gh0strat | 76ac0aa6bcb322e5c04f2966da76be4c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76ac0aa6bcb322e5c04f2966da76be4c
Size

112KB
MD5

76ac0aa6bcb322e5c04f2966da76be4c
SHA1

25a37de7fdfc554cf9e08bfb047dc940875367fc
SHA256

e7c567c4e8c847d7c6f4de148f4a75d61379a8df7dc0c7068cd62ed5c29d68e6
SHA512

1b5e9591a45d35b362b4cc77a537c74b62bf416ac0fa32cc2ef034fbfc9536cd3112899f6a07a0747ad0e6d167c4ed2ae61933c41dcb2627353db26c376505ad
SSDEEP

1536:meQnWtIbd7q9yRqfD9Bec9eQf6aeS1TLM5ECvTy7l7Ewq:9QWt81m9Beeeq6ae15TvTyB7E

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76ac0aa6bcb322e5c04f2966da76be4c

Files

76ac0aa6bcb322e5c04f2966da76be4c
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ServiceMain

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE