gh0strat | 7158ab38d8286c67414506b81047053c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7158ab38d8286c67414506b81047053c
Size

176KB
MD5

7158ab38d8286c67414506b81047053c
SHA1

14034d0d132b728d5f40ac6c27b335e763115bfa
SHA256

5d4a8c94af1da4cb715bb54dbe16c56a0d06119d5aacce0c583b297f0c04919b
SHA512

33af91423f8f0a36b6e7835153a8cea4a2795ea72130d4884229efc872b26bd4be18e7a0c780a1c94f8bd83bcbed5641d8744a37a4eaf62fed35343452679b71
SSDEEP

1536:Lu4T6QTlQ2j+TNW1XnCKzDQyv0uWgEHxjckbJvfVtEVu:LfT6QTlxjLXCKDcMERjtJXVtE

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7158ab38d8286c67414506b81047053c

Files

7158ab38d8286c67414506b81047053c
.exe windows:4 windows x86 arch:x86

1f3943b6e423d10b83dd43e75c79ba04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
GetStartupInfoA

msvcrt

rand
srand
_exit
_XcptFilter
exit
_acmdln
__getmainargs
sprintf
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??2@YAPAXI@Z
_initterm

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ