gh0strat | 9b417aae152615711efcd2ec14e9c902

Sharing

Copy URL Twitter E-mail

General

Target

9b417aae152615711efcd2ec14e9c902
Size

153KB
MD5

9b417aae152615711efcd2ec14e9c902
SHA1

fca40a7b47ee2abe02963fb7631325d7bed925fa
SHA256

e4759626cf58c7a4a50e8c85f9862446b8221eecbf8b4da5293bf10115c6b184
SHA512

37a0e6045d415603d7b1fa4c27d4ebcc77a37a4179543a533c34c96a3c19ad3849d80da083d385e511a409b69aaa5790a484c7fd49cb8d42171652b5748ed50b
SSDEEP

3072:gahxnQrlFo2u1mjBiUcU71dD0y7PX9wddycq:gyxnQrly/KBzFnD0y7PX9wddM

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b417aae152615711efcd2ec14e9c902

Files

9b417aae152615711efcd2ec14e9c902
.exe windows:4 windows x86 arch:x86

79e9a12f3bd6de6b7152f84dec15c41b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
GetWindowsDirectoryA
GetTempPathA
GetLastError
lstrcatA
GetCurrentProcess
DeleteFileA
CopyFileA
MoveFileExA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
ExitProcess
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
CreateRemoteThread
GetVersion
MultiByteToWideChar
MoveFileA
lstrlenA
SizeofResource
SetFileTime
LoadResource
GetTickCount
lstrcmpiA
SetLastError
ReadFile
SetFilePointer
WideCharToMultiByte
FreeResource
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileA
SetUnhandledExceptionFilter
Sleep
WinExec
GetCurrentThreadId
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA
GetModuleHandleA

msvcrt

??3@YAXPAX@Z
strncmp
strtoul
isdigit
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strtok
strchr
malloc
realloc
_except_handler3
_strrev
_strnset
_strlwr
_stricmp

Sections

7
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

9
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

00000000
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

000000
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79e9a12f3bd6de6b7152f84dec15c41b

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

7 Size: 2KB - Virtual size: 2KB

9 Size: 9KB - Virtual size: 9KB

00000000 Size: 2KB - Virtual size: 1KB

000000 Size: 4KB - Virtual size: 3KB

0000 Size: 2KB - Virtual size: 1KB

.rsrc Size: 132KB - Virtual size: 132KB

7
Size: 2KB - Virtual size: 2KB

9
Size: 9KB - Virtual size: 9KB

00000000
Size: 2KB - Virtual size: 1KB

000000
Size: 4KB - Virtual size: 3KB

0000
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 132KB - Virtual size: 132KB