gh0strat | NEAS[.]5458f756f3e0d54f34493c0d831cfa20[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5458f756f3e0d54f34493c0d831cfa20.exe
Size

5.0MB
MD5

5458f756f3e0d54f34493c0d831cfa20
SHA1

235247694fe5700a5a5ecf092194deb5e1e46c6a
SHA256

9ef83a7349a77defd5d0303233198d0a31b9381a219b5e9d57b4af1dc4c3ae74
SHA512

e87b9fa7eaf0e8c8403a73d00ea9bffaa1eb14c331a918afe62747af6d3f9b36c7b2302dd3b6f07617ebc0a1e93cbd348df8a96207dfdb5267b3c55541f9e609
SSDEEP

3072:vvPbyv9EueS4ma+Jn0wZ7RIf5HR/bXV1YdAL65vQV3skikmo4vewN1IKIFN1x/6B:TgF+qkCQB5ido4vxN1IKIFN1x/zsH

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5458f756f3e0d54f34493c0d831cfa20.exe

Files

NEAS.5458f756f3e0d54f34493c0d831cfa20.exe
.dll windows:4 windows x86

cc17785b6d98188870638b70d80e419c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
CancelIo
GetLastError
lstrlenA
FindClose
LocalFree
FreeLibrary
lstrcpyA
MultiByteToWideChar
InterlockedExchange
ExitProcess
lstrcatA
GlobalFree
GlobalAlloc
GlobalUnlock
PeekNamedPipe
SetErrorMode
FreeConsole
RaiseException
LocalAlloc

msvcrt

atoi
strncmp
strchr
_errno
wcscpy
_snprintf
strncat
realloc
memmove
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
strrchr
_except_handler3
malloc
free
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
wcstombs
ceil
_strupr
_strnicmp
??3@YAXPAX@Z
strncpy
_strcmpi

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvfw32

ICCompressorFree
ICSeqCompressFrameEnd
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrame
ICClose

Exports

Exports

Group
Identifi

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc17785b6d98188870638b70d80e419c

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

msvfw32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 7KB