gh0strat | c7181d4fcf8ba83dac86fb8174224b86

Sharing

Copy URL Twitter E-mail

General

Target

c7181d4fcf8ba83dac86fb8174224b86
Size

79KB
MD5

c7181d4fcf8ba83dac86fb8174224b86
SHA1

5b3dd1ce873da437d2c32476ac0ebc14c9cc4bc5
SHA256

edce70c9ed8308930da0f31dce334b903fadb1a2f6e368f245f23b581029f599
SHA512

9ac01473701f9f4c57e4ecdd49c3deb8486b268ba0981e1289892363ce85d7048707a7f3195f09e218545b970ba20e5a6a775190d323d86e771017748eeaaf09
SSDEEP

1536:zSB/AO9NchVSk16cpeefaHMz74bxewmISMO:zStNcXSk162eYaHMnwewmISJ

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7181d4fcf8ba83dac86fb8174224b86

Files

c7181d4fcf8ba83dac86fb8174224b86
.dll windows:4 windows x86 arch:x86

7d825a2c3a995fd20a9f0c4314c3a15c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
HeapAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
GetLogicalDrives
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExA
ReleaseMutex
OpenEventA
SetErrorMode
CreateMutexA
SetUnhandledExceptionFilter
FreeConsole
LocalSize
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
DeleteCriticalSection
VirtualAllocEx
WriteProcessMemory
HeapFree
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
InterlockedExchange
CancelIo
Sleep
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
lstrcpyA
lstrlenA
CreateProcessA
lstrcatA
InitializeCriticalSection
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
GetModuleFileNameA
GetCurrentProcess
GetSystemDirectoryA
GetTickCount
MoveFileExA
TerminateThread
OpenProcess
LoadLibraryA
GetProcAddress
CreateRemoteThread
FreeLibrary
SetLastError

user32

GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
EnumWindows
GetWindowTextA
IsWindowVisible
GetWindowThreadProcessId
CloseWindow
IsWindow
OpenDesktopA
SetProcessWindowStation
GetCursorPos
GetCursorInfo
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
CharNextA
OpenWindowStationA
PostMessageA
GetProcessWindowStation
ExitWindowsEx
wsprintfA
CreateWindowExA
LoadCursorA
DestroyCursor
BlockInput
SystemParametersInfoA
SendMessageA
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
SetClipboardData
CloseClipboard

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey

shell32

SHGetFileInfoA

shlwapi

SHDeleteKeyA

msvcrt

strrchr
strncpy
strncat
strchr
realloc
_CxxThrowException
atoi
_except_handler3
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
malloc
free
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
ceil
_strcmpi
memmove
wcstombs
??3@YAXPAX@Z
_strnicmp
atol

wtsapi32

WTSQueryUserToken

ws2_32

recv
select
closesocket
gethostbyname
send
gethostname
getsockname
socket
htons
connect
setsockopt
WSACleanup
WSAStartup
WSAIoctl

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

ICSeqCompressFrame

psapi

EnumProcessModules
GetModuleFileNameExA

Exports

Exports

MutiHack

Sections

.Muti
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d825a2c3a995fd20a9f0c4314c3a15c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

wtsapi32

ws2_32

msvcp60

wininet

avicap32

msvfw32

psapi

Exports

Exports

Sections

.Muti Size: 21KB - Virtual size: 21KB

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 3KB - Virtual size: 3KB

.Muti
Size: 21KB - Virtual size: 21KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 3KB - Virtual size: 3KB