gh0strat | 8ea094b5c688536971a905ec7193d297

Sharing

Copy URL

Twitter E-mail

General

Target

8ea094b5c688536971a905ec7193d297
Size

127KB
MD5

8ea094b5c688536971a905ec7193d297
SHA1

1f7f532d39ac6e7e5e0dcee938b5c6aaf073929e
SHA256

15a236188d5665b031468bc4541bc2e59df619e839cc7d9d566d30672a41defa
SHA512

71eb2122103594ee42885702485438323b04c90d1203f1789833983646ed6df05466cb32a7d21a623c8f9b5c7f3fd46a58b12d036028218b3c18e31c57d3cdf2
SSDEEP

3072:tmEVWAvDpiLiZ10R3D8eyAgUERuHrz7w8xyb3r6tljpeOv3ovH:8EJULiZ1CgEgUUz+yb3rijp2v

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ea094b5c688536971a905ec7193d297

Files

8ea094b5c688536971a905ec7193d297
.exe windows:4 windows x86 arch:x86

268f6557c13386aebec4127a55018573

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
FreeLibrary
GetTickCount
GetTempPathA
WriteFile
SetFilePointer
CreateFileA
WritePrivateProfileStringA
TerminateThread
OutputDebugStringA
GetCurrentProcess
SetFileAttributesA
GetModuleFileNameA
DeleteFileA
CreateProcessA
GetProcAddress
CancelIo
GetPrivateProfileStringA
GetVersionExA
GetSystemDefaultUILanguage
ReleaseMutex
OpenEventA
SetErrorMode
GetLastError
CreateMutexA
SetUnhandledExceptionFilter
SetThreadPriority
CreateThread
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
LoadLibraryA
InitializeCriticalSection
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
InterlockedIncrement
InterlockedDecrement
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
RtlUnwind
RaiseException
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
TlsAlloc
SetLastError
HeapReAlloc
HeapSize
UnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

wsprintfA
MessageBoxA
ExitWindowsEx

advapi32

RegQueryValueExA
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
DeleteService
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

shell32

ShellExecuteA

ws2_32

inet_addr
send
select
recv
inet_ntoa
socket
gethostbyname
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup
sendto
WSASocketA
htonl
gethostname
ntohs
closesocket

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

268f6557c13386aebec4127a55018573

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wininet

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 20KB - Virtual size: 30KB

.rsrc Size: 6KB - Virtual size: 8KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 30KB

.rsrc
Size: 6KB - Virtual size: 8KB