gh0strat | ac861998a491fc3e1233079188e1d094

General

Target

ac861998a491fc3e1233079188e1d094
Size

146KB
MD5

ac861998a491fc3e1233079188e1d094
SHA1

6ae24576590942854d17e11eab3c913b64fe5823
SHA256

79e9acd6aedad633956a2765774b53cb8aa088f271beeac8090e80170ced30d2
SHA512

355b598930f85b1ab339b2b70cfb5530b1f9c67608fa0d32382b37c558b35c0f6d55b3e4fccd2733068af60eec33b6e4b9c221e65a13c42969b8e6d079751461
SSDEEP

3072:tn3QYcyQHjqZnpzS2E1uGQZJfScxj9Nq27tG4+LdNNogLdlBKAb:tnAYcyQHjgnpG2E1wh7jvf7tGtLd7ogP

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac861998a491fc3e1233079188e1d094

Files

ac861998a491fc3e1233079188e1d094
.exe windows:4 windows x86 arch:x86

9551a2daeeae852921ed124850596ac0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetProcAddress
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetLastError
lstrcatA
ExitProcess
CloseHandle
SetFileTime
WriteFile
CreateFileA
GetWindowsDirectoryA
LoadResource
SizeofResource
FindResourceA
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryA
DeleteFileA
SetFileAttributesA
MoveFileA
FreeResource
lstrlenA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetTickCount
GetTempPathA
lstrcpyA
lstrcmpiA
SetLastError
GetFileAttributesA
lstrcmpA
Sleep
FreeLibrary
LoadLibraryA
ReadFile
SetFilePointer
GetModuleFileNameA
GetLocalTime
SetUnhandledExceptionFilter
ReleaseMutex
CreateMutexA
GetCommandLineA
GetCurrentThreadId
GetStartupInfoA
RaiseException
InterlockedExchange
LocalAlloc

shell32

ShellExecuteA
SHFileOperationA

msvcrt

malloc
strchr
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
strstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
realloc
_except_handler3

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9551a2daeeae852921ed124850596ac0

Headers

File Characteristics

Imports

kernel32

shell32

msvcrt

Sections

.text Size: 16KB - Virtual size: 15KB

.rsrc Size: 128KB - Virtual size: 132KB

.text
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 128KB - Virtual size: 132KB