gh0strat | 507e85411a9be2c06309d99c8001ff08 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

507e85411a9be2c06309d99c8001ff08
Size

127KB
MD5

507e85411a9be2c06309d99c8001ff08
SHA1

64f431a31cef361561ec04ebcbb5bdd5497a1003
SHA256

d24f93240b5dfe80a22ad0ed0b8b3bd3778d6bd4d35bdce196d7c061cd123733
SHA512

713379a0208eb66baf5a0da4326817d20b466ce1cb1d8b30fc513ed0805820ecf8aaa5a7618f0cc5e37a1874fc3308b17cd2110cccafe2d1c4f2b6da7be137b1
SSDEEP

3072:fByYgf6+4/yv/gCBw8JchQw3z0cLDieo+A:pypf6+/wC6GDw3z0c6eoR

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
507e85411a9be2c06309d99c8001ff08

Files

507e85411a9be2c06309d99c8001ff08
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ServiceMain
ServicemixX
cervicemixX
svchostdkx

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata2
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE