gh0strat | 94fcc48797e2d00a9f5e223f10d395c16439056f4f60ca06790b04bef873a7e4

General

Target

94fcc48797e2d00a9f5e223f10d395c16439056f4f60ca06790b04bef873a7e4
Size

1.6MB
MD5

110f48ea4cc64e9fd0c30db278e944a8
SHA1

ba61dde03e674e0a5d4649286fc20633118465c0
SHA256

94fcc48797e2d00a9f5e223f10d395c16439056f4f60ca06790b04bef873a7e4
SHA512

a9dd83374dd434220ed331d6c8460ac22a04686afb1054362b0f9c7519bf77eb6e770b00e803927b8489974c9099a19eb7d3917ea6ecd8caf39d10c0f7e38fb0
SSDEEP

24576:L1DukRXK/3FYFuBCy3oNabo0iSD1gAbT5agtchseoB+L1EydiRZDVHKdFkL6JJqE:xUAcZchGBGCydiRZRHkSwv

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94fcc48797e2d00a9f5e223f10d395c16439056f4f60ca06790b04bef873a7e4

Files

94fcc48797e2d00a9f5e223f10d395c16439056f4f60ca06790b04bef873a7e4
.exe windows x86

8f54c7f89ab7fb80e3cbd057af48cb19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize

user32

RegisterClipboardFormatA

gdi32

SetMapMode

comdlg32

GetOpenFileNameA

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

SHGetMalloc

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries

olepro32

ord253

oleaut32

SysFreeString

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 668KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sedata
Size: 920KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f54c7f89ab7fb80e3cbd057af48cb19

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

msvcrt

iphlpapi

psapi

Sections

.text Size: 668KB - Virtual size: 1.4MB

.sedata Size: 920KB - Virtual size: 920KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 668KB - Virtual size: 1.4MB

.sedata
Size: 920KB - Virtual size: 920KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB