gh0strat | ab29c757d33926666e100616d1c7c4c0 | Triage

Sharing

General

Target

ab29c757d33926666e100616d1c7c4c0
Size

116KB
MD5

ab29c757d33926666e100616d1c7c4c0
SHA1

c738819e060055d37883f31d873432abdf0bb6d7
SHA256

9f9441445790e2b9c7a17b3664a2c11edcf65e711dc633b0387564683d127948
SHA512

1e9e8e77a325b1463ecb04e94a0d41263a904336270beee9d68b2eeb7d7336f857284b3237ca438ded81c5e43509d2d913dd9e95f10ba180905a65d1678b729d
SSDEEP

3072:lb8oq/FWQDxX9Rf/bUH9B18vrsKoks4KOxqodjIezi:lgoJexrS9j0YKTs4KOx3jIezi

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab29c757d33926666e100616d1c7c4c0

Files

ab29c757d33926666e100616d1c7c4c0
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaskPE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ