gh0strat | 22faf59d39c4279737d11a9d1b3a1c77[.]exe

General

Target

22faf59d39c4279737d11a9d1b3a1c77.exe
Size

357KB
MD5

22faf59d39c4279737d11a9d1b3a1c77
SHA1

2430300704a03f665a462a675c2f8ee2e9930bcb
SHA256

0f2720a64e1c9a26ef847fb491f6f8c4fb39a961e8a355e036fe87aab15faff2
SHA512

4c93ca2b82b1df32cf8b5a713fce132ddb4a7d19f04c1e64e25a0e6e43f8611ed7d181bb3b581bd202112a66299202aad92571900afd13dd686a192d76a716af
SSDEEP

6144:chyuVzhnQq+CxuZpiqvdXjKwTc5YoPuNl0n+V3QhbuDlu24SPF/wX3C1gy/D32gE:ch3tnFUZpigdXWwI5Hu0n+Vghba14K2Z

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22faf59d39c4279737d11a9d1b3a1c77.exe

Files

22faf59d39c4279737d11a9d1b3a1c77.exe
.exe windows:4 windows x86 arch:x86

0497254ef3912443d14681cc11a4df76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
GetWindowsDirectoryA
GetLastError
HeapFree
HeapAlloc
GetProcessHeap
lstrcatA
CloseHandle
Process32Next
lstrcmpiA
CreateToolhelp32Snapshot
GetModuleHandleA
GetCurrentProcess
WriteFile
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetFileAttributesA
DeleteFileA
ExpandEnvironmentStringsA
Sleep
WinExec
GetLocalTime
CopyFileA
lstrcpyA
lstrcmpA
GetModuleFileNameA
ExitProcess
MultiByteToWideChar
MoveFileA
lstrlenA
SetFileTime
GetTickCount
SetLastError
ReadFile
SetFilePointer
SetUnhandledExceptionFilter
GetCurrentThreadId
CreateThread
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA

msvcrt

sprintf
strtok
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strnset
_strrev
strchr
malloc
realloc
_except_handler3
_stricmp

iphlpapi

AddIPAddress
GetInterfaceInfo

Sections

333
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

222
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

111
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0497254ef3912443d14681cc11a4df76

Headers

File Characteristics

Imports

kernel32

msvcrt

iphlpapi

Sections

333 Size: 14KB - Virtual size: 14KB

222 Size: 4KB - Virtual size: 4KB

111 Size: 3KB - Virtual size: 3KB

.rsrc Size: 334KB - Virtual size: 333KB

333
Size: 14KB - Virtual size: 14KB

222
Size: 4KB - Virtual size: 4KB

111
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 334KB - Virtual size: 333KB