gh0strat | 034c9d032a59f35d8eb450722333d8e7 | Triage

Sharing

General

Target

034c9d032a59f35d8eb450722333d8e7
Size

112KB
MD5

034c9d032a59f35d8eb450722333d8e7
SHA1

adec737bbf333ce661e58fc876fc7dcbf91dfbbd
SHA256

db3728db1bf2d2ef09dc864dec189f4548b84386ad16af3f4356aaad9790a537
SHA512

4c214dc477036956f0adc52ee202b1a48122a33e648b86ab93f81089787dbb211d08a1a30f94123fb4ba1832a32eb1da7fbad461f53b0f9f02339647f6a0baaf
SSDEEP

1536:41dhZ+CM4V+78WBnpt/jlUhf6dcMnufha0magaS8TjCLIpwEZ:YdhZbMbdKf6dXnoha0PJS8TjCLIpV

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
034c9d032a59f35d8eb450722333d8e7

Files

034c9d032a59f35d8eb450722333d8e7
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ServiceMain

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE