gh0strat | 40e0413da4c6ea28d4be4807a8905769bb89eaab6cdb89bddebd1b5e48f02fb2

Sharing

Copy URL Twitter E-mail

General

Target

40e0413da4c6ea28d4be4807a8905769bb89eaab6cdb89bddebd1b5e48f02fb2
Size

64KB
MD5

f572bd94d136c992a6e17eb240625aea
SHA1

9f5c39c2703639f4e00a34668f01ce36b9ea929f
SHA256

40e0413da4c6ea28d4be4807a8905769bb89eaab6cdb89bddebd1b5e48f02fb2
SHA512

d96536d81e880f45930db221dd4580af703779dcfe9b8b5aa9e34e7da8cf97468a5aabaa414f48038d16544148b90a679e51520273e0c7abb327a6ef08b297d7
SSDEEP

768:5fvCvEG+NXLrkv1j0VeAYpXEj2QUtwGPaFTuD9+oa6f5lcBdV89h7hU88xxjWJE:Qv0nkGEAXj2QM5GBdO9XUv/

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40e0413da4c6ea28d4be4807a8905769bb89eaab6cdb89bddebd1b5e48f02fb2

Files

40e0413da4c6ea28d4be4807a8905769bb89eaab6cdb89bddebd1b5e48f02fb2
.exe windows x86

eccab898f1199cb898736e936b3755a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_beginthreadex
time
srand
_mbscmp
__p__commode
_access
_CxxThrowException
sprintf
_splitpath
_stricmp
_strnicmp
_strdup
strstr
_except_handler3
isalnum
free
realloc
malloc
??2@YAPAXI@Z
__CxxFrameHandler
__p__fmode
__set_app_type
_mbsicmp
_controlfp
_ftol
memmove
??3@YAXPAX@Z

kernel32

ReadFile
RaiseException
LocalAlloc
GetStartupInfoA
GetModuleHandleA
Process32First
Process32Next
lstrcmpiA
CopyFileA
GetCurrentThreadId
ExpandEnvironmentStringsA
GlobalLock
GlobalUnlock
GlobalAlloc
TerminateProcess
CreateThread
OpenEventA
SetFileAttributesA
RemoveDirectoryA
GetLocalTime
CreateDirectoryA
OpenProcess
DuplicateHandle
DeleteFileA
ExitProcess
GetModuleFileNameA
SetProcessWorkingSetSize
FindFirstFileA
FindNextFileA
FindClose
MultiByteToWideChar
GetVersionExA
GetSystemInfo
GlobalMemoryStatusEx
GetDriveTypeA
GetDiskFreeSpaceExA
LoadLibraryW
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
Sleep
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
SetEvent
InterlockedExchange
CancelIo
WriteFile
SetFilePointer
CreateFileA
GetFileSize
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetFileAttributesA
lstrlenA
GetCurrentProcess
GetVersion
DeviceIoControl
Beep
TerminateThread
lstrcatA
GetTickCount
GetLastError
HeapAlloc
GetProcessHeap
VirtualProtect
IsBadReadPtr
HeapFree

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eccab898f1199cb898736e936b3755a8

Headers

File Characteristics

Imports

msvcrt

kernel32

msvcp60

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 109KB

.rsrc Size: 4KB - Virtual size: 912B

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 109KB

.rsrc
Size: 4KB - Virtual size: 912B