gh0strat | d45dc59485f763b836905124987f61d1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d45dc59485f763b836905124987f61d1
Size

330KB
MD5

d45dc59485f763b836905124987f61d1
SHA1

a7d4b07da03704e091f62e2b8b82318ad85f14d2
SHA256

c39589a15666ecb8acf34cd65cb99bc99e777b81961c60ced32680c2219c8aa1
SHA512

b28bcf9da033b1d5c08427c6628761d24394033f924dc109c7cf708d9144582b7488bd981ab132ed3eff16b178432cf1f091c0346082e79395792e3f275ff667
SSDEEP

6144:y3JVGpxx9b3wZuwt4GHeqoXcMJHysfu8Su5FH+0SMyojH6Zbd1C+3VT6j3O:oJI3L3+0TzcMXdFeN2HEd1Cghj

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d45dc59485f763b836905124987f61d1

Files

d45dc59485f763b836905124987f61d1
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

..
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yvs
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE