gh0strat | df0d019d28e898d79bc0856792fe1f72 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df0d019d28e898d79bc0856792fe1f72
Size

155KB
MD5

df0d019d28e898d79bc0856792fe1f72
SHA1

e7216bc366bc67b567dc341a64e4341d10d11703
SHA256

1f0dca0807e591bd65dd62f975e91fea9b294e76b5f82d6b536677acf570e67c
SHA512

aa1fa37a5079195ad85de0341fbc8997e417fd4debe816a8824a6e27c68691cf7cc77b5b959bf51e8c2a10717788ac959d320d530c79a3622d1a4f593ade713f
SSDEEP

3072:MORtKm6tPvjUosLefKycXI/vthPscTBftp5pnVP3W:NRz6t1sLeCDI//PscTBlpjnN3W

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df0d019d28e898d79bc0856792fe1f72

Files

df0d019d28e898d79bc0856792fe1f72
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPGetCaps
NPGetConnection
NPGetResourceInformation
ServiceMain

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE