gh0strat | 9ff9569f4f5ff1137bbc8bd844334466886b3c96e8dd329f1e7e662f5510dbc7

Sharing

Copy URL Twitter E-mail

General

Target

9ff9569f4f5ff1137bbc8bd844334466886b3c96e8dd329f1e7e662f5510dbc7
Size

3.3MB
MD5

36afe3177a2c5856c57ade407cfee9a5
SHA1

5634028fafca5e5cc2fd7fcc11a0795699253df8
SHA256

9ff9569f4f5ff1137bbc8bd844334466886b3c96e8dd329f1e7e662f5510dbc7
SHA512

ca147f050e2d7d31ff0784cf675f82c00073051639747f6329666ed482dc7e4b4cf653f4d0f0ee2caae7a6662ab9d0a74c5059e22fe1facda15f55115f4b020d
SSDEEP

49152:AIHKTsalTKslSnvzToOPoe+yjSMg8uKTuR/BOzIApvu0bzLY8AZH:JHKBKiSyU+RJOzI0LPMZ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Files

9ff9569f4f5ff1137bbc8bd844334466886b3c96e8dd329f1e7e662f5510dbc7
.exe windows x86

9212bc41bfb7ac98349a291d383eda16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsDirectoryA
PathRemoveFileSpecA
SHAutoComplete

kernel32

UnhandledExceptionFilter
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
IsBadReadPtr
SetUnhandledExceptionFilter
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
HeapCreate
GetProfileStringA
IsBadCodePtr
InitializeCriticalSection
HeapDestroy
lstrcatA
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
HeapSize
HeapReAlloc
GetACP
GetLocalTime
GetSystemTime
GetTimeZoneInformation
TerminateProcess
ExitProcess
DeleteCriticalSection
CloseHandle
TerminateThread
Sleep
GetTickCount
LeaveCriticalSection
EnterCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CreateEventA
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
WriteFile
SetFilePointer
CreateFileA
lstrcmpA
lstrlenA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
GetFileAttributesA
GetModuleFileNameA
GetFileSize
OutputDebugStringA
ReadFile
DeleteFileA
MoveFileA
GetLastError
CreateDirectoryA
GetCommandLineA
GetStartupInfoA
ExitThread
RaiseException
HeapAlloc
HeapFree
RtlUnwind
SetErrorMode
SystemTimeToFileTime
lstrcpyA
GetModuleHandleA
InterlockedExchange
VirtualFree
VirtualAlloc
PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
InterlockedDecrement
GetQueuedCompletionStatus
CancelIo
LocalSize
LocalFileTimeToFileTime
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
GetCurrentThread
MulDiv
SetLastError
FormatMessageA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LockResource
LocalReAlloc
GetVersionExA
FreeLibrary
FindResourceA
LoadResource
SizeofResource
GetVersion
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
IsBadWritePtr

user32

RegisterClipboardFormatA
GetNextDlgGroupItem
CopyAcceleratorTableA
LockWindowUpdate
GetDCEx
GetSysColorBrush
GetClassNameA
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
TranslateAcceleratorA
LoadAcceleratorsA
MapDialogRect
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
PostQuitMessage
LoadStringA
wvsprintfA
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
DestroyMenu
CharUpperA
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
GetFocus
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
GetScrollInfo
SetScrollInfo
GetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
IntersectRect
IsIconic
GetWindowPlacement
GetNextDlgTabItem
LoadIconA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
SetParent
LoadBitmapA
GetWindowDC
SetWindowRgn
IsZoomed
SetMenu
GetDesktopWindow
CopyIcon
PtInRect
SetRectEmpty
DrawFrameControl
GetCursor
DestroyCursor
GetClassInfoA
DefWindowProcA
SetMenuDefaultItem
SetForegroundWindow
TrackPopupMenu
GetMenuItemID
IsWindow
MessageBeep
OffsetRect
RedrawWindow
InflateRect
FindWindowA
DestroyIcon
LoadImageA
CharNextA
LoadMenuA
GetSubMenu
GetCursorPos
DeleteMenu
GetMenuItemCount
MessageBoxA
wsprintfA
LoadCursorA
ClipCursor
SetClassLongA
ReleaseDC
SendMessageTimeoutA
GetDC
CheckMenuRadioItem
AppendMenuA
GetSystemMenu
SendMessageA
SetCursorPos
GetMenuState
SetWindowLongA
GetClientRect
GetWindowRect
GetSystemMetrics
GetWindowLongA
GetKeyState
PostThreadMessageA
GetPropA
DrawIconEx
ShowScrollBar
GetScrollBarInfo
EnableMenuItem
CheckMenuItem
DrawTextA
PostMessageA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
SystemParametersInfoA
EnableWindow
DispatchMessageA
TranslateMessage
GetDlgCtrlID
SetWindowPos
GetParent
ReleaseCapture
ClientToScreen
WindowFromPoint
UpdateWindow
ScreenToClient
SetCursor
SetCapture
GetWindow
SetTimer
CreateMenu
GetMenuStringA
InsertMenuA
KillTimer
SetRect
IsWindowVisible
FillRect
GetSysColor
InvalidateRect
GetMessageA

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
CreateRectRgn
CreateRectRgnIndirect
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
OffsetViewportOrgEx
CreatePatternBrush
PtVisible
RectVisible
Escape
GetTextExtentPoint32A
GetTextMetricsA
GetCharWidthA
CreateFontA
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
LPtoDP
GetTextColor
GetBkColor
PtInRegion
CreateFontIndirectA
GetPixel
Rectangle
PlgBlt
CreateBitmap
FillRgn
CreatePolygonRgn
GetObjectA
SetBkMode
TextOutA
CreatePen
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
SetBkColor
SetTextColor
SetViewportOrgEx
SetMapMode
GetStockObject
RestoreDC
SaveDC
GetClipBox
PatBlt
ExtTextOutA
SetStretchBltMode
StretchBlt
CreateDIBitmap
StretchDIBits
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
GetTextExtentPointA
DeleteDC

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
InitializeSecurityDescriptor
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
SetFileSecurityA
RegSetValueA
RegCreateKeyA
RegDeleteValueA
SetSecurityDescriptorDacl
RegCreateKeyExA
RegOpenKeyExA
GetFileSecurityA

shell32

ShellExecuteA
ExtractIconA
DragQueryFileA
DragFinish
Shell_NotifyIconA
SHAppBarMessage
SHBrowseForFolderA
SHGetPathFromIDListA
ord71
SHGetFileInfoA

comctl32

ImageList_Create
ImageList_Destroy
ord17
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_AddMasked

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CoUninitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
CLSIDFromString
CoGetClassObject
OleIsCurrentClipboard
CoInitialize
CoTaskMemFree

olepro32

ord253

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen

skinh

SkinH_SetAero
SkinH_AttachRes

ws2_32

bind
htons
WSAEventSelect
WSACreateEvent
WSASocketA
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAGetLastError
accept
socket
WSARecv
WSASend
WSACloseEvent
WSAIoctl
select
connect
gethostbyname
ioctlsocket
listen
inet_ntoa
getpeername
closesocket
ntohs
getsockname
shutdown
setsockopt
WSAStartup
WSACleanup

avifil32

AVIFileInit
AVIFileExit
AVIStreamSetFormat
AVIFileCreateStreamA
AVIFileOpenA
AVIStreamWrite
AVIFileRelease
AVIStreamRelease
AVIMakeCompressedStream

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose

imm32

ImmAssociateContext

winmm

waveOutUnprepareHeader
waveOutReset
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveOutClose
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose

Sections

.text
Size: 944KB - Virtual size: 942KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9212bc41bfb7ac98349a291d383eda16

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

skinh

ws2_32

avifil32

msvfw32

imm32

winmm

Sections

.text Size: 944KB - Virtual size: 942KB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 108KB - Virtual size: 107KB

.rdata Size: 228KB - Virtual size: 224KB

.data Size: 1.9MB - Virtual size: 2.3MB

.rsrc Size: 180KB - Virtual size: 176KB

.text
Size: 944KB - Virtual size: 942KB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 108KB - Virtual size: 107KB

.rdata
Size: 228KB - Virtual size: 224KB

.data
Size: 1.9MB - Virtual size: 2.3MB

.rsrc
Size: 180KB - Virtual size: 176KB