gh0strat | 6d117697157169fc4fed3ce41052cfaf

Sharing

Copy URL Twitter E-mail

General

Target

6d117697157169fc4fed3ce41052cfaf
Size

32KB
MD5

6d117697157169fc4fed3ce41052cfaf
SHA1

8540694bf10ae090c6b6c40867d763722458bfb4
SHA256

52b6c569c318c832a37ea17296fb8d4a04548d399712be86aaa31eedd802b036
SHA512

76144a782f04b59ded643313e7bdff19db83b7bc6ba67e6c2923add64f8fdb50fa55d6bfd627755b85bb7a61a6f43f80f8a9090c24dabf82e95d1eb1aed7805c
SSDEEP

384:305TjNZ7zP7C0lgnW4NCCaL8qwmFI7EyQ4Q+R4ls8JVTwc9NSTEL5e/jxNh1:305fN5vCZ/NCCzeXl9JVkiL5e/jj

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d117697157169fc4fed3ce41052cfaf

Files

6d117697157169fc4fed3ce41052cfaf
.dll windows:4 windows x86 arch:x86

878d3137283a7292ec2b21d2dd54c199

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
lstrlenA
CloseHandle
CreateThread
LocalFree
LocalAlloc
GetProcAddress
GetLastError
IsBadReadPtr
CancelIo
GetModuleHandleA
OpenProcess

user32

CreateWindowExA
GetMessageA
TranslateMessage
LoadIconA
DispatchMessageA
LoadCursorA
RegisterClassA

gdi32

GetStockObject

advapi32

DuplicateTokenEx
CreateProcessAsUserA
SetTokenInformation

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

psapi

GetProcessMemoryInfo

msvcrt

_access
_initterm
malloc
_adjust_fdiv
_except_handler3
wcstombs
strstr
strncpy
free
realloc
_beginthreadex
__CxxFrameHandler
_ftol
??3@YAXPAX@Z
memmove
ceil
??2@YAPAXI@Z

ws2_32

send
WSAStartup
WSACleanup
setsockopt
htons
gethostbyname
socket
select
recv
closesocket

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

Exports

Exports

RMain
ServiceMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

878d3137283a7292ec2b21d2dd54c199

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

psapi

msvcrt

ws2_32

wtsapi32

userenv

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB