gh0strat | 7605bdd02fd8916015fd778e7ae9f230

Sharing

Copy URL Twitter E-mail

General

Target

7605bdd02fd8916015fd778e7ae9f230
Size

148KB
MD5

7605bdd02fd8916015fd778e7ae9f230
SHA1

63a5a237053e75fc9c749574637980e91ce082ab
SHA256

c6f95a38c4c871939cefd7aaf8cbcc7ab68de1aac3a3d75370c21f7abc276cc6
SHA512

01a8dd355e43e1ca89edcc4448a1781f63674b981b770ff683bdd2e6760db907401364d9768f2baf88361cb52d134a099a4d2d135581ae2d3a16c043d40f35cf
SSDEEP

3072:BObCvqtzYD/6Gs3sfoIZiSAb/Hu2t8Qd8RnqbTBftV:BObcqta/i3sfoae/URnqbTBlV

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7605bdd02fd8916015fd778e7ae9f230

Files

7605bdd02fd8916015fd778e7ae9f230
.dll regsvr32 windows:4 windows x86 arch:x86

8f4e43fe7a562ccb8b06bd3b9e61fb09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteKeyA

user32

LoadCursorA
DestroyCursor
PtInRect
GetCursorInfo
MessageBoxA
CopyRect
SendMessageTimeoutA
GetClassNameA
GetWindow
ShowWindow
EnableWindow
GetWindowRect
CreateWindowExA
DestroyWindow
CloseWindowStation
wsprintfA
wvsprintfA

kernel32

RaiseException
LoadLibraryA
GlobalAlloc
LocalAlloc
IsBadWritePtr
FormatMessageA
SetUnhandledExceptionFilter
GetLongPathNameA
GetTempPathA
SetEnvironmentVariableA
GetFileAttributesExA
GetCurrentProcessId
GetCommandLineA
GetProcAddress
GetVersionExA
GetSystemInfo
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GetSystemDirectoryA
HeapFree
GetProcessHeap
GetTickCount
HeapAlloc
DeleteFileA
RemoveDirectoryA
ExitThread
GetShortPathNameA
GetModuleFileNameA
IsBadReadPtr
IsBadStringPtrW
InitializeCriticalSection
LeaveCriticalSection
InterlockedExchange
GetLastError
GetModuleHandleA
FreeLibrary
VirtualQuery
lstrcmpiA
GetCurrentThreadId
GetTempFileNameA
MultiByteToWideChar
lstrcmpA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GetLocalTime
ExitProcess

advapi32

RegRestoreKeyA
RegisterServiceCtrlHandlerExA
RegOpenKeyExW
RegSaveKeyA

msvcrt

_ftol
strncat
_onexit
__dllonexit
_adjust_fdiv
_initterm
_stricmp
_memicmp
_wcsicmp
_strlwr
_strupr
_beginthreadex
wcslen
ceil
__CxxFrameHandler
free
malloc
strncpy
atoi
strchr
rand
srand
time
_callnewh
memmove
_except_handler3
wcstombs
strrchr
realloc

Exports

Exports

CLSID_CfgComp
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IID_ICfgComp

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f4e43fe7a562ccb8b06bd3b9e61fb09

Headers

File Characteristics

Imports

shlwapi

user32

kernel32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 294B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 294B

.reloc
Size: 8KB - Virtual size: 7KB