gh0strat | d5732264fc942d8c7892c8b184198acc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5732264fc942d8c7892c8b184198acc
Size

172KB
MD5

d5732264fc942d8c7892c8b184198acc
SHA1

172b5050954f05d2e7cd19e6fb339ea8bef6fbd3
SHA256

44d4033bc57dbb4b45e9d2b20cc98debbf433687ee4fd89c5778e9eb9b1460d0
SHA512

0f1e89c1dc95f08e80c211d639ec7402223800189db7a49e2fe6546580ad74362ec1fd7b4e9748d379438a32e00fcab5ee9db35d279b5aa284b9d0bdc200e729
SSDEEP

3072:ryR1/6WOIJxNy2PU5khnfbe1Yxy9SbZA2JvoTcV0Uvc:2R1/S2sa1a1IwSZA26Twe

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5732264fc942d8c7892c8b184198acc

Files

d5732264fc942d8c7892c8b184198acc
.exe windows:4 windows x86 arch:x86

7f686e7c0ace8018f8cd5779c88c8c42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
CloseHandle
CreateEventA
LoadResource
WriteFile
CreateFileA
LockResource
SizeofResource
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleA
GetStartupInfoA

advapi32

ControlService
RegCreateKeyExA
RegOpenKeyA
ChangeServiceConfigA

msvcrt

rand
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
sprintf
srand
_strrev

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ