gh0strat | b4db6ecea62cddde46045858e31deeb5

General

Target

b4db6ecea62cddde46045858e31deeb5
Size

174KB
MD5

b4db6ecea62cddde46045858e31deeb5
SHA1

a5c44b8df09c6237877f205bbb7da7780fc0c5a0
SHA256

5ae78e2a225f1bb0f472410bd048ba99a3abcdb884ac1bcbd5e3e93e35e8c691
SHA512

cd2c9fafe1a89e372680d07596599185ef1785327c3fc0b65c45291b1bf50786823d74dabf69bac9b044ee604c3ea576c40deec7527163f9d62bce7b01b8b142
SSDEEP

3072:cwPf4hRZIFjGq21LWL9eTqW+y69tJeOv3TDR7wPf4hRZIFjGq21LWL9eTqW+y69L:NPghRaWWxs69tJJ1EPghRaWWxs69tJJ1

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4db6ecea62cddde46045858e31deeb5

Files

b4db6ecea62cddde46045858e31deeb5
.exe windows:4 windows x86 arch:x86

4787cd63529b0ad601afe6815196f583

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetTickCount
GetTempPathA
CopyFileA
GetCommandLineA
GetLastError
GetCurrentProcess
CloseHandle
WriteFile
CreateFileA
GlobalFree
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
SetPriorityClass
GetCurrentThread
SetThreadPriority
ResumeThread
Sleep
GetSystemDirectoryA
OutputDebugStringA
CreateProcessA
lstrlenA
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
GetSystemWindowsDirectoryA
SetFileAttributesA
GetStartupInfoA

advapi32

RegisterServiceCtrlHandlerA
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegQueryValueExA
StartServiceCtrlDispatcherA
RegCreateKeyA
RegOpenKeyExA
SetServiceStatus
RegOpenKeyA
RegDeleteValueA
RegSetValueExA
RegCloseKey

mfc42

ord924
ord537
ord941
ord535
ord800

msvcrt

__dllonexit
_onexit
_exit
_XcptFilter
__CxxFrameHandler
__getmainargs
_except_handler3
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strncmp
strstr
exit
_initterm
sprintf
_acmdln

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

Sections

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4787cd63529b0ad601afe6815196f583

Headers

File Characteristics

Imports

kernel32

advapi32

mfc42

msvcrt

msvcp60

Sections

.data Size: 9KB - Virtual size: 8KB

.rsrc Size: 76KB - Virtual size: 76KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 76KB - Virtual size: 76KB