gh0strat | c2aba2959309956884385810c6ee29d7830d0d407ec9a09781d8971fa1d584d1

Sharing

Copy URL Twitter E-mail

General

Target

c2aba2959309956884385810c6ee29d7830d0d407ec9a09781d8971fa1d584d1
Size

336KB
MD5

076364bdfc47f8158c735e124c5bec4a
SHA1

9fcf457a09ed2286d18e92bfafcc263d924c5d2f
SHA256

c2aba2959309956884385810c6ee29d7830d0d407ec9a09781d8971fa1d584d1
SHA512

9113ac518aca5846cb5d556203c405cd1c393bd39e79ee82fde7ef61e8af30ce6f6e0dfddb16da7ff2576f22117d0261ec43bfc40b990f6b6f7a83f729ca58a2
SSDEEP

1536:rioiq7E9oZ3TsenhY8kwtuwL7hSm1Rh+wIOdnToIfAUfekGHETYUXhz:riqTDsEY8mwnhS1mVTBfAUfeHETYSz

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2aba2959309956884385810c6ee29d7830d0d407ec9a09781d8971fa1d584d1

Files

c2aba2959309956884385810c6ee29d7830d0d407ec9a09781d8971fa1d584d1
.exe windows x86

096944358bd274221a9df990c5133311

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord796
ord674
ord554
ord529
ord366
ord825
ord807
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord860
ord800
ord540
ord5572
ord2915
ord2818
ord858
ord2614
ord2863
ord1175
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord815
ord561
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord5012
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord5241
ord5280
ord4441
ord5261
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1841
ord4241
ord4589
ord4588
ord4899
ord4370
ord4892
ord4533
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord2091
ord4432
ord5290
ord3402
ord3610
ord656
ord567
ord364
ord784
ord2370
ord2302
ord5260
ord924
ord1168
ord5677
ord3495
ord4720
ord6334
ord1979
ord5442
ord3318
ord665
ord5186
ord354
ord6385
ord6199
ord535
ord3177
ord3499
ord2515
ord355
ord537
ord4277
ord3350
ord4303
ord4467
ord5103
ord5100
ord3059
ord2390
ord2723
ord4242
ord1842
ord2621
ord823

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_CxxThrowException
_mbsicmp
__CxxFrameHandler

kernel32

GetPrivateProfileStringA
WritePrivateProfileStringA
GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetPrivateProfileIntA

user32

InsertMenuA
RemoveMenu
GetSubMenu
GetMenu
UpdateWindow
EnableWindow
MessageBoxA
SendMessageA

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

096944358bd274221a9df990c5133311

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 296KB - Virtual size: 296KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 296KB - Virtual size: 296KB

.rsrc
Size: 12KB - Virtual size: 11KB