gh0strat | 499710a04a31abd19b0eb3aa26306df1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

499710a04a31abd19b0eb3aa26306df1
Size

156KB
MD5

499710a04a31abd19b0eb3aa26306df1
SHA1

04f52cfc5cbc264679fe4d927e2ab79150887acc
SHA256

34e5d04c62ea9d19abe9d19b2c066353fbac5cf8c8cbeb96cde767eab9cfd5e3
SHA512

05f5ba5655da22948d977c0e3e6cd7ec88cfb6f87f1f5185494d7bbb2c07d585ac2db845d5c769d3e199a81ca2d09ad06ddf59dae9bfa4f1ac90996adbf1ed1e
SSDEEP

3072:KqtRn4aeDeT1asyKI9lsfKZaaynR1m0RTBftmnYcR:KqtZ4kUsyKarZaay60RTBlmnPR

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
499710a04a31abd19b0eb3aa26306df1

Files

499710a04a31abd19b0eb3aa26306df1
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllMain
EditAuditInfo
EditOwnerInfo
EditPermissionInfo
FMExtensionProcW
SedDiscretionaryAclEditor

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ