gh0strat | 153c8549d62ba46ad030f7d63f9af247

General

Target

153c8549d62ba46ad030f7d63f9af247
Size

213KB
MD5

153c8549d62ba46ad030f7d63f9af247
SHA1

63472c9682cf3aeb0ad517b3bcb13e9f428ad8ab
SHA256

3f569e1531a3958f526cfecf927d6bd341962d9880356ddfe3794a9920a9aba8
SHA512

dd6ba78a03a625f317c2b6015e2b7c2c25e10668a057411f2806898f1c4d9c189d31330fda696fefcfd18a13180b1177f63a57cefa20df864b267d1e5b62055c
SSDEEP

6144:cK/Lwcce31cSxhes4mFck+PMupylYLl1tk:cK/Lw5SqSxhmm7+PMupTnk

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
153c8549d62ba46ad030f7d63f9af247

Files

153c8549d62ba46ad030f7d63f9af247
.exe windows:4 windows x86 arch:x86

a4e4619073a70f4e4cb528be4838b13e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
FreeLibrary
LockResource
SizeofResource
LoadResource
FindResourceA
LoadLibraryA
GetModuleFileNameA
VirtualProtect
GetProcAddress
GetModuleHandleA
VirtualAlloc
GetSystemInfo
IsBadReadPtr
GetVersion
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
WriteFile
SetUnhandledExceptionFilter
IsBadWritePtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��&&��
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fdsfsdfs
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a4e4619073a70f4e4cb528be4838b13e

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 10KB

.rsrc Size: 179KB - Virtual size: 180KB

����&&�� Size: 512B - Virtual size: 512B

fdsfsdfs Size: 1024B - Virtual size: 1024B

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 10KB

.rsrc
Size: 179KB - Virtual size: 180KB

��&&��
Size: 512B - Virtual size: 512B

fdsfsdfs
Size: 1024B - Virtual size: 1024B