gh0strat | 5656283fa8ebf3a6c27a39b3200a85a2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5656283fa8ebf3a6c27a39b3200a85a2
Size

187KB
MD5

5656283fa8ebf3a6c27a39b3200a85a2
SHA1

0b47b07aac1bb540b9ca51bdbefaf3b04649976e
SHA256

42c112250da306dcaf9c117fdc749a879d2dc488ef3d9a0c864f84f864e94e52
SHA512

22736e0f94aa82efab11394f08bfeb8688e09a788d5d5fa7037ea72d12591344473b5bcb700fd016e5f2cf2af12b9199e7e8ba7d686814756a0e4c91f9da2ed0
SSDEEP

3072:GoHZ8wN8L56glhtPIcLZ4ZutbKP4wC3z1+bTBftL9nmud41Mm86glhtPIcA:LmO8LVtPIc3boq8bTBlL9nme411StPIb

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5656283fa8ebf3a6c27a39b3200a85a2

Files

5656283fa8ebf3a6c27a39b3200a85a2
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DavFreeUsedDiskSpace
DavGetDiskSpaceUsage
DavGetTheLockOwnerOfTheFile
DllCanUnloadNow
DllGetClassObject
DllMain
NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPFormatNetworkName
NPGetCaps
NPGetConnection
NPGetResourceInformation
NPGetResourceParent
NPGetUniversalName

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ