gh0strat | b1bd966943d2595ac14098ffcb9cf840e7d2ffc8947799c7915eea94b023e4fc

Sharing

Copy URL Twitter E-mail

General

Target

b1bd966943d2595ac14098ffcb9cf840e7d2ffc8947799c7915eea94b023e4fc
Size

11.0MB
MD5

7bf74744e80663bc1ce9910a00214046
SHA1

e2fdb0cae7f3e540fb5635967a752365dd55e28a
SHA256

b1bd966943d2595ac14098ffcb9cf840e7d2ffc8947799c7915eea94b023e4fc
SHA512

f0f0f051c40667bd7d70e1f53c8b3463311fde1d156b7440a91e0c51119f202e54bc6dcf51ad6c08b32766a33dc1efc5405f94be10a6815162e9070cf4ff78c3
SSDEEP

196608:WV6fNu2Htr/iyfK8ywpCOVE73g7GLF+0QiU3g70nUePxwrCD2DofO:RfNrHtr/iyfK8viEEwwU3gQnzGOu4O

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1bd966943d2595ac14098ffcb9cf840e7d2ffc8947799c7915eea94b023e4fc

Files

b1bd966943d2595ac14098ffcb9cf840e7d2ffc8947799c7915eea94b023e4fc
.exe windows x86

81b4c38d0eeb360aabe8e28b5f9244ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVIStreamRelease

msvfw32

DrawDibOpen

winmm

mciSendCommandA

kernel32

TerminateProcess

user32

DestroyMenu

gdi32

GetCurrentObject

comdlg32

ChooseColorA

winspool.drv

DocumentPropertiesA

advapi32

RegCloseKey

shell32

SHBrowseForFolderA

comctl32

ImageList_Remove

oledlg

ord1

ole32

ReleaseStgMedium

olepro32

ord253

oleaut32

SafeArrayAccessData

urlmon

URLDownloadToFileA

ws2_32

inet_ntoa

wininet

HttpOpenRequestA

shlwapi

PathRemoveFileSpecA

skinh

SkinH_SetAero

imm32

ImmAssociateContext

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81b4c38d0eeb360aabe8e28b5f9244ad

Headers

File Characteristics

Imports

avifil32

msvfw32

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

ws2_32

wininet

shlwapi

skinh

imm32

msvcrt

iphlpapi

psapi

Sections

.text Size: 8.0MB - Virtual size: 8.0MB

.sedata Size: 1.3MB - Virtual size: 1.3MB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 8.0MB - Virtual size: 8.0MB

.sedata
Size: 1.3MB - Virtual size: 1.3MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.sedata
Size: 4KB - Virtual size: 4KB