gh0strat | 11aca06a8682d85531afb2f72d949a5a

General

Target

11aca06a8682d85531afb2f72d949a5a
Size

70KB
MD5

11aca06a8682d85531afb2f72d949a5a
SHA1

66bdec0af63c153abaa371d81e38eccfac07147f
SHA256

7f3b0eb9eb43dd4d60fb8c84ca57fccc9cf0367fc64fa2d796784aa79d81ee64
SHA512

add802b75f17cea602374c3b7a4bbda5c4cffc37b3f8fa6aea27d5ce7b4735d882beb9d36918ff63ca5ad2bfb822129ad7232490f2947c4a076fc0fdc8eaf42d
SSDEEP

1536:0CxlHt4ge0mGkmQmcs/YlcD6bfSFwUtPqUk:0CxlHt4geLGku1Ylo6rSFwGPqUk

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11aca06a8682d85531afb2f72d949a5a

Files

11aca06a8682d85531afb2f72d949a5a
.exe windows:4 windows x86 arch:x86

0e5a21768ef1577d9bf29a1e0f873961

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
CreateMutexA
ReleaseMutex
Sleep
SetUnhandledExceptionFilter
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
CloseHandle
GetSystemDirectoryA
lstrcpyA
lstrcmpiA
GetTickCount
SizeofResource
HeapFree
lstrlenA
FreeResource
MoveFileA
SetFileAttributesA
DeleteFileA
LoadLibraryA
ExitProcess
lstrcatA
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress
GetStartupInfoA

user32

GetInputState
PostThreadMessageA
wsprintfA
GetMessageA

advapi32

LookupAccountNameA
CreateServiceA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
AddAce
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
StartServiceA

msvcrt

exit
_controlfp
_except_handler3
realloc
malloc
strchr
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

netapi32

NetUserGetLocalGroups
NetApiBufferFree

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e5a21768ef1577d9bf29a1e0f873961

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: 10KB - Virtual size: 9KB

.rsrc Size: 59KB - Virtual size: 59KB

.text
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 59KB - Virtual size: 59KB