Gh0st[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Gh0st.zip
Size

956KB
MD5

21a59158dbf81b485ee14ab02211b432
SHA1

b003527eb00eb63ed303a65147bc02efaeaf8f6e
SHA256

30db7310cac8b102b8ac391bab753015e6ae497d5aa9dcc5b29204dbdc1cb8e8
SHA512

04b77abfe9e2a14ac23fd33f429d40a62683af8cf11bf31cb933e4509edb5bc0b36de1f5910c2ec78d791104447b52a868db3696523bfcf5a633f55cd88e0d8c
SSDEEP

24576:mbCcQKZcfEiwWagRcnDib9iyqMMC9z/kOwCByj2zL1:mNc8iwyRcG5qPsz/Di2zh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QingniaoChrome.exe

Files

Gh0st.zip
.zip

Password: infected
QingniaoChrome.exe
.exe windows x86

1f992f6e403a8604f4a7627d72991953

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
CreateFileW
SetEnvironmentVariableA
FindFirstFileA
UnmapViewOfFile
GetLastError
CreateFileA
GetTimeZoneInformation
VirtualProtect
GetDriveTypeW
GetCurrentDirectoryW
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
QueryPerformanceCounter
WaitForMultipleObjects
PeekNamedPipe
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
CompareStringW
LCMapStringW
GetStringTypeW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
GetConsoleMode
GetConsoleCP
GetStdHandle
IsValidCodePage
VirtualAlloc
GetSystemInfo
InterlockedDecrement
InterlockedIncrement
lstrcpyA
ResumeThread
CreateProcessA
UpdateProcThreadAttribute
GetProcessHeap
HeapAlloc
InitializeProcThreadAttributeList
OpenProcess
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
VirtualQuery
HeapReAlloc
RaiseException
CreateThread
ExitThread
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapFree
ExitProcess
DecodePointer
EncodePointer
FindResourceExW
SearchPathA
Sleep
GetProfileIntA
InitializeCriticalSectionAndSpinCount
GetNumberFormatA
GetWindowsDirectoryA
GetTickCount
GetTempPathA
SetErrorMode
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiA
GetStringTypeExA
GetACP
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
GetFullPathNameA
GetTempFileNameA
GetFileTime
GlobalGetAtomNameA
GlobalFindAtomA
GetVersionExA
LoadLibraryW
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
WaitForSingleObject
SetThreadPriority
GlobalUnlock
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
FindResourceA
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetModuleFileNameA
GetLocaleInfoA
WideCharToMultiByte
CompareStringA
ActivateActCtx
LoadLibraryA
DeactivateActCtx
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleW
GetProcAddress
FreeLibrary
SetFileTime
WriteFile
CreateDirectoryA
GetFileAttributesA
LocalFileTimeToFileTime
lstrcatA
lstrlenA
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
SetFilePointer
ExpandEnvironmentStringsA
FindClose
DeleteFileA

user32

GetNextDlgGroupItem
SetCapture
InvalidateRgn
SetRect
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
LoadCursorA
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoA
KillTimer
RealChildWindowFromPoint
SetParent
GetSystemMenu
DeleteMenu
IsRectEmpty
IsZoomed
GetSystemMetrics
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
LoadImageA
DestroyIcon
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
IsIconic
InsertMenuItemA
CreatePopupMenu
IntersectRect
OffsetRect
BringWindowToTop
TranslateAcceleratorA
GetDC
SetRectEmpty
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
RegisterWindowMessageA
LoadIconW
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MessageBeep
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
CharUpperA
InflateRect
SetWindowPlacement
GetWindowPlacement
EnableWindow
SetTimer
UpdateWindow
PtInRect
GetWindowDC
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetMenuItemInfoA
LoadAcceleratorsW
LoadMenuW
GetKeyNameTextA
MapVirtualKeyA
UnionRect
WindowFromPoint
LockWindowUpdate
UnregisterClassA
SetWindowRgn
RedrawWindow
DestroyAcceleratorTable
NotifyWinEvent
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuA
GetMenuState
GetAsyncKeyState
SetCursorPos
SetClassLongA
DrawStateA
DrawIconEx
DrawEdge
DrawFrameControl
ReleaseDC
wsprintfA
PostQuitMessage
PostMessageA
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
EndDialog
SendMessageA
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
DrawFocusRect
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
CheckMenuItem
EnableMenuItem
CreateAcceleratorTableA
GetWindowRgn
DestroyCursor
DrawIcon
SubtractRect
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
CharUpperBuffA
CopyIcon
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageA
CreateMenu
IsMenu
UpdateLayeredWindow
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
CopyImage
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
RegisterClipboardFormatA
MonitorFromWindow

gdi32

SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
GetTextMetricsA
SetROP2
CreateDIBitmap
CreateRectRgnIndirect
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
PatBlt
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectA
GetObjectA
SetBkColor
GetTextExtentPoint32A
CreateBitmap
SetTextColor

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CryptImportKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt

shell32

DragFinish
DragQueryFileA
SHAddToRecentDocs
SHBrowseForFolderA
SHAppBarMessage
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetFileInfoA

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA
PathFindExtensionA

ole32

OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CoRevokeClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoGetClassObject
CoInitialize
CoCreateInstance
CoUninitialize
OleDuplicateData
ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoCreateGuid

oleaut32

SysStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
VarBstrFromDate
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SysFreeString

oledlg

ord8

wldap32

ord46
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord41

ws2_32

bind
ntohs
htons
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
getsockname

crypt32

CertFreeCertificateContext

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipDeleteGraphics
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipAlloc
GdipFree

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

1f992f6e403a8604f4a7627d72991953

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

wldap32

ws2_32

crypt32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 320KB - Virtual size: 319KB

.data Size: 25KB - Virtual size: 54KB

.rsrc Size: 126KB - Virtual size: 125KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 320KB - Virtual size: 319KB

.data
Size: 25KB - Virtual size: 54KB

.rsrc
Size: 126KB - Virtual size: 125KB