gh0strat | 141a67fc6a2a054984e65a27360ac40d

General

Target

141a67fc6a2a054984e65a27360ac40d
Size

324KB
MD5

141a67fc6a2a054984e65a27360ac40d
SHA1

4832afb8dd1e5dc095d2facaa12cfb8852a1e784
SHA256

c6e5fbcaf711a91f3e905f2b053ed70f089e78ea1e42b90ea7f9f6839941995a
SHA512

88a93f6e90e5b19aadb10f3b49af6d1e8fdb322b8f9806a08feebb6b55184abfffe758a3626e9d1c5049191fb332871157ef1ac4663656c8c8d3c9ba8e50389d
SSDEEP

6144:/S1kuk9NtuH8DqZCuO7DZJvM7x0N+fp12ImUd:6U9HOC/DZJCr3gi

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
141a67fc6a2a054984e65a27360ac40d

Files

141a67fc6a2a054984e65a27360ac40d
.exe windows:4 windows x86 arch:x86

1a00249c72996f63db10e9713a3e2a2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateProcessA
GetShortPathNameA
CopyFileA
WinExec
GetLastError
CloseHandle
GetModuleHandleA
GetCurrentThreadId
CreateThread
GetSystemDirectoryA
GetWindowsDirectoryA
FreeLibrary
Sleep
SetUnhandledExceptionFilter
lstrcmpA
GetCurrentProcess
GetModuleFileNameA
GetCommandLineA
CreateMutexA
ReleaseMutex
SetLastError
lstrcmpiA
lstrcpyA
GetTempPathA
GetTickCount
CreateFileA
lstrlenA
ExitProcess
lstrcatA
HeapFree
LoadLibraryA
GetProcAddress

user32

GetMessageA
PostThreadMessageA
GetInputState

advapi32

LookupAccountNameA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle
CreateServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegRestoreKeyA
StartServiceA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegCloseKey
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
EqualSid
AddAce
GetAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityA
OpenSCManagerA
GetServiceKeyNameA

shell32

ShellExecuteA

shlwapi

PathFileExistsA

msvcrt

_CxxThrowException
_onexit
__dllonexit
??1type_info@@UAE@XZ
strrchr
rename
_except_handler3
realloc
malloc
strncat
??2@YAPAXI@Z
strstr
__CxxFrameHandler
_strnicmp
??3@YAXPAX@Z
strchr

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a00249c72996f63db10e9713a3e2a2e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

msvcrt

wininet

Sections

.text Size: 248KB - Virtual size: 248KB

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 248KB - Virtual size: 248KB

.rsrc
Size: 72KB - Virtual size: 72KB