gh0strat | f63f336972368b27fe5375f3f82b92a1

General

Target

f63f336972368b27fe5375f3f82b92a1
Size

108KB
MD5

f63f336972368b27fe5375f3f82b92a1
SHA1

4cc832c181af11b0d533be1460ebc8c36db3201a
SHA256

352cc4985e1ad103cbe0332ac1bb3cee0d4ccdb15d990fd1d429658c52465e6d
SHA512

ce473dd02edc445dca679a9e31d45f56fd2d01608c2276156efb220d4793e3beda169a876ecdd560a6b714ab333389bb98df8267397e2dfe973dc1ef732bf212
SSDEEP

3072:nEDp5IucmVVLVTuoKem/1EQ6vEpvHa3Ha16nzr:nyp5IucmVVLVxj6HTpf716n

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f63f336972368b27fe5375f3f82b92a1

Files

f63f336972368b27fe5375f3f82b92a1
.exe windows:4 windows x86 arch:x86

f09e12d8219868fcb9d8e18a7b029461

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileA
GetLocalTime
GetFileAttributesA
ReadFile
SetFilePointer
SetUnhandledExceptionFilter
Sleep
ReleaseMutex
CopyFileA
GetCommandLineA
SetFileAttributesA
CreateDirectoryA
GetSystemDirectoryA
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
WinExec
GetModuleFileNameA
lstrcmpA
DeleteFileA
SetLastError
lstrcmpiA
lstrcpyA
FindResourceA
LoadResource
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
FreeLibrary
SetFileTime
SizeofResource
lstrlenA
WriteFile
CloseHandle
MultiByteToWideChar
ExitProcess
lstrcatA
GetLastError
GetTempPathA
GetProcessHeap
GetWindowsDirectoryA
HeapAlloc
HeapFree
LoadLibraryA
GetProcAddress
CreateMutexA

user32

GetMessageA
wsprintfA
GetInputState
PostThreadMessageA

advapi32

InitializeSecurityDescriptor
CreateServiceA
CloseServiceHandle
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupAccountNameA
GetFileSecurityA
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityA
StartServiceA
OpenServiceA
OpenSCManagerA

msvcrt

_exit
_except_handler3
realloc
malloc
strlen
strchr
memset
strtok
??2@YAPAXI@Z
memcpy
exit
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_strrev
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

netapi32

NetApiBufferFree
NetUserGetLocalGroups

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f09e12d8219868fcb9d8e18a7b029461

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 96KB - Virtual size: 95KB

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 96KB - Virtual size: 95KB