gh0strat | cc5895f46ed676d757f52950182eee03

General

Target

cc5895f46ed676d757f52950182eee03
Size

109KB
MD5

cc5895f46ed676d757f52950182eee03
SHA1

1695b565dcf9c278c927d9a7ace6a3b9f2859727
SHA256

529f7bb1f5570a2761f7305fb6aa465cecf62d75b88abf306dde596862b6f891
SHA512

6bc86b29670b4856d4dc19b14887f2b019fece611015ef28501e57893fc2520133c1a5fed99cb57a71297dba693aecf04fc5cbd3d25c5365b7ef26eb33c7c92d
SSDEEP

3072:MoDSldRO3vr/Ap5+9z3BIufG116C3gjd:3Hj/Abi32qG1kC3g

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc5895f46ed676d757f52950182eee03

Files

cc5895f46ed676d757f52950182eee03
.exe windows:4 windows x86 arch:x86

9269749c5f5e740b4cbdeddcb6605302

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
CreateFileA
LoadResource
FindResourceA
lstrcatA
GetTempPathA
GetFileAttributesA
GetSystemDirectoryA
Sleep
lstrlenA
LocalFileTimeToFileTime
SetUnhandledExceptionFilter
ReleaseMutex
GetLastError
CreateMutexA
GetCommandLineA
RtlUnwind
GetStringTypeW
GetStringTypeA
SetFileTime
SizeofResource
WriteFile
CloseHandle
MoveFileA
SetFileAttributesA
DeleteFileA
ExitProcess
GetModuleFileNameA
OutputDebugStringA
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

LoadIconA
EnumWindows
GetClassNameA
SetWindowPos

advapi32

OpenServiceA
CloseServiceHandle
ChangeServiceConfigA
ControlService
StartServiceA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenSCManagerA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 784B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9269749c5f5e740b4cbdeddcb6605302

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 256B - Virtual size: 252B

.data Size: 1KB - Virtual size: 1KB

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 100KB - Virtual size: 100KB

.reloc Size: 784B - Virtual size: 784B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 256B - Virtual size: 252B

.data
Size: 1KB - Virtual size: 1KB

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 784B - Virtual size: 784B