gh0strat | c32d1bad945741fde270fb69400c1a80 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c32d1bad945741fde270fb69400c1a80
Size

152KB
MD5

c32d1bad945741fde270fb69400c1a80
SHA1

9681d5c90b63a52c87c11f5523609b3be55727ce
SHA256

e9e6f628df89efb56d38a2a26ef2d1208ecdcce7f9251954ccc46bef33da217d
SHA512

df194dbca5b1cd6ecab29c72a8d1e9beae12f309f1fd5e5e22d34bbfdc403b6a648aafc12e0363bcecc4c6574a958aa2cad5fb71a05c8e4ef9258d5fa222b425
SSDEEP

3072:Fhbc+VA7YXAg3qr5lXK4lKR578JvdJ8h+OTBft3fXnOgW8n:XqwAKj4C578Jvdw+OTBl3fXnOg

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c32d1bad945741fde270fb69400c1a80

Files

c32d1bad945741fde270fb69400c1a80
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CLSID_CfgComp
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IID_ICfgComp

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ