gh0strat | 54cb5a87217060c68247c8126baf1716

General

Target

54cb5a87217060c68247c8126baf1716
Size

121KB
MD5

54cb5a87217060c68247c8126baf1716
SHA1

b951fff281a71ddceb9c8d9e8259c6755b444dd9
SHA256

7916bc3da53236edb952565d17992a0f0c7dce9768ce3f34da20305e2cec22e0
SHA512

8347aeafe2f24eab9de4a88ee286485021049b9ebd0e13683b21423cbcc84d12aeda9ec6fe3e0ea0d42dabe047a61be4c115451947509aa4498b8f574e01c070
SSDEEP

3072:AuHc+BZ8zr6pdTHogka9dZZpgci7sOf/LlCnAUJv6Pkb:AEc+L8zr0RHogtJ+9/xGJv1

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54cb5a87217060c68247c8126baf1716

Files

54cb5a87217060c68247c8126baf1716
.exe windows:4 windows x86 arch:x86

1ecf691f3f05fac89b4f48b828c3cc67

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
CreateDirectoryA
MoveFileA
GetTempPathA
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
GetSystemDirectoryA
lstrcatA
GetLastError
SetLastError
lstrcmpiA
lstrcpyA
LoadResource
GetProcAddress
SetFileTime
SizeofResource
WriteFile
lstrlenA
CloseHandle
FreeResource
SetFileAttributesA
ExitProcess
GetWindowsDirectoryA
LoadLibraryA
Sleep

user32

GetInputState
GetMessageA
wsprintfA
PostThreadMessageA

advapi32

OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteA

msvcrt

??1type_info@@UAE@XZ
_controlfp
strtok
??2@YAPAXI@Z
strchr
__CxxFrameHandler
_CxxThrowException
realloc
malloc
??3@YAXPAX@Z
_except_handler3
fclose
fputs
fopen
strstr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ecf691f3f05fac89b4f48b828c3cc67

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 111KB - Virtual size: 111KB

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 111KB - Virtual size: 111KB