gh0strat | ca18f519db12bb3291d96f9acdb9cb3d

Sharing

Copy URL

Twitter E-mail

General

Target

ca18f519db12bb3291d96f9acdb9cb3d
Size

153KB
MD5

ca18f519db12bb3291d96f9acdb9cb3d
SHA1

be38cd7494591911cd757c014dd60db2f63cad99
SHA256

5cbd35bcaf678d7f516b2429ed7ce6221f7fbacce57b812780a7dd3f9bb32e2e
SHA512

55b93afc201af28a5f64b4cc6d6b63187dca323925cb362d8b69c29b4c59419db2589dbdfb5f39ef3fe9d93094d5c74933d7d42e6d7a31bd740eb4e7efbed2aa
SSDEEP

3072:aKXaEtJmw3fe/YEMFVFAJZv0v2opFTBftxvkKJemUQxUa7:9htjewEMf9v2opFTBlxvkZxa7

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca18f519db12bb3291d96f9acdb9cb3d

Files

ca18f519db12bb3291d96f9acdb9cb3d
.dll windows:4 windows x86 arch:x86

e0e7f0f7c3b773b35d4fb6a72192005d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
VirtualAlloc
GetTickCount
CloseHandle
ExitProcess
lstrcatA
lstrlenA
lstrcpyA
GetSystemDirectoryA
Sleep
GetExitCodeProcess
InterlockedExchange
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetLocalTime
HeapFree
GetProcessHeap
MapViewOfFile
GetLastError
CreateFileMappingA
GetShortPathNameA
HeapAlloc
LocalFree
LocalAlloc
InterlockedDecrement
InterlockedIncrement
lstrcmpiA
GetVersionExA
GetCurrentThreadId
GetProcAddress
VirtualFree
GetModuleHandleA
LocalReAlloc
LocalSize
ExpandEnvironmentStringsA
VirtualQuery
GetCurrentProcessId
lstrcmpA
VirtualProtect
MultiByteToWideChar
SetEnvironmentVariableA
GetTempPathA
GetLongPathNameA
GetModuleFileNameA
WideCharToMultiByte
GetCurrentProcess
GetSystemInfo
GetProcessTimes
GlobalMemoryStatusEx
FreeLibrary
DeleteFileA
RemoveDirectoryA
ExitThread
IsBadReadPtr
IsBadStringPtrW
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
SetUnhandledExceptionFilter
FormatMessageA
IsBadWritePtr
RaiseException
GetTempFileNameA
InitializeCriticalSection
LoadLibraryA

user32

MessageBoxA
GetClassNameA
wvsprintfA
CloseWindowStation
GetCursorInfo
DestroyCursor
LoadCursorA
DestroyWindow
CreateWindowExA
GetWindowRect
ShowWindow
wsprintfA
GetWindow

advapi32

RegOpenKeyExW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
_wcsicmp
_strupr
_memicmp
_strlwr
wcsrchr
??3@YAXPAX@Z
memmove
ceil
_ftol
strstr
__CxxFrameHandler
??2@YAPAXI@Z
_except_handler3
_beginthreadex
strrchr
malloc
strncpy
free
rand
srand
strchr
strncat
_CxxThrowException
realloc
wcslen
atoi
wcstombs

Exports

Exports

CpyCommon

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0e7f0f7c3b773b35d4fb6a72192005d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB