gh0strat | 59ed7e004f653d309da34daf7484dd07

Sharing

Copy URL Twitter E-mail

General

Target

59ed7e004f653d309da34daf7484dd07
Size

115KB
MD5

59ed7e004f653d309da34daf7484dd07
SHA1

9e30661355f578e24d05ac8ef0cf51d815868ee1
SHA256

d3aeb34dbf47cb24604c42e74094352a9af1a4676111b91e1c6b1032c4d0a220
SHA512

f1713794e35c07b65cc64f2ccc8eb46c34b8fc310a805c606b28242e3d2fbb6f2ee8c8633548869658f3c553c0edc24189c90e0728eafbd035d4a1ecb2d90517
SSDEEP

3072:nMpAqXHU5GIMsblttTosINIamlqCicenTcm:MpAqk5HV6clNOnTcm

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59ed7e004f653d309da34daf7484dd07

Files

59ed7e004f653d309da34daf7484dd07
.dll windows:4 windows x86 arch:x86

db196f2a57cae04b826eb622541e8553

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
InterlockedExchange
lstrlenA
lstrcatA
FreeLibrary
lstrcmpA
GetLastError
FindClose
LocalFree
LocalReAlloc
FindFirstFileA
LocalAlloc
GetFileSize
ReadFile
SetFilePointer
MoveFileA
SetLastError
GetCurrentProcess
OpenProcess
GetLocalTime
HeapFree
GetProcessHeap
HeapAlloc
GlobalFree
GlobalAlloc
GlobalUnlock
CreatePipe
PeekNamedPipe
DeviceIoControl
GlobalMemoryStatus
SetErrorMode
Process32Next
Process32First
CreateToolhelp32Snapshot
RaiseException

msvcrt

strrchr
strncpy
atoi
strncmp
_errno
strtok
_except_handler3
realloc
wcstombs
_beginthreadex
calloc
??1type_info@@UAE@XZ
free
malloc
strchr
_CxxThrowException
strstr
_ftol
ceil
memmove
__CxxFrameHandler
strncat
??3@YAXPAX@Z
_strnicmp
??2@YAPAXI@Z
_strcmpi

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvfw32

ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
ICSeqCompressFrame
ICSendMessage

Exports

Exports

ServiceMain
aaaaaaaaaaaa
bbbbbbbbbbbb
cccccccccccc
zzzzzzzzzzzzz

Sections

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db196f2a57cae04b826eb622541e8553

Headers

File Characteristics

Imports

kernel32

msvcrt

msvcp60

msvfw32

Exports

Exports

Sections

.CRT Size: 512B - Virtual size: 8B

.text Size: 107KB - Virtual size: 106KB

.reloc Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 8B

.text
Size: 107KB - Virtual size: 106KB

.reloc
Size: 7KB - Virtual size: 6KB