gh0strat | 8f41c8fdd524c3ef75f760a020c36aca

General

Target

8f41c8fdd524c3ef75f760a020c36aca
Size

129KB
MD5

8f41c8fdd524c3ef75f760a020c36aca
SHA1

a62d4ba67a87cb42a0bf62473e472c2e4af1b187
SHA256

543c7853f595f7f1da074b867f5caf6173e5d4c5ab54f91a09d839a33f1cce3a
SHA512

e0332c282a1c7c76f9f07b8a2fa5533a528c7530652d4063ba9db9409fac9a35225c1745009e17c8a4cf714d39dcccf85e5f43f44a0b2321355833c8035a38aa
SSDEEP

3072:NkTm7chIeM5QsgLsGKEACLbKtYTzq8Sa1eYfNjWHmtHb:qmKIeQpCKO/k6qPFYfNjt

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f41c8fdd524c3ef75f760a020c36aca

Files

8f41c8fdd524c3ef75f760a020c36aca
.exe windows:4 windows x86 arch:x86

897e91a3bb02b0cec2bfdf63d26f687b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetFilePointer
GetModuleFileNameA
GetModuleHandleA
SetUnhandledExceptionFilter
ReleaseMutex
GetCommandLineA
SetFileAttributesA
Sleep
CreateThread
GetCurrentThreadId
GetSystemDirectoryA
lstrcatA
GetLastError
SetLastError
lstrcpyA
LoadResource
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SizeofResource
GetProcAddress
WriteFile
lstrlenA
FreeResource
Process32First
Process32Next
lstrcmpiA
lstrcmpiW
ExitProcess
LoadLibraryA
CreateMutexA
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
GetStartupInfoA

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

msvcrt

_except_handler3
??3@YAXPAX@Z
printf
rand
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
malloc
realloc
__CxxFrameHandler
strchr
??2@YAPAXI@Z
strtok
_strcmpi
_strrev

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

897e91a3bb02b0cec2bfdf63d26f687b

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 118KB - Virtual size: 117KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 118KB - Virtual size: 117KB