GetClipboardFormatNameA
GetAsyncKeyState
SendMessageTimeoutA
IsWindowUnicode
GetWindowLongW
SetWindowLongW
GetDoubleClickTime
SetCursorPos
UnionRect
SetWindowRgn
GetCursor
GetMenuStringW
LookupIconIdFromDirectoryEx
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
DrawFrameControl
DrawAnimatedRects
EnumChildWindows
SetMenuDefaultItem
IsClipboardFormatAvailable
InvertRect
GetLastActivePopup
FillRect
GetDC
ReleaseDC
RedrawWindow
CreatePopupMenu
GetDesktopWindow
KillTimer
SetTimer
LoadBitmapA
GetSystemMenu
CheckMenuItem
AppendMenuA
OffsetRect
InflateRect
MessageBeep
GetSystemMetrics
WindowFromPoint
GetParent
GetWindow
DrawStateA
DrawFocusRect
MapVirtualKeyA
WaitMessage
DrawEdge
GetMenuItemInfoA
GetMenuDefaultItem
CreateIconFromResourceEx
CreateIconIndirect
CopyIcon
IsMenu
ShowCaret
HideCaret
GetWindowRgn
MessageBoxA

gdi32

CreateBitmap
SaveDC
RestoreDC
GetStockObject
SetPolyFillMode
SetStretchBltMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
GetObjectA
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
PolyBezierTo
GetClipRgn
CreateRectRgn
ExtSelectClipRgn
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
PtVisible
RectVisible
Escape
PatBlt
CreateRectRgnIndirect
GetTextExtentPoint32A
GetTextMetricsA
CreateFontIndirectA
CopyMetaFileA
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
SetRectRgn
CombineRgn
GetClipBox
GetDeviceCaps
DeleteObject
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateDIBitmap
CreateCompatibleDC
BitBlt
CreateSolidBrush
CreateDIBSection
StretchDIBits
ExtTextOutA
SetTextColor
SetBkColor
TextOutA
CreatePen
Polygon
GetWindowOrgEx
GetTextAlign
StretchBlt
GetDIBits
SetPixel
GetPixel
PtInRegion
GetCurrentObject
EnumFontFamiliesExA
GetBitmapBits
ExtCreateRegion
GetRgnBox
CreatePolygonRgn
RoundRect
CreateFontA
Polyline
GetViewportOrgEx
ExtFloodFill
Ellipse
SetBrushOrgEx
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
GetTextExtentPoint32W
ExtTextOutW
GetCharWidthA
GetTextExtentPointA
SetBkMode

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA
ChooseColorA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
SetFileSecurityA
GetFileSecurityA
RegSetValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHGetMalloc
Shell_NotifyIconA
SHAppBarMessage
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetFileInfoA
ExtractIconA
DragQueryFileA
DragFinish

comctl32

ImageList_GetIcon
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageCount
_TrackMouseEvent
ImageList_Add
ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_GetImageInfo

oledlg

ord1
ord8

ole32

OleUninitialize
OleInitialize
OleRun
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
ReleaseStgMedium
CoRegisterMessageFilter
CoRevokeClassObject
CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
OleFlushClipboard
OleIsCurrentClipboard
CoFreeUnusedLibraries
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard

olepro32

ord253
ord251

oleaut32

SafeArrayGetElemsize
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarDateFromStr
VarBstrFromDate
SafeArrayGetLBound
SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
SysStringLen
LoadTypeLi
OleLoadPicturePath
VariantChangeTypeEx
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim

ws2_32

select
connect
htons
gethostbyname
ioctlsocket
socket
WSAStartup
listen
bind
WSAEventSelect
WSACleanup
WSAGetLastError
WSASocketA
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
accept
WSARecv
WSASend
setsockopt
WSACloseEvent
WSAIoctl
inet_ntoa
getpeername
WSACreateEvent
closesocket
gethostname
ntohs
getsockname
shutdown

shlwapi

PathRemoveFileSpecA
SHAutoComplete

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 724KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 804KB - Virtual size: 803KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21f67791d2ea671afe7f75b8a6960fa2

Headers

File Characteristics

Imports

smtp

avifil32

msvfw32

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

ws2_32

shlwapi

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 112KB - Virtual size: 108KB

.rdata Size: 300KB - Virtual size: 298KB

.data Size: 724KB - Virtual size: 1.2MB

.rsrc Size: 804KB - Virtual size: 803KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 112KB - Virtual size: 108KB

.rdata
Size: 300KB - Virtual size: 298KB

.data
Size: 724KB - Virtual size: 1.2MB

.rsrc
Size: 804KB - Virtual size: 803KB