gh0strat | 54ef720bb32e0477402c92a122c1f5de

Sharing

Copy URL Twitter E-mail

General

Target

54ef720bb32e0477402c92a122c1f5de
Size

460KB
MD5

54ef720bb32e0477402c92a122c1f5de
SHA1

cd9eeea3bd99ecac153d18693c69aa33dee9cb53
SHA256

b7f3d3d1bd9b9cf30c0239877aef49485630becd5cab0d63caf297a9d311cb03
SHA512

938e2bc35bc9f2fefe3546788707bb5eac232f1d5e07c8810acee2f555dc53ca0aeb65efe4fbf6defc08bffb0962a036a72617458022f0c562d4252f8578fd16
SSDEEP

12288:Sh4bAialWmEcfn5UBlN0M5ktWZViuK4VbUoqgGB:ShOAiaIcfnaBlN0M5gWZViuK4VbUoqgy

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54ef720bb32e0477402c92a122c1f5de

Files

54ef720bb32e0477402c92a122c1f5de
.dll windows:4 windows x86 arch:x86

c575179e7bfc0fbd3d7aefae6ea1b33c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
vsprintf
free
malloc
??3@YAXPAX@Z
_except_handler3
_beginthreadex
_CxxThrowException
sprintf
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
ceil
memmove

msvcp60

?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

kernel32

CreateEventA
GetSystemInfo
LoadLibraryA
GetProcAddress
GetCurrentThreadId
FreeLibrary
Sleep
CancelIo
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
WideCharToMultiByte
InterlockedExchange
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

SysFreeString

ws2_32

htons
send
closesocket
WSAStartup
WSACleanup
recv
setsockopt
connect
WSAIoctl
gethostbyname
socket
select

Exports

Exports

PluginMe

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c575179e7bfc0fbd3d7aefae6ea1b33c

Headers

File Characteristics

Imports

msvcrt

msvcp60

kernel32

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 251KB - Virtual size: 251KB

.rodata Size: 12KB - Virtual size: 11KB

.rotext Size: 109KB - Virtual size: 108KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 38KB - Virtual size: 459KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 251KB - Virtual size: 251KB

.rodata
Size: 12KB - Virtual size: 11KB

.rotext
Size: 109KB - Virtual size: 108KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 38KB - Virtual size: 459KB

.reloc
Size: 13KB - Virtual size: 13KB