gh0strat | 02090853da1858d055aee9db763a7f5ee59987e90f69850533bb145e83d39e87

General

Target

02090853da1858d055aee9db763a7f5ee59987e90f69850533bb145e83d39e87
Size

122KB
MD5

99734ebb954e01e96c83744090a51173
SHA1

5d8c40003eecf74dced0a5cd4385f52eb10e974a
SHA256

02090853da1858d055aee9db763a7f5ee59987e90f69850533bb145e83d39e87
SHA512

40f69c5b94b85433979ee84a3a024d0ad9bbab4ffe61b1f5d58ac1ed8dbd7f550be84d41a2aaef242360c7496e1f836017734402b669db014df833f1241b006f
SSDEEP

3072:RozVFkyq1PK3hbyIbH9TgbkyWRN95q2v2qtQob638MB:qzVFkyq1CxbyWGgxNTPvVtQc63/

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02090853da1858d055aee9db763a7f5ee59987e90f69850533bb145e83d39e87

Files

02090853da1858d055aee9db763a7f5ee59987e90f69850533bb145e83d39e87
.exe windows:4 windows x86 arch:x86

c825e7954e8429cd1189c037a5a33bca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_CxxThrowException
__CxxFrameHandler
??2@YAPAXI@Z
strstr
??3@YAXPAX@Z
strchr
malloc
realloc
_except_handler3

netapi32

NetApiBufferFree
NetUserGetLocalGroups

kernel32

SetFileAttributesA
InterlockedExchange
LocalAlloc
GlobalAlloc
LockResource
GlobalFree
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
LoadLibraryA
FreeLibrary
SetLastError
lstrcmpiA
GetTempPathA
GetTickCount
FindResourceA
LoadResource
CreateFileA
SizeofResource
WriteFile
FreeResource
MoveFileA
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoA
HeapFree
GetProcAddress
GetModuleHandleA
HeapAlloc
GetProcessHeap
GetLastError
lstrcatA
ExitProcess
lstrlenA
SetUnhandledExceptionFilter
Sleep
CopyFileA
GetSystemDirectoryA
GetCurrentThreadId
GetFileAttributesA
CloseHandle
ReleaseMutex
CreateMutexA
FindClose
WinExec
lstrcpyA
FindFirstFileA
GetModuleFileNameA
GetCommandLineA
OutputDebugStringA
RaiseException

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c825e7954e8429cd1189c037a5a33bca

Headers

File Characteristics

Imports

msvcrt

netapi32

kernel32

Sections

.text Size: 12KB - Virtual size: 12KB

.rsrc Size: 108KB - Virtual size: 112KB

.text
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 108KB - Virtual size: 112KB