gh0strat | b9faa5c7e0aa79a29a7e5d04d1d03883 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b9faa5c7e0aa79a29a7e5d04d1d03883
Size

152KB
MD5

b9faa5c7e0aa79a29a7e5d04d1d03883
SHA1

49e75b454c1b33b23239869b30a205bd9241a1ec
SHA256

e7962fdf5580f0ac8d31ca6ed7bdb5644981aa624c598b783e30af87c3120301
SHA512

407169ad9b633f6d436f92426b9b9fc3b5c02bdc9408ae0199556fedbb7e50208dcb1401f8777ad35ab60cddd2fe1bdfc27ec706af897971f54428ca5e0600e8
SSDEEP

3072:ZZA5ndDwS+IzgFAJgsB5UbfEYBOQMTBft14DngIUl+/r:LA5F+H6tAXOQMTBl1YnNj

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9faa5c7e0aa79a29a7e5d04d1d03883

Files

b9faa5c7e0aa79a29a7e5d04d1d03883
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?AddLDMObjMapEntry@CDataCache@@QAEXPAU_LDM_OBJ_MAP_ENTRY@@@Z
?GetBottomViewStyle@CDMSnapin@@QAEHXZ
?GetDiskCount@CDataCache@@QAEKXZ
?GetDiskScaling@CDMSnapin@@QAEHXZ
?GetFilterToggle@CDMSnapin@@QAEHXZ
?GetLdmObjectId@CDMNodeObj@@QAE_JXZ
?GetListBehavior@CDMSnapin@@QAEHXZ
?GetNumMembers@CDMNodeObj@@QAEKXZ
?GetOcxFrameCWndPtr@CTaskData@@QAEPAVCWnd@@XZ
?GetRegionColorStructPtr@CTaskData@@QAEXPAPAU_REGION_COLORS@@AAH@Z
?GetRegionScaling@CDMSnapin@@QAEHXZ
?GetServerName
?GetTopViewStyle@CDMSnapin@@QAEHXZ
?GetVolumeCount@CDataCache@@QAEKXZ
?GetWaitCursor

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ