gh0strat | ac4b5edc4ee92145701938920bc40531 | Triage

Sharing

General

Target

ac4b5edc4ee92145701938920bc40531
Size

129KB
MD5

ac4b5edc4ee92145701938920bc40531
SHA1

7593862f35b0000837d53079ddc5ec3425a96099
SHA256

e8d69e6c20b454e8e353cd4121ce47e8f6afea17e0a511b4ec513712d32f1ae9
SHA512

f3ca71ff11f420bf41eb6ffc98632a3fe0adfbb8f71b24e773908ea14579e9ec45a705bbc6b104c924703ff3016cc56cee44d9dee598e34b1dbe17bda4c0fd17
SSDEEP

3072:mZe7Govj847mvEqgiGXPp8xOF+jaeQ7PKSwAZB0JGBnhzq4r6K/fi:mZe7Govj8qmvEjzGTJQTxfB0JGBhe4rg

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac4b5edc4ee92145701938920bc40531

Files

ac4b5edc4ee92145701938920bc40531
.exe windows:4 windows x86 arch:x86

5a608c60b5b05d39cd6f913518e6dc87

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetCommandLineA
Sleep
SetUnhandledExceptionFilter
GetModuleFileNameA
GetCurrentThreadId
GetTempPathA
ExpandEnvironmentStringsA
lstrcatA
GetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
SetLastError
lstrlenA
lstrcpyA
ExitProcess
GetModuleHandleA

user32

GetMessageA
wsprintfA
GetInputState
PostThreadMessageA

advapi32

OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA

shell32

ShellExecuteA

msvcrt

_exit
_strrev
_controlfp
??2@YAPAXI@Z
fclose
fwrite
fopen
__CxxFrameHandler
_CxxThrowException
strstr
_except_handler3
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ