gh0strat | b850192b3ecd25a5cb47b50a71738ce779703f8ff4e7f75c39210673e5b3f7b1

General

Target

b850192b3ecd25a5cb47b50a71738ce779703f8ff4e7f75c39210673e5b3f7b1
Size

105KB
MD5

fcb0f9a8c5027a2bda1a71e1a6758987
SHA1

1c4b67606c225266eda962eafe821f16f6dc132d
SHA256

b850192b3ecd25a5cb47b50a71738ce779703f8ff4e7f75c39210673e5b3f7b1
SHA512

846e53626389b09df40ddcc99f3d1febc54c3b1aa7736e9c3f5fa3df661cba817362bf581338f5ca9f4215fecca6c18e51250a295c2625a33f51ab5395705352
SSDEEP

3072:5TpjklGzFSxLvZ2rCFAUbsM9A8z3Wb70VgVPcql9:5TpglGzFSxLv8rCFBvpz3WbDeS9

Score

10^/10

gh0strat

Gh0st RAT payload 1 IoCs

resource	yara_rule
static1/unpack001/92d1eada419273a87ee66170826f94aab7af63a521bdfc20273620a5bb9e012b.exe	family_gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/92d1eada419273a87ee66170826f94aab7af63a521bdfc20273620a5bb9e012b.exe

b850192b3ecd25a5cb47b50a71738ce779703f8ff4e7f75c39210673e5b3f7b1
.zip

Password: infected
92d1eada419273a87ee66170826f94aab7af63a521bdfc20273620a5bb9e012b.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

NewSec
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

NewSec
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE