gh0strat | db2d841135a0c2371f27aa9c1b00da65e6e30a95801a4f709d234febad06f6f9

Sharing

Copy URL

Twitter E-mail

General

Target

db2d841135a0c2371f27aa9c1b00da65e6e30a95801a4f709d234febad06f6f9
Size

301KB
MD5

563a1faf1c40bced5de14acdc77fecdd
SHA1

c134f7bc21e395b9225d2c7ad289d380db789f59
SHA256

db2d841135a0c2371f27aa9c1b00da65e6e30a95801a4f709d234febad06f6f9
SHA512

378f9d033ef2c2a2ffc23f1433b4d98946a7c7ea918f3ad950a63da0ba9a8fe1a1b03ca7c5cf066d6ee3a2947c0c27de676b239c98d7fe2ab9ffb6c0b3d31a19
SSDEEP

384:bK4A04csU8twR1HboTku73J7fPMi24ug3pSWGZd4CRXMGNd5t9X6umu0KkKE:Vsj2UbZTd24u+ErXRXMGpdaK

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db2d841135a0c2371f27aa9c1b00da65e6e30a95801a4f709d234febad06f6f9

Files

db2d841135a0c2371f27aa9c1b00da65e6e30a95801a4f709d234febad06f6f9
.dll windows x86

301674a38bcd8b64d279604a9885ad65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

OpenDesktopA
OpenInputDesktop
PostThreadMessageA
wsprintfA
CloseDesktop
SetThreadDesktop
GetUserObjectInformationA
GetThreadDesktop
ExitWindowsEx

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA

wtsapi32

WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSFreeMemory

avicap32

capGetDriverDescriptionA

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1Init@ios_base@std@@QAE@XZ

ws2_32

WSAIoctl
WSAStartup
setsockopt
connect
getsockname
gethostname
send
htons
gethostbyname
socket
select
recv
closesocket
WSACleanup

msvcrt

_beginthreadex
_mbscmp
strncat
_except_handler3
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
memmove
strchr
atoi
strrchr
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
_stricmp
free

kernel32

GetCurrentThreadId
GetTickCount
OutputDebugStringA
GetProcessHeap
LoadLibraryA
GetProcAddress
GetCurrentProcess
TerminateThread
lstrlenA
GetSystemInfo
GlobalMemoryStatusEx
GetModuleHandleW
HeapFree
IsBadReadPtr
VirtualProtect
Process32Next
HeapReAlloc
HeapAlloc
lstrcpyA
OpenProcess
GetModuleFileNameA
SetFileAttributesA
Sleep
CancelIo
InterlockedExchange
SetEvent
ResetEvent
CreateThread
WaitForSingleObject
CloseHandle
FreeLibrary
CreateEventA
VirtualAlloc
VirtualFree
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
TerminateProcess

Exports

Exports

run

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

301674a38bcd8b64d279604a9885ad65

Headers

File Characteristics

Imports

user32

advapi32

wtsapi32

avicap32

msvcp60

ws2_32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 66KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 66KB

.reloc
Size: 2KB - Virtual size: 1KB