gh0strat | 5de1b6a7a840c56488f86483531f5a0f

Sharing

Copy URL Twitter E-mail

General

Target

5de1b6a7a840c56488f86483531f5a0f
Size

164KB
MD5

5de1b6a7a840c56488f86483531f5a0f
SHA1

6d3829cbbfb1bb4075bccf3c304bdec19fea7006
SHA256

e09322514c15cb2e8e9347c149e666b6bb2e9173ac7a3f9b68aee88519ec26a4
SHA512

0f145cc3e468e64ec64be601ccd92700dc2564a35192dc09b0bbf3d84b47a37002bf71ac7c15a6ed736415ba7b0337f2685bbb5e94aba8c43a3ca2b89cd33ecb
SSDEEP

3072:N3DE9EctqkuqP11SCkavQAVZmdy+Yzhiun4w9SWCn6K:NT5npqP1ICkfOmkRViun4WSWCnz

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5de1b6a7a840c56488f86483531f5a0f

Files

5de1b6a7a840c56488f86483531f5a0f
.exe windows:4 windows x86 arch:x86

47f19f5e303856f52842cd5a0325a10b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetFilePointer
GetModuleFileNameA
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
SetFileAttributesA
CreateDirectoryA
GetCurrentThreadId
Sleep
CreateThread
HeapFree
HeapAlloc
GetSystemDirectoryA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetFileType
GetStdHandle
lstrcatA
GetLastError
SetLastError
CloseHandle
lstrcpyA
FindResourceA
LoadResource
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SizeofResource
WriteFile
lstrlenA
FreeResource
ExitProcess
GetWindowsDirectoryA
GetModuleHandleA
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
RtlUnwind
RaiseException
HeapReAlloc
GetStartupInfoA
GetVersion
VirtualFree
VirtualAlloc
IsBadWritePtr
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStringTypeW

user32

GetInputState
PostThreadMessageA
wsprintfA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegQueryValueExA
RegCloseKey
RegSetValueExA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47f19f5e303856f52842cd5a0325a10b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 120KB - Virtual size: 116KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 120KB - Virtual size: 116KB