gh0strat | 48468c49058c3ad8794c30eef907297ee6db209f152faf5477a4d7bc17f1e731

Sharing

Copy URL Twitter E-mail

General

Target

48468c49058c3ad8794c30eef907297ee6db209f152faf5477a4d7bc17f1e731
Size

3.2MB
MD5

2655980daa85122f306bdfc7a162aecd
SHA1

8910fbae998ee9e354e5510138784e36c143bd40
SHA256

48468c49058c3ad8794c30eef907297ee6db209f152faf5477a4d7bc17f1e731
SHA512

a0d1625b58f2a8f7a97f7e85f6398d977e207d56846d9519bb98a47c0d1840cf9c7228e270000c132d09a097ce448aae5c41ce8bdae48e12c6496c51979e9d01
SSDEEP

24576:7pQ1+19O7dCNkNFogeKehxNuGi5iqY/bHrnpatabLl3f491w0rm/iwqkdRJySHwy:V++1QVq7NN4SB3H+CJ6TCR4D7do7gm

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48468c49058c3ad8794c30eef907297ee6db209f152faf5477a4d7bc17f1e731

Files

48468c49058c3ad8794c30eef907297ee6db209f152faf5477a4d7bc17f1e731
.exe windows:4 windows x86 arch:x86

2d78221fb16a2a90cfdcb2fb515859dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
CompareStringA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
SetEnvironmentVariableA
HeapDestroy
GetEnvironmentVariableA
HeapSize
HeapReAlloc
GetACP
GetLocalTime
GetProfileIntA
GetProfileStringA
GetTempPathA
GetPrivateProfileSectionNamesA
GetExitCodeThread
ResetEvent
EnumResourceLanguagesA
EnumResourceTypesA
EnumResourceNamesA
CreateDirectoryA
HeapCreate
GetSystemTime
GetTimeZoneInformation
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
ExitThread
HeapFree
RtlUnwind
CopyFileA
GetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SystemTimeToFileTime
LocalFileTimeToFileTime
GetOEMCP
GetProcessVersion
TlsGetValue
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
GetCurrentThread
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcmpA
SetThreadPriority
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynA
FormatMessageA
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
MulDiv
ResumeThread
LocalSize
GetFileAttributesA
GlobalSize
GlobalFree
TerminateThread
SetUnhandledExceptionFilter
LoadLibraryA
GetProcAddress
lstrcatA
CreateThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
CancelIo
InterlockedExchange
SetEvent
GetQueuedCompletionStatus
InterlockedDecrement
CreateIoCompletionPort
GetSystemInfo
EnterCriticalSection
PostQueuedCompletionStatus
GetLastError
LeaveCriticalSection
GetTickCount
InitializeCriticalSection
CreateEventA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
SizeofResource
GetProcessHeap
HeapAlloc
GetFileSize
ReadFile
FindNextFileA
SetFilePointer
FindFirstFileA
FindClose
lstrcpyA
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalReAlloc
LocalFree
CreateFileA
WriteFile
DeleteFileA
VirtualAlloc
VirtualFree
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
Sleep
WaitForSingleObject
CloseHandle

user32

DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
UnhookWindowsHookEx
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
EqualRect
AdjustWindowRectEx
SetFocus
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
LoadIconA
SendMessageA
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetWindowPos
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
GetMessageA
TranslateMessage
DispatchMessageA
LoadImageA
RegisterWindowMessageA
IntersectRect
GetClipboardData
CheckMenuItem
ScreenToClient
GetKeyState
GetWindowLongA
MoveWindow
ShowScrollBar
GetWindowRect
GetScrollBarInfo
GetSystemMenu
InvalidateRect
EnableWindow
GetMenuItemInfoA
SetRect
DrawEdge
ShowWindow
FillRect
CopyRect
GetSysColor
SystemParametersInfoA
DestroyIcon
DrawIconEx
ReleaseDC
DrawTextA
GetDC
GetDesktopWindow
GetSystemMetrics
AppendMenuA
InsertMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
GetMenuItemID
CreatePopupMenu
GetMenuStringA
GetSysColorBrush
LoadBitmapA
DeleteMenu
TabbedTextOutA
GrayStringA
GetSubMenu
GetClientRect
EnableMenuItem
GetCursorPos
wvsprintfA
DestroyMenu
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
ValidateRect
SetRectEmpty
PtInRect
CharUpperA
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
SetCursor
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
PostQuitMessage
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
IsZoomed
SetTimer
KillTimer
WindowFromPoint
GetClassNameA
GetDialogBaseUnits
LoadStringA
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
GetDCEx
LockWindowUpdate
SetCapture
RegisterClipboardFormatA
SetParent
IsRectEmpty
LoadMenuA
CloseClipboard
SetClipboardData
UnregisterClassA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
ExcludeUpdateRgn
DefDlgProcA
GetTabbedTextExtentA
GetClipboardFormatNameA
GetAsyncKeyState
IsWindowUnicode
GetWindowLongW
SetWindowLongW
GetDoubleClickTime
SetCursorPos
UnionRect
GetMenuDefaultItem
SetWindowRgn
GetCursor
GetMenuStringW
LookupIconIdFromDirectoryEx
GetWindowRgn
IsMenu
CopyIcon
CreateIconIndirect
GetIconInfo
CreateIconFromResourceEx
DrawFocusRect
DrawFrameControl
GetKeyboardLayoutList
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
SetMenuDefaultItem
WaitMessage
OpenInputDesktop
GetUserObjectInformationA
CloseDesktop
MapVirtualKeyA
RedrawWindow
InvertRect
PostThreadMessageA
SetWindowLongA
CheckMenuRadioItem
SendMessageTimeoutA
SetClassLongA
ClipCursor
DestroyCursor
LoadCursorA
UpdateWindow
GetFocus
SetForegroundWindow
PostMessageA
MessageBeep
InflateRect
OffsetRect
GetPropA
SetPropA
wsprintfA
MessageBoxA
IsWindowVisible
GetParent
GetWindow
OpenClipboard
EmptyClipboard
IsClipboardFormatAvailable
ShowCaret
HideCaret
DrawStateA

gdi32

GetStockObject
SetBkMode
SetPolyFillMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
LineTo
SetTextAlign
GetCurrentPositionEx
PolyBezierTo
GetClipRgn
CreateRectRgn
ExtSelectClipRgn
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
GetMapMode
RestoreDC
CombineRgn
DPtoLP
GetCharWidthA
CreateFontA
GetTextMetricsA
GetTextColor
GetBkColor
LPtoDP
CopyMetaFileA
SaveDC
CreateRectRgnIndirect
CreateBitmap
GetClipBox
StretchDIBits
SetBkColor
SetTextColor
StretchBlt
SetStretchBltMode
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
PatBlt
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
BitBlt
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
Polygon
GetTextAlign
GetCurrentObject
GetDIBits
PtInRegion
EnumFontFamiliesExA
GetWindowOrgEx
GetBitmapBits
ExtCreateRegion
Polyline
GetViewportOrgEx
ExtFloodFill
SetBrushOrgEx
GetRgnBox
CreatePolygonRgn
RoundRect
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
ExtTextOutW
GetTextExtentPointA
CreateDIBitmap
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
SetRectRgn
MoveToEx
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetFileTitleA
ChooseColorA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyA
RegSetValueA
RegQueryValueExA

shell32

DragFinish
SHAppBarMessage
ExtractIconA
Shell_NotifyIconA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
ord71
SHGetMalloc
DragQueryFileA
SHGetSpecialFolderLocation

comctl32

ord17
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Draw
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ImageList_DrawEx
ImageList_AddMasked
ImageList_Add
ImageList_GetImageInfo

oledlg

ord1
ord8

ole32

OleIsCurrentClipboard
CoTaskMemAlloc
CoTaskMemFree
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoCreateInstance
CLSIDFromString
ReleaseStgMedium
OleRun
OleInitialize
OleUninitialize
CLSIDFromProgID
CoDisconnectObject
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
CreateILockBytesOnHGlobal
OleFlushClipboard
OleDuplicateData
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop

olepro32

ord251
ord253

oleaut32

LoadTypeLi
SysStringLen
VariantTimeToSystemTime
VarBstrFromDate
VarDateFromStr
SysStringByteLen
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantClear
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
VariantChangeTypeEx
OleLoadPicturePath

dbghelp

MiniDumpWriteDump
MakeSureDirectoryPathExists

ws2_32

WSAIoctl
WSACloseEvent
setsockopt
WSASend
WSARecv
socket
accept
WSAGetLastError
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAEventSelect
htons
bind
listen
WSACleanup
gethostname
gethostbyname
closesocket
getpeername
inet_ntoa
ntohs
shutdown
getsockname
WSAStartup

winmm

PlaySoundA
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader
waveOutClose

shlwapi

PathRemoveFileSpecA
SHAutoComplete

imm32

ImmAssociateContext

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 472KB - Virtual size: 930KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d78221fb16a2a90cfdcb2fb515859dd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

dbghelp

ws2_32

winmm

shlwapi

imm32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 108KB - Virtual size: 107KB

.rdata Size: 352KB - Virtual size: 348KB

.data Size: 472KB - Virtual size: 930KB

.rsrc Size: 428KB - Virtual size: 427KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 108KB - Virtual size: 107KB

.rdata
Size: 352KB - Virtual size: 348KB

.data
Size: 472KB - Virtual size: 930KB

.rsrc
Size: 428KB - Virtual size: 427KB