gh0strat | eeba03d4b9342a13cf89c74fc9ee0684[.]exe

General

Target

eeba03d4b9342a13cf89c74fc9ee0684.exe
Size

2.5MB
MD5

eeba03d4b9342a13cf89c74fc9ee0684
SHA1

3bc6f4cf7e2cd92c6a8a39719ebb2591a5da64b3
SHA256

715b03bbd378eccd8a0824a6ac85640b533086c7dbd17a2eb33bab5ae1d05450
SHA512

2339cd6319824ad19d9c724314c33a92ac2d91bce3dff823824db4e015e84c12b44c2a8027ddca8abb3d5044a7fc2e39f3d3ca274e1b280c42807d13c2e88d0b
SSDEEP

49152:EzTUBzTUIzTUgzTU5zTU6TU2UMzTUTTUqzTUNzTU7fUj:LiXfKXxD0127cj

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eeba03d4b9342a13cf89c74fc9ee0684.exe

Files

eeba03d4b9342a13cf89c74fc9ee0684.exe
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymAddSymbol
SymCleanup
SymDeleteSymbol
SymEnumLines
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFromToken
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 12KB - Virtual size: 13KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 8KB - Virtual size: 6KB